update: Memory leaks in stdup and asprintf (#588)

XV02 · web-flow · commit 75a17a7a903c · 2026-05-15T09:36:05.000-06:00
diff --git a/configure.ac b/configure.ac
@@ -49,7 +49,10 @@ AC_USE_SYSTEM_EXTENSIONS
 AC_PROG_CC_C99
 AM_PROG_CC_C_O
 AM_PROG_AR
-AC_PROG_LIBTOOL
+dnl
+dnl Initialize libtool - use LT_INIT for libtool 2.x, AC_PROG_LIBTOOL for 1.x
+dnl
+m4_ifdef([LT_INIT], [LT_INIT], [AC_PROG_LIBTOOL])
 
 dnl
 dnl Detecting OS
diff --git a/src/libltfs/arch/filename_handling.c b/src/libltfs/arch/filename_handling.c
@@ -131,6 +131,9 @@ void update_platform_safe_name(struct dentry* dentry, bool handle_invalid_char,
 	}
 #else
 	dentry->platform_safe_name = arch_strdup(dentry->name.name);
+	if (!dentry->platform_safe_name) {
+		ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+	}
 #endif
 }
 
diff --git a/src/libltfs/index_criteria.c b/src/libltfs/index_criteria.c
@@ -309,23 +309,43 @@ int index_criteria_parse_name(const char *criteria, size_t len, struct index_cri
 			*delim = '\0';
 			rule_ptr->percent_encode = fs_is_percent_encode_required(rule);
 			rule_ptr->name = arch_strdup(rule);
+			if (!rule_ptr->name) {
+				ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+				arch_safe_free(rulebuf);
+				return -LTFS_NO_MEMORY;
+			}
 			rule_ptr++;
 			rule = delim+1;
 		} else if (*delim == '/') {
 			*delim = '\0';
 			rule_ptr->percent_encode = fs_is_percent_encode_required(rule);
 			rule_ptr->name = arch_strdup(rule);
+			if (!rule_ptr->name) {
+				ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+				arch_safe_free(rulebuf);
+				return -LTFS_NO_MEMORY;
+			}
 			rule_ptr++;
 		} else if (*(delim+1) == '\0') {
 			rule_ptr->percent_encode = fs_is_percent_encode_required(rule);
 			rule_ptr->name = arch_strdup(rule);
+			if (!rule_ptr->name) {
+				ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+				arch_safe_free(rulebuf);
+				return -LTFS_NO_MEMORY;
+			}
 			rule_ptr++;
 		}
 	}
 
 	if (ic->glob_patterns == rule_ptr) {
 		rule_ptr->percent_encode = fs_is_percent_encode_required(rule);
 		rule_ptr->name = arch_strdup(rule);
+		if (!rule_ptr->name) {
+			ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+			arch_safe_free(rulebuf);
+			return -LTFS_NO_MEMORY;
+		}
 	}
 
 	/* Validate rules */
diff --git a/src/libltfs/ltfs_fsops.c b/src/libltfs/ltfs_fsops.c
@@ -1913,6 +1913,10 @@ int ltfs_fsops_symlink_path(const char* to, const char* from, ltfs_file_id *id,
 	id->uid = d->uid;
 	id->ino = d->ino;
 	d->target.name = arch_strdup(to);
+	if (!d->target.name) {
+		ltfs_fsops_close(d, true, true, use_iosche, vol);
+		return -LTFS_NO_MEMORY;
+	}
 	d->target.percent_encode = fs_is_percent_encode_required(to);
 	d->isslink = true;
 
@@ -2063,7 +2067,7 @@ int ltfs_fsops_target_absolute_path(const char* link, const char* target, char*
 			len -= strlen(temp_buf); /* length of "/aaa" */
 		} else if (strcmp(token, "." )) {                    /* have directory name */
 			work_buf[len] = '/';                             /* put '/ 'as "/aaa/" */
-			arch_strncpy(work_buf+len+1, token, work_buf_len, strlen(token) ); /* "/aaa/ccc\0" */
+			arch_strncpy(work_buf+len+1, token, work_buf_len, strlen(token)); /* "/aaa/ccc\0" */
 			len = strlen(work_buf);
 		}
 		token = next_token;
diff --git a/src/libltfs/ltfs_internal.c b/src/libltfs/ltfs_internal.c
@@ -1289,7 +1289,7 @@ int ltfs_split_symlink(struct ltfs_volume *vol)
 	size_t i, size;
 	struct dentry *d, *workd;
 	int ret=0;
-	char *name, *lfdir, *path, *tok, *next_tok;
+	char *name, *lfdir, *path, *new_path, *tok, *next_tok;
 	bool basedir=true, use_iosche=false;
 	char value[32];
 	ltfs_file_id id;
@@ -1298,6 +1298,11 @@ int ltfs_split_symlink(struct ltfs_volume *vol)
 
 	/* check lost_and_found directory and make if it doesn't exist */
 	int pathsize = asprintf( &lfdir, "/%s", LTFS_LOSTANDFOUND_DIR );
+	if (pathsize < 0) {
+		ltfsmsg(LTFS_ERR, 10001E, "_ltfs_recover_symlink: lfdir");
+		return -LTFS_NO_MEMORY;
+	}
+	
 	ret = fs_path_lookup(lfdir, 0, &workd, vol->index);
 	if ( ret==-LTFS_NO_DENTRY  ) {
 		ret = ltfs_fsops_create( lfdir, true, false, false, &workd, vol);
@@ -1313,6 +1318,11 @@ int ltfs_split_symlink(struct ltfs_volume *vol)
 	}
 	ret = ltfs_fsops_close( workd, true, true, use_iosche, vol);
 	path=arch_strdup(lfdir);
+	if (!path) {
+		ltfsmsg(LTFS_ERR, 10001E, "_ltfs_recover_symlink: path");
+		free(lfdir);
+		return -LTFS_NO_MEMORY;
+	}
 
 	/* loop for conflicted files */
 	for( i=0; i<(vol->index->symerr_count); i++ ){
@@ -1327,7 +1337,14 @@ int ltfs_split_symlink(struct ltfs_volume *vol)
 
 		/* check directory path and make if it doesn't exist */
 		while( next_tok ){
-			asprintf( &path, "%s/%s", path, tok );
+			ret = asprintf(&new_path, "%s/%s", path, tok);
+			if (ret < 0) {
+				ltfsmsg(LTFS_ERR, 10001E, "_ltfs_recover_symlink: path");
+				ret = -LTFS_NO_MEMORY;
+				goto err_out_func;
+			}
+			free(path);
+			path = new_path;
 			if ( basedir ) {
 				ret = fs_path_lookup(path, 0, &workd, vol->index);
 				if ( ret==-LTFS_NO_DENTRY  )
@@ -1347,7 +1364,14 @@ int ltfs_split_symlink(struct ltfs_volume *vol)
 			next_tok = arch_strtok( NULL, "/", contextVal);
 		}
 		/* Make filename with path in lost_and_found */
-		asprintf( &path, "%s/%s", path, tok);
+		ret = asprintf(&new_path, "%s/%s", path, tok);
+		if (ret < 0) {
+			ltfsmsg(LTFS_ERR, 10001E, "_ltfs_recover_symlink: path");
+			ret = -LTFS_NO_MEMORY;
+			goto err_out_func;
+		}
+		free(path);
+		path = new_path;
 		ret = fs_path_lookup(path, 0, &workd, vol->index);
 		if ( ret == 0 ) {
 			/* delete same name old symlink */
diff --git a/src/libltfs/ltfslogging.h b/src/libltfs/ltfslogging.h
@@ -162,6 +162,9 @@ void ltfsprintf_unload_plugin(void *handle);
  * only to stderr.
  * @param print_id Print the message prefix LTFSnnnnn ?
  * @param level Log level of this message, must be one of the ltfs_log_levels (LTFS_ERROR, etc.).
+ * @param msg_out Optional pointer to receive a dynamically allocated copy of the formatted message.
+ *                Pass NULL if not needed. If non-NULL, the caller must check if *msg_out is NULL
+ *                (indicating memory allocation failure) and must free the returned string when done.
  * @param id Unique ID of this error.
  * @return 0 if a message was printed or a negative value on error.
  */
diff --git a/src/libltfs/ltfssnmp.c b/src/libltfs/ltfssnmp.c
@@ -123,6 +123,12 @@ int read_trap_def_file(char *deffile)
 					return -LTFS_NO_MEMORY;
 				}
 				entry->id = arch_strdup(tok);
+				if (! entry->id) {
+					ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+					free(entry);
+					fclose(fp);
+					return -LTFS_NO_MEMORY;
+				}
 				TAILQ_INSERT_TAIL(&trap_entries, entry, list);
 			}
 		}
diff --git a/src/libltfs/tape.c b/src/libltfs/tape.c
@@ -1916,13 +1916,27 @@ int tape_get_media_pool_info(struct ltfs_volume *vol, char **media_name, char **
 	if (is_add_info) {
 		if (add_start !=0) {
 			name = strndup(vol->t_attr->media_pool, add_start);
+			if (!name) {
+				ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+				return -LTFS_NO_MEMORY;
+			}
 		}
 		info = arch_strdup(&(vol->t_attr->media_pool[add_start+1]));
+		if (!info) {
+			ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+			if (name)
+				free(name);
+			return -LTFS_NO_MEMORY;
+		}
 		len = strlen(info);
 		info[len-1] = '\0';
 	}
 	else {
 		name = arch_strdup(vol->t_attr->media_pool);
+		if (!name) {
+			ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+			return -LTFS_NO_MEMORY;
+		}
 	}
 
 	if (name)
@@ -3062,7 +3076,9 @@ void set_tape_attribute(struct ltfs_volume *vol, struct tape_attr *t_attr)
  * @param set attribute type
  * @return 0 positive : success, negative : cannot set value to Cartridge Memory
  */
-int tape_set_attribute_to_cm(struct device_data *dev, struct tape_attr *t_attr, int type)
+int tape_set_attribute_to_cm(struct device_data* dev,
+	struct tape_attr* t_attr,
+	int type)
 {
 	int ret;
 	int attr_size;
diff --git a/src/libltfs/xattr.c b/src/libltfs/xattr.c
@@ -664,7 +664,12 @@ static int _xattr_get_virtual(struct dentry *d, char *buf, size_t buf_size, cons
 				default:
 					break;
 			}
-			asprintf(&val, "0x%08x", (uint32_t)(vol->device->write_protected | lock));
+			ret = asprintf(&val, "0x%08x", (uint32_t)(vol->device->write_protected | lock));
+			if (ret < 0) {
+				ltfsmsg(LTFS_ERR, 10001E, name);
+				val = NULL;
+				ret = -LTFS_NO_MEMORY;
+			}
 		} else {
 			val = NULL;
 			ret = -LTFS_CART_NOT_MOUNTED;
diff --git a/src/libltfs/xml_reader_libltfs.c b/src/libltfs/xml_reader_libltfs.c
@@ -155,6 +155,11 @@ static int decode_entry_name(char **new_name, const char *name)
 
 	*new_name = arch_strdup(tmp_name);
 	free(tmp_name);
+	
+	if (!*new_name) {
+		ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+		return -LTFS_NO_MEMORY;
+	}
 
 	return 0;
 }
@@ -187,8 +192,10 @@ static int _xml_parse_nametype(xmlTextReaderPtr reader, struct ltfs_name *n, boo
 	}
 
 	if (n->percent_encode) {
-		decode_entry_name(&decoded_name, encoded_name);
+		ret = decode_entry_name(&decoded_name, encoded_name);
 		free(encoded_name);
+		if (ret < 0)
+			return ret;
 	} else {
 		decoded_name = encoded_name;
 	}
@@ -241,8 +248,10 @@ static int _xml_parse_nametype_allow_zero_length(xmlTextReaderPtr reader, struct
 	}
 
 	if (n->percent_encode) {
-		decode_entry_name(&decoded_name, encoded_name);
+		ret = decode_entry_name(&decoded_name, encoded_name);
 		free(encoded_name);
+		if (ret < 0)
+			return ret;
 	} else {
 		decoded_name = encoded_name;
 	}
diff --git a/src/libltfs/xml_writer.c b/src/libltfs/xml_writer.c
@@ -409,8 +409,8 @@ int xml_acquire_file_lock(const char *file, int *fd, int *bk_fd, bool is_write)
 
 	/* Create backup file if required */
 	if (bk_fd) {
-		asprintf(&backup_file, "%s.%s", file, "bk");
-		if (!backup_file){
+		ret = asprintf(&backup_file, "%s.%s", file, "bk");
+		if (ret < 0) {
 			ltfsmsg(LTFS_ERR, 10001E, "xml_acquire_file_lock: backup name");
 			arch_close(*fd);
 			*fd = -1;
@@ -510,8 +510,8 @@ int xml_release_file_lock(const char *file, int fd, int bk_fd, bool revert)
 	if (bk_fd >= 0) arch_close(bk_fd);
     errno = errno_save;
 
-	asprintf(&backup_file, "%s.%s", file, "bk");
-	if (!backup_file){
+	ret = asprintf(&backup_file, "%s.%s", file, "bk");
+	if (ret < 0) {
 		ltfsmsg(LTFS_ERR, 10001E, "xml_release_file_lock: backup name");
 		ret = -LTFS_NO_MEMORY;
 	} else {
diff --git a/src/libltfs/xml_writer_libltfs.c b/src/libltfs/xml_writer_libltfs.c
@@ -130,6 +130,11 @@ static int encode_entry_name(char **new_name, const char *name)
 
 	*new_name = arch_strdup(tmp_name);
 	free(tmp_name);
+	
+	if (!*new_name) {
+		ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);
+		return -LTFS_NO_MEMORY;
+	}
 
 	return 0;
 }
@@ -146,7 +151,10 @@ static int _xml_write_nametype(xmlTextWriterPtr writer, const char *tag, struct
 	char *encoded_name = NULL;
 
 	if (n->percent_encode) {
-		encode_entry_name(&encoded_name, n->name);
+		if (encode_entry_name(&encoded_name, n->name) < 0) {
+			ltfsmsg(LTFS_ERR, 17098E, __FUNCTION__);
+			return -1;
+		}
 		xml_mktag(xmlTextWriterStartElement(writer, BAD_CAST tag), -1);
 		xml_mktag(xmlTextWriterWriteAttribute(writer, BAD_CAST "percentencoded", BAD_CAST "true"), -1);
 		xml_mktag(xmlTextWriterWriteString(writer, BAD_CAST encoded_name), -1);
@@ -542,24 +550,21 @@ static int _xml_write_schema(xmlTextWriterPtr writer, const char *creator,
 		writer, BAD_CAST NEXTUID_TAGNAME, "%"PRIu64, idx->uid_number), -1);
 
 	{
-		char *value = NULL;
+		const char *value;
 
 		switch (idx->vollock) {
 			case LOCKED_MAM:
-				asprintf(&value, "locked");
+				value = "locked";
 				break;
 			case PERMLOCKED_MAM:
-				asprintf(&value, "permlocked");
+				value = "permlocked";
 				break;
 			default:
-				asprintf(&value, "unlocked");
+				value = "unlocked";
 				break;
 		}
 
-		if (value)
-			xml_mktag(xmlTextWriterWriteElement(writer, BAD_CAST "volumelockstate", BAD_CAST value), -1);
-
-		free(value);
+		xml_mktag(xmlTextWriterWriteElement(writer, BAD_CAST "volumelockstate", BAD_CAST value), -1);
 	}
 
 	xml_mktag(_xml_write_dirtree(writer, idx->root, idx, &offset, &list), -1);
@@ -784,26 +789,29 @@ int xml_schema_to_file(const char *filename, const char *creator,
 		return -1;
 	}
 
-	if (reason)
-		asprintf(&alt_creator, "%s - %s", creator , reason);
-	else
-		alt_creator = arch_strdup(creator);
-
-	if (alt_creator) {
-		ret = _xml_write_schema(writer, alt_creator, idx);
-		if (ret < 0)
-			ltfsmsg(LTFS_ERR, 17052E, ret, filename);
-		else
-			_commit_offset_caches(filename, idx);
-
-		xmlFreeTextWriter(writer);
-		free(alt_creator);
+	if (reason) {
+		ret = asprintf(&alt_creator, "%s - %s", creator , reason);
+		if (ret < 0) {
+			ltfsmsg(LTFS_ERR, 10001E, "xml_schema_to_file: alt_creator");
+			xmlFreeTextWriter(writer);
+			return -LTFS_NO_MEMORY;
+		}
 	} else {
-		ltfsmsg(LTFS_ERR, 10001E, "xml_schema_to_file: alt creator string");
-		xmlFreeTextWriter(writer);
-		return -1;
+		alt_creator = arch_strdup(creator);
+		if (!alt_creator) {
+			ltfsmsg(LTFS_ERR, 10001E, "xml_schema_to_file: alt_creator string");
+			xmlFreeTextWriter(writer);
+			return -LTFS_NO_MEMORY;
+		}
 	}
+	ret = _xml_write_schema(writer, alt_creator, idx);
+	if (ret < 0)
+		ltfsmsg(LTFS_ERR, 17052E, ret, filename);
+	else
+		_commit_offset_caches(filename, idx);
 
+	xmlFreeTextWriter(writer);
+	free(alt_creator);
 	return ret;
 }
 
diff --git a/src/tape_drivers/freebsd/cam/cam_tc.c b/src/tape_drivers/freebsd/cam/cam_tc.c
diff --git a/src/tape_drivers/generic/file/filedebug_tc.c b/src/tape_drivers/generic/file/filedebug_tc.c
diff --git a/src/tape_drivers/generic/itdtimg/itdtimg_tc.c b/src/tape_drivers/generic/itdtimg/itdtimg_tc.c
diff --git a/src/tape_drivers/linux/lin_tape/lin_tape_ibmtape.c b/src/tape_drivers/linux/lin_tape/lin_tape_ibmtape.c
diff --git a/src/utils/ltfsck.c b/src/utils/ltfsck.c
diff --git a/src/utils/mkltfs.c b/src/utils/mkltfs.c

Original file line number	Diff line number	Diff line change
`@@ -131,6 +131,9 @@ void update_platform_safe_name(struct dentry* dentry, bool handle_invalid_char,`
`131`	`131`	`}`
`132`	`132`	`#else`
`133`	`133`	`dentry->platform_safe_name = arch_strdup(dentry->name.name);`
	`134`	`+ if (!dentry->platform_safe_name) {`
	`135`	`+ ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);`
	`136`	`+ }`
`134`	`137`	`#endif`
`135`	`138`	`}`
`136`	`139`
Original file line number	Diff line number	Diff line change
`@@ -123,6 +123,12 @@ int read_trap_def_file(char *deffile)`
`123`	`123`	`return -LTFS_NO_MEMORY;`
`124`	`124`	`}`
`125`	`125`	`entry->id = arch_strdup(tok);`
	`126`	`+ if (! entry->id) {`
	`127`	`+ ltfsmsg(LTFS_ERR, 10001E, __FUNCTION__);`
	`128`	`+ free(entry);`
	`129`	`+ fclose(fp);`
	`130`	`+ return -LTFS_NO_MEMORY;`
	`131`	`+ }`
`126`	`132`	`TAILQ_INSERT_TAIL(&trap_entries, entry, list);`
`127`	`133`	`}`
`128`	`134`	`}`