Skip to content

Commit

Permalink
bgpd: fix memory leak when updating peer up loc rib events
Browse files Browse the repository at this point in the history
The following memory leak can be observed when turning off and on the
BGP vrf interface.

> ==706056==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 78 byte(s) in 1 object(s) allocated from:
>     #0 0x7fbf5f6b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
>     FRRouting#1 0x7fbf5f0771f8 in qmalloc lib/memory.c:101
>     FRRouting#2 0x7fbf5bdde610 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2042
>     FRRouting#3 0x7fbf5bdde8aa in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2079
>     FRRouting#4 0x7fbf5bdeaa1c in bmp_vrf_itf_state_changed bgpd/bgp_bmp.c:3204
>     FRRouting#5 0x562740f0d83f in hook_call_bgp_vrf_status_changed bgpd/bgp_zebra.c:64
>     FRRouting#6 0x562740f0ee28 in bgp_ifp_up bgpd/bgp_zebra.c:234
>     FRRouting#7 0x7fbf5f01c193 in hook_call_if_up lib/if.c:57
>     FRRouting#8 0x7fbf5f01d09a in if_up_via_zapi lib/if.c:203
>     FRRouting#9 0x7fbf5f1d6f54 in zclient_interface_up lib/zclient.c:2671
>     FRRouting#10 0x7fbf5f1e3e5a in zclient_read lib/zclient.c:4624
>     FRRouting#11 0x7fbf5f18078d in event_call lib/event.c:1996
>     FRRouting#12 0x7fbf5f048933 in frr_run lib/libfrr.c:1232
>     FRRouting#13 0x562740c0cae1 in main bgpd/bgp_main.c:557
>     FRRouting#14 0x7fbf5ea29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>
> Direct leak of 78 byte(s) in 1 object(s) allocated from:
>     #0 0x7fbf5f6b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
>     FRRouting#1 0x7fbf5f0771f8 in qmalloc lib/memory.c:101
>     FRRouting#2 0x7fbf5bdde610 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2042
>     FRRouting#3 0x7fbf5bdde8aa in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2079
>     FRRouting#4 0x7fbf5bdd4839 in bmp_send_peerup_vrf bgpd/bgp_bmp.c:627
>     FRRouting#5 0x7fbf5bddb0d3 in bmp_wrfill bgpd/bgp_bmp.c:1590
>     FRRouting#6 0x7fbf5f10841f in pullwr_run lib/pullwr.c:197
>     FRRouting#7 0x7fbf5f18078d in event_call lib/event.c:1996
>     FRRouting#8 0x7fbf5f048933 in frr_run lib/libfrr.c:1232
>     FRRouting#9 0x562740c0cae1 in main bgpd/bgp_main.c:557
>     FRRouting#10 0x7fbf5ea29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Fix this by freeing the previous open_tx and open_rx contexts before
setting up the new one. Also at deletion of peer, free the open_rx
context.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
  • Loading branch information
pguibert6WIND committed Dec 19, 2024
1 parent 1f42ae1 commit 1f68f76
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions bgpd/bgp_bmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -2035,10 +2035,14 @@ static void bmp_bgp_peer_vrf(struct bmp_bgp_peer *bbpeer, struct bgp *bgp)
size_t open_len = stream_get_endp(s);

bbpeer->open_rx_len = open_len;
if (bbpeer->open_rx)
XFREE(MTYPE_BMP_OPEN, bbpeer->open_rx);
bbpeer->open_rx = XMALLOC(MTYPE_BMP_OPEN, open_len);
memcpy(bbpeer->open_rx, s->data, open_len);

bbpeer->open_tx_len = open_len;
if (bbpeer->open_tx)
XFREE(MTYPE_BMP_OPEN, bbpeer->open_tx);
bbpeer->open_tx = XMALLOC(MTYPE_BMP_OPEN, open_len);
memcpy(bbpeer->open_tx, s->data, open_len);

Expand Down Expand Up @@ -2080,6 +2084,7 @@ bool bmp_bgp_update_vrf_status(struct bmp_bgp *bmpbgp, enum bmp_vrf_state force)
} else {
bbpeer = bmp_bgp_peer_find(peer->qobj_node.nid);
if (bbpeer) {
XFREE(MTYPE_BMP_OPEN, bbpeer->open_tx);
XFREE(MTYPE_BMP_OPEN, bbpeer->open_rx);
bmp_peerh_del(&bmp_peerh, bbpeer);
XFREE(MTYPE_BMP_PEER, bbpeer);
Expand Down

0 comments on commit 1f68f76

Please sign in to comment.