Re: [PATCH] BUG/MINOR: ssl_ckch: fix memory leak on realloc failure

Sat, 25 Apr 2026 05:47:26 -0700 

On Sat, Apr 25, 2026 at 12:51:10PM +0200, ???? ??????? wrote:
> > > $ spatch --sp-file dev/coccinelle/realloc_leak.cocci  src/hlua.c
> > > init_defs_builtins: /usr/lib64/coccinelle/standard.h
> > > HANDLING: src/hlua.c
> > > SPECIAL NAMES: adding DECLARE_STATIC_TYPED_POOL as a declarer
> > > SPECIAL NAMES: adding list_for_each_entry_from as a iterator
> > > SPECIAL NAMES: adding list_for_each_entry as a iterator
> > > SPECIAL NAMES: adding list_for_each_entry_safe as a iterator
> > > diff =
> > > --- src/hlua.c
> > > +++ /tmp/cocci-output-1646809-b4de51-hlua.c
> > > @@ -13509,7 +13509,6 @@ static int hlua_load_per_thread(char **a
> > >         for (len = 0; per_thread_load[len] != NULL; len++)
> > >                 ;
> > >
> > > -       per_thread_load = realloc(per_thread_load, (len + 2) *
> > > sizeof(*per_thread_load));
> > >         if (per_thread_load == NULL) {
> > >                 memprintf(err, "out of memory error");
> > >                 return -1;
> > > @@ -14155,7 +14154,6 @@ static void *hlua_alloc(void *ud, void *
> > >                 if (!nsize)
> > >                         ha_free(&ptr);
> > >                 else
> > > -                       ptr = realloc(ptr, nsize);
> > >                 return ptr;
> > >         }
> > >
> > > @@ -14174,7 +14172,6 @@ static void *hlua_alloc(void *ud, void *
> > >         if (!nsize)
> > >                 ha_free(&ptr);
> > >         else
> > > -               ptr = realloc(ptr, nsize);
> > >
> > >         if (unlikely(!ptr && nsize)) // failed
> > >                 _HA_ATOMIC_SUB(&zone->allocated, nsize - osize);
> > >
> > > $
> > >
> > >
> > >
> > > it recommends just to remove all "realloc" occurences :)
> > > it looks like "realloc" is not welcome. maybe it is done in purpose, not
> > > sure.
> > > taking into account that strict behaviour, maybe we should get rid of
> > > realloc completely.
> > >
> >
> > It's not broken, the cocci file was made to find locations where the
> > return value is assigned to the same variable as the one in parameter.
> > This one
> > was not made to patch the issue by itself.
> >
> 
> some of realloc usages are ok, some are not.
> if that script purpose is to find realloc, ok.

No, not just any realloc, the script tries to find patterns of:

    ptr2 = realloc(ptr1, size).

where ptr2 and ptr1 are the same expression. So it finds
ptr=realloc(ptr,size) just like ctx->storage=realloc(ctx->storage,12) etc.

And it's super fast. It does it faster than an LLM or than running multiple
incantations of "git grep".

Willy

Reply via email to