mlot / nanopb

Automatically exported from code.google.com/p/nanopb
zlib License
0 stars 0 forks source link

Memory leak when using struct that contains struct that has dynamic allocated field #138

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Define Struct that contains dynamic allocated field
2.Add this struct as field in another struct
3.Use pb_decode on the second struct and then pb_release

What is the expected output? What do you see instead?
pb_release should free the allocated field of the inner struct and it doesn't

What version of the product are you using? On what operating system?
Nanopb 0.3.1 version

Please provide any additional information below.
We've added fix to this bug.
New pb_release function:

void pb_release(const pb_field_t fields[], void *dest_struct)
{
    pb_field_iter_t iter;
    pb_type_t type;

    if (!pb_field_iter_begin(&iter, fields, dest_struct))
        return; /* Empty message type */

    do
    {
            //Sansa Security fix
            //If the struct has submessage, there maybe allocated field in it, that should be free
        type = iter.pos->type;
        if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE)
        {
            void *pItem = (void*)(iter.pData);
            pb_release((const pb_field_t*)iter.pos->ptr, pItem);
        }
        pb_release_single_field(&iter);
    } while (pb_field_iter_next(&iter));
}

The fix is also in clone: jenia0881-nanopb

Original issue reported on code.google.com by jenia0...@gmail.com on 25 Dec 2014 at 12:20

GoogleCodeExporter commented 9 years ago
The release of the submessage is already done inside pb_release_single_field():
https://code.google.com/p/nanopb/source/browse/pb_decode.c#910
Also it is covered by 'alltypes_pointer' test case.

Can you provide a compilable source code that displays this problem?
How have you detected the memory leak?

Original comment by Petteri.Aimonen on 25 Dec 2014 at 6:38

GoogleCodeExporter commented 9 years ago
Ah, yeah, now I see the bug. Occurs when there is a statically allocated 
submessage that contains dynamic fields.

Thanks for the report.

Original comment by Petteri.Aimonen on 25 Dec 2014 at 7:05

GoogleCodeExporter commented 9 years ago
This issue was updated by revision 88b2efe0477f.

Original comment by Petteri.Aimonen on 26 Dec 2014 at 10:03

GoogleCodeExporter commented 9 years ago
Fixed now, also for extension fields and repeated arrays.

Fix backported to 0.2.9.x maintenance series also.

Original comment by Petteri.Aimonen on 26 Dec 2014 at 10:04

GoogleCodeExporter commented 9 years ago
Fix released in nanopb-0.3.2.

Original comment by Petteri.Aimonen on 24 Jan 2015 at 3:53