[PATCH] conf: fix memory leaks in parse_def()

Sebastian Berger sebastian.berger at mailbox.org
Mon Jan 31 23:29:07 CET 2022


For all execution paths in parse_def(), free the id string before returning.

Previous implementations fail to do this if the configuration:

    (1) tries to reference the child of a non-compound node, or
    (2) does not provide a valid argument after an assignment ('=') operator.

For example, the invocations:

    (1) snd_config_load_string(&conf, "foo 0 foo.a 1", 0)
    (2) snd_config_load_string(&conf, "bar =", 0)

would leak the strings "foo" or "bar", respectively.

Signed-off-by: Sebastian Berger <sebastian.berger at mailbox.org>
---
 src/conf.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/conf.c b/src/conf.c
index 70f0e773..8a09505b 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1403,7 +1403,8 @@ static int parse_def(snd_config_t *parent, input_t *input, int skip, int overrid
 			if (mode != OVERRIDE) {
 				if (n->type != SND_CONFIG_TYPE_COMPOUND) {
 					SNDERR("%s is not a compound", id);
-					return -EINVAL;
+					err = -EINVAL;
+					goto __end;
 				}
 				n->u.compound.join = true;
 				parent = n;
@@ -1425,8 +1426,10 @@ static int parse_def(snd_config_t *parent, input_t *input, int skip, int overrid
 	}
 	if (c == '=') {
 		c = get_nonwhite(input);
-		if (c < 0)
-			return c;
+		if (c < 0) {
+			err = c;
+			goto __end;
+		}
 	}
 	if (!skip) {
 		if (_snd_config_search(parent, id, -1, &n) == 0) {
-- 
2.35.1



More information about the Alsa-devel mailing list