Hi, On Monday 10 November 2014 18:28:52 Mahmoud Al-Qudsi wrote: > I’m not able to pin it myself from a brief look, but it seems that > under certain conditions a call to hivex_node_delete_child can cause > the allocations from _hivex_get_children to not be freed properly? > > I know that if the return value of _hivex_get_children is -1, no free > is called; but from what I can see, -1 means there is nothing to be > freed/it’s been taken care of. > > I’ve attached the valgrind log together with the output of > HIVEX_OPEN_DEBUG, please let me know if there’s anything else I can > provide to make this easier. It seems like rather hivex_node_delete_child leaks the "blocks" array returned by _hivex_get_children every time. The patch should be easy, would you be able to give it a try to check whether it fixes the leak in your application? Thanks, -- Pino Toscano

>From 854a8e763a83870e8248e132ec3a9a063f334035 Mon Sep 17 00:00:00 2001 From: Pino Toscano <ptoscano(a)redhat.com&gt; Date: Tue, 11 Nov 2014 11:36:30 +0100 Subject: [PATCH] lib: write: fix memory leak Free the "blocks" array got from _hivex_get_children. Thanks: Mahmoud Al-Qudsi --- lib/write.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/write.c b/lib/write.c index abd12c5..33b64e4 100644 --- a/lib/write.c +++ b/lib/write.c @@ -902,10 +902,13 @@ hivex_node_delete_child (hive_h *h, hive_node_h node) } } } + free (blocks); SET_ERRNO (ENOTSUP, "could not find parent to child link"); return -1; found:; + free (blocks); + struct ntreg_nk_record *nk = (struct ntreg_nk_record *) ((char *) h->addr + parent); size_t nr_subkeys_in_nk = le32toh (nk->nr_subkeys); -- 1.9.3