diff options
| author | hexcoder- <heiko@hexco.de> | 2020-06-27 00:13:24 +0200 |
|---|---|---|
| committer | hexcoder- <heiko@hexco.de> | 2020-06-27 00:13:24 +0200 |
| commit | 4103687f766405339b59d595b7ab7e5cd6f8ca33 (patch) | |
| tree | 9f3f06754ed064a1d5d50639eb3584a726c274e2 | |
| parent | 976e99b1d41e25d6d5eabf2e6085c01d51334285 (diff) | |
| download | afl++-4103687f766405339b59d595b7ab7e5cd6f8ca33.tar.gz | |
afl-sharedmem.c: fix leaks on error paths (SysV shared memory)
| -rw-r--r-- | include/debug.h | 2 | ||||
| -rw-r--r-- | src/afl-sharedmem.c | 17 |
2 files changed, 16 insertions, 3 deletions
diff --git a/include/debug.h b/include/debug.h index 9dd21ace..d1bd971b 100644 --- a/include/debug.h +++ b/include/debug.h @@ -262,7 +262,7 @@ \ } while (0) -/* Die with FAULT() or PFAULT() depending on the value of res (used to +/* Die with FATAL() or PFATAL() depending on the value of res (used to interpret different failure modes for read(), write(), etc). */ #define RPFATAL(res, x...) \ diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 06f46989..77767f21 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -239,7 +239,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, shm->cmplog_shm_id = shmget(IPC_PRIVATE, sizeof(struct cmp_map), IPC_CREAT | IPC_EXCL | 0600); - if (shm->cmplog_shm_id < 0) { PFATAL("shmget() failed"); } + if (shm->cmplog_shm_id < 0) { + shmctl(shm->shm_id, IPC_RMID, NULL); // do not leak shmem + PFATAL("shmget() failed"); + } } @@ -266,7 +269,13 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, shm->map = shmat(shm->shm_id, NULL, 0); - if (shm->map == (void *)-1 || !shm->map) { PFATAL("shmat() failed"); } + if (shm->map == (void *)-1 || !shm->map) { + shmctl(shm->shm_id, IPC_RMID, NULL); // do not leak shmem + if (shm->cmplog_mode) { + shmctl(shm->cmplog_shm_id, IPC_RMID, NULL); // do not leak shmem + } + PFATAL("shmat() failed"); + } if (shm->cmplog_mode) { @@ -274,6 +283,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, if (shm->cmp_map == (void *)-1 || !shm->cmp_map) { + shmctl(shm->shm_id, IPC_RMID, NULL); // do not leak shmem + if (shm->cmplog_mode) { + shmctl(shm->cmplog_shm_id, IPC_RMID, NULL); // do not leak shmem + } PFATAL("shmat() failed"); } |