From ad213deb0b304cbf13eab763faf42726144cd4c4 Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Tue, 17 Dec 2024 18:13:59 +0100 Subject: [PATCH] bgpd: bmp, fix memory leak in peer messages The following memory leak is observed when running bgp_bmp test. > ==614841==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 81 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f2b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > #1 0x7f0e9ec771f8 in qmalloc lib/memory.c:101 > #2 0x7f0e9e5a2f89 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2211 > #3 0x7f0e9e5a31a8 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2247 > #4 0x7f0e9e5b0325 in bmp_bgp_attribute_updated_instance bgpd/bgp_bmp.c:3476 > #5 0x7f0e9e5b0661 in bmp_bgp_attribute_updated bgpd/bgp_bmp.c:3526 > #6 0x7f0e9e5b08ae in bmp_routerid_update bgpd/bgp_bmp.c:3547 > #7 0x55cdc4bcbd88 in hook_call_bgp_routerid_update bgpd/bgpd.c:89 > #8 0x55cdc4bccf0b in bgp_router_id_set bgpd/bgpd.c:305 > #9 0x55cdc4bcd87d in bgp_router_id_zebra_bump bgpd/bgpd.c:393 > #10 0x55cdc4ba87d5 in bgp_router_id_update bgpd/bgp_zebra.c:99 > #11 0x7f0e9ede3f0b in zclient_read lib/zclient.c:4626 > #12 0x7f0e9ed8074d in event_call lib/event.c:1996 > #13 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > #14 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > #15 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Direct leak of 81 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f2b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > #1 0x7f0e9ec771f8 in qmalloc lib/memory.c:101 > #2 0x7f0e9e5a2ed8 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2207 > #3 0x7f0e9e5a31a8 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2247 > #4 0x7f0e9e5b0325 in bmp_bgp_attribute_updated_instance bgpd/bgp_bmp.c:3476 > #5 0x7f0e9e5b0661 in bmp_bgp_attribute_updated bgpd/bgp_bmp.c:3526 > #6 0x7f0e9e5b08ae in bmp_routerid_update bgpd/bgp_bmp.c:3547 > #7 0x55cdc4bcbd88 in hook_call_bgp_routerid_update bgpd/bgpd.c:89 > #8 0x55cdc4bccf0b in bgp_router_id_set bgpd/bgpd.c:305 > #9 0x55cdc4bcd87d in bgp_router_id_zebra_bump bgpd/bgpd.c:393 > #10 0x55cdc4ba87d5 in bgp_router_id_update bgpd/bgp_zebra.c:99 > #11 0x7f0e9ede3f0b in zclient_read lib/zclient.c:4626 > #12 0x7f0e9ed8074d in event_call lib/event.c:1996 > #13 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > #14 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > #15 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Direct leak of 64 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f2b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > #1 0x7f0e9ec77235 in qcalloc lib/memory.c:106 > #2 0x7f0e9e5a498d in bmp_imported_bgp_get bgpd/bgp_bmp.c:2441 > #3 0x7f0e9e5acbed in bmp_import_vrf_magic bgpd/bgp_bmp.c:2855 > #4 0x7f0e9e5a7f97 in bmp_import_vrf bgpd/bgp_bmp_clippy.c:147 > #5 0x7f0e9ebb1178 in cmd_execute_command_real lib/command.c:1003 > #6 0x7f0e9ebb1505 in cmd_execute_command lib/command.c:1062 > #7 0x7f0e9ebb21d7 in cmd_execute lib/command.c:1228 > #8 0x7f0e9ed90bf0 in vty_command lib/vty.c:626 > #9 0x7f0e9ed95ad5 in vty_execute lib/vty.c:1389 > #10 0x7f0e9ed9c01e in vtysh_read lib/vty.c:2408 > #11 0x7f0e9ed8074d in event_call lib/event.c:1996 > #12 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > #13 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > #14 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Direct leak of 6 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f25b9a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454 > #1 0x7f0e9ec772fa in qstrdup lib/memory.c:118 > #2 0x55cdc4b57d54 in af_rd_vpn_export_magic bgpd/bgp_vty.c:9814 > #3 0x55cdc4b288d7 in af_rd_vpn_export bgpd/bgp_vty_clippy.c:3493 > #4 0x7f0e9ebb1178 in cmd_execute_command_real lib/command.c:1003 > #5 0x7f0e9ebb1505 in cmd_execute_command lib/command.c:1062 > #6 0x7f0e9ebb21d7 in cmd_execute lib/command.c:1228 > #7 0x7f0e9ed90bf0 in vty_command lib/vty.c:626 > #8 0x7f0e9ed95ad5 in vty_execute lib/vty.c:1389 > #9 0x7f0e9ed9c01e in vtysh_read lib/vty.c:2408 > #10 0x7f0e9ed8074d in event_call lib/event.c:1996 > #11 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > #12 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > #13 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Indirect leak of 5 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f25b9a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454 > #1 0x7f0e9ec772fa in qstrdup lib/memory.c:118 > #2 0x7f0e9e5a49ae in bmp_imported_bgp_get bgpd/bgp_bmp.c:2443 > #3 0x7f0e9e5acbed in bmp_import_vrf_magic bgpd/bgp_bmp.c:2855 > #4 0x7f0e9e5a7f97 in bmp_import_vrf bgpd/bgp_bmp_clippy.c:147 > #5 0x7f0e9ebb1178 in cmd_execute_command_real lib/command.c:1003 > #6 0x7f0e9ebb1505 in cmd_execute_command lib/command.c:1062 > #7 0x7f0e9ebb21d7 in cmd_execute lib/command.c:1228 > #8 0x7f0e9ed90bf0 in vty_command lib/vty.c:626 > #9 0x7f0e9ed95ad5 in vty_execute lib/vty.c:1389 > #10 0x7f0e9ed9c01e in vtysh_read lib/vty.c:2408 > #11 0x7f0e9ed8074d in event_call lib/event.c:1996 > #12 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > #13 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > #14 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > SUMMARY: AddressSanitizer: 237 byte(s) leaked in 5 allocation(s). Fix this by freeing the missing memory block that helps building the open message to send to remote bmp collector. Signed-off-by: Philippe Guibert --- bgpd/bgp_bmp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/bgpd/bgp_bmp.c b/bgpd/bgp_bmp.c index d0bb93a02f50..7ad8cc4b39c0 100644 --- a/bgpd/bgp_bmp.c +++ b/bgpd/bgp_bmp.c @@ -2249,6 +2249,7 @@ bool bmp_bgp_update_vrf_status(enum bmp_vrf_state *vrf_state, struct bgp *bgp, bbpeer = bmp_bgp_peer_find(peer->qobj_node.nid); if (bbpeer) { XFREE(MTYPE_BMP_OPEN, bbpeer->open_rx); + XFREE(MTYPE_BMP_OPEN, bbpeer->open_tx); bmp_peerh_del(&bmp_peerh, bbpeer); XFREE(MTYPE_BMP_PEER, bbpeer); }