[DTrace-devel] [PATCH] lex: fix scan buffer memory leak

[Kris Van Hees]

When compiling a string, the dt_compile() function calls yy_scan_string()
on the string, which replaces the curerent buffer with a buffer based on
the given string.  The buffer being replaced does not get freed, causing
a memory leak.  Popping the buffer state frees the existing buffer.  It
will leave the lexer buffer state NULL, which allows the string-based
buffer to be installed without leaks.

Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
---
 libdtrace/dt_cc.c     | 8 +++++++-
 libdtrace/dt_parser.h | 1 +
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/libdtrace/dt_cc.c b/libdtrace/dt_cc.c
index 55fc916d..cb07b8d6 100644
--- a/libdtrace/dt_cc.c
+++ b/libdtrace/dt_cc.c
@@ -672,8 +672,14 @@ dt_compile(dtrace_hdl_t *dtp, int context, dtrace_probespec_t pspec, void *arg,
 	 * will longjmp back to pcb_jmpbuf to abort.  If parsing succeeds,
 	 * we optionally display the parse tree if debugging is enabled.
 	 */
-	if (yypcb->pcb_string)
+	if (yypcb->pcb_string) {
+		/*
+		 * We need to pop the buffer state that yyinit() created since
+		 * yy_scan_string() will replace it without freeing it.
+		 */
+		yypop_buffer_state();
 		strbuf = yy_scan_string(yypcb->pcb_string);
+	}
 	if (yyparse() != 0 || yypcb->pcb_root == NULL) {
 		if (yypcb->pcb_string)
 			yy_delete_buffer(strbuf);
diff --git a/libdtrace/dt_parser.h b/libdtrace/dt_parser.h
index 59f620fa..13f3cc99 100644
--- a/libdtrace/dt_parser.h
+++ b/libdtrace/dt_parser.h
@@ -280,6 +280,7 @@ extern void yyinit(struct dt_pcb *);
 struct yy_buffer_state;
 
 struct yy_buffer_state *yy_scan_string(const char *);
+extern void yypop_buffer_state(void);
 void yy_delete_buffer(struct yy_buffer_state *);
 extern int yyparse(void);
 
-- 
2.42.0