From 2ec2aec96f06c5160fea68157c05f30269748490 Mon Sep 17 00:00:00 2001 From: Long Yunjian Date: Thu, 19 Jun 2025 14:51:20 +0800 Subject: [PATCH] Fix memory leak Signed-off-by: Long Yunjian --- sshfs.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/sshfs.c b/sshfs.c index 676fd586..dbe3d3a4 100644 --- a/sshfs.c +++ b/sshfs.c @@ -1441,23 +1441,25 @@ static int do_read(struct conn *conn, struct buffer *buf) static int sftp_read(struct conn *conn, uint8_t *type, struct buffer *buf) { - int res; + int res = -1; struct buffer buf2; uint32_t len; buf_init(&buf2, 5); res = do_read(conn, &buf2); if (res != -1) { if (buf_get_uint32(&buf2, &len) == -1) - return -1; + goto out; if (len > MAX_REPLY_LEN) { fprintf(stderr, "reply len too large: %u\n", len); - return -1; + goto out; } if (buf_get_uint8(&buf2, type) == -1) - return -1; + goto out; buf_init(buf, len - 1); res = do_read(conn, buf); } + +out: buf_free(&buf2); return res; } @@ -1530,10 +1532,15 @@ static int process_one_request(struct conn *conn) buf_init(&buf, 0); res = sftp_read(conn, &type, &buf); - if (res == -1) + if (res == -1) { + if (buf.p) + buf_free(&buf); return -1; - if (buf_get_uint32(&buf, &id) == -1) + } + if (buf_get_uint32(&buf, &id) == -1) { + buf_free(&buf); return -1; + } pthread_mutex_lock(&sshfs.lock); req = (struct request *) @@ -2278,6 +2285,7 @@ static int sftp_readdir_async(struct conn *conn, struct buffer *handle, struct buffer name; int tmperr; + buf_init(&name, 0); while (!done && outstanding < max) { tmperr = sftp_readdir_send(conn, &req, handle); @@ -2325,6 +2333,7 @@ static int sftp_readdir_async(struct conn *conn, struct buffer *handle, if (!done) { err = buf_get_entries(&name, buf, filler); buf_free(&name); + name.p = NULL; /* increase number of outstanding requests */ if (max < READDIR_MAX) @@ -2334,6 +2343,8 @@ static int sftp_readdir_async(struct conn *conn, struct buffer *handle, done = 1; } } + if (name.p) + buf_free(&name); } assert(list == NULL);