[launchd-changes] [23796] trunk/launchd/src/launchd_runtime.c

source_changes at macosforge.org source_changes at macosforge.org
Tue Feb 10 21:51:19 PST 2009 

Revision: 23796
          http://trac.macosforge.org/projects/launchd/changeset/23796
Author:   dsorresso at apple.com
Date:     2009-02-10 21:51:19 -0800 (Tue, 10 Feb 2009)
Log Message:
-----------
<rdar://problem/6568880> Possible huge leak in launchd

Modified Paths:
--------------
    trunk/launchd/src/launchd_runtime.c

Modified: trunk/launchd/src/launchd_runtime.c
===================================================================
--- trunk/launchd/src/launchd_runtime.c	2009-02-11 04:15:22 UTC (rev 23795)
+++ trunk/launchd/src/launchd_runtime.c	2009-02-11 05:51:19 UTC (rev 23796)
@@ -1499,12 +1499,24 @@
 		 * It will return a valid pointer that can be passed to free(). If we don't
 		 * do this check, we'll wind up corrupting our heap in the subsequent 
 		 * assignments.
+		 *
+		 * We break out if this check fails because, obj_sz is supposed to include
+		 * the size of the logmsg_s struct. If it claims to be of zero size, we
+		 * can't safely increment our counter because something obviously got screwed
+		 * up along the way, since this should always be at least sizeof(struct logmsg_s).
 		 */
 		if( !launchd_assumes(lm_walk->obj_sz > 0) ) {
-			continue;
+			runtime_syslog(LOG_WARNING, "Encountered a log message of size 0 with %u bytes left in forwarded data. Ignoring remaining messages.", data_left);
+			break;
 		}
+		
+		/* If malloc() keeps failing, we shouldn't put additional pressure on the system
+		 * by attempting to add more messages to the log until it returns success
+		 * log a failure, hope pressure lets off, and move on.
+		 */
 		if (!launchd_assumes(lm = malloc(lm_walk->obj_sz))) {
-			continue;
+			runtime_syslog(LOG_WARNING, "Failed to allocate %llu bytes for log message with %u bytes left in forwarded data. Ignoring remaining messages.", lm_walk->obj_sz, data_left);
+			break;
 		}
 
 		memcpy(lm, lm_walk, lm_walk->obj_sz);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/launchd-changes/attachments/20090210/69adb51f/attachment.html>

More information about the launchd-changes mailing list