On Fri, Mar 9, 2012 at 3:03 PM, Axel Dörfler <axeld@xxxxxxxxxxxxxxxx> wrote: > Well, I left in the problematic code in my reply on purpose, but here it > is again: > > > + dirpath = (char *)malloc(MAXPATHLEN); > > + if (dirpath == NULL) { > > + // ran out of memory allocating dirpath > > + errno = ENOMEM; > > + return -1; > > + } > > + > > + if (fcntl(fd, F_GETPATH, dirpath)< 0) { > > + // failed to get the path of fd, fcntl sets errno > > Leak of dirpath here. > > > > + return -1; > > + } > > + > > + if (strlcat(dirpath, path, MAXPATHLEN)> MAXPATHLEN) { > > + // full path is too long, set errno and return > > + errno = ENAMETOOLONG; > > Leak of dirpath here. > I am not trying to be difficult but I still don't see where the memory leak is. You are looking at old code from an earlier commit. The final code is as follows: // fullPath is allocated char* fullPath = (char *)malloc(MAXPATHLEN); if (fullPath == NULL) { // ran out of memory allocating dirpath errno = ENOMEM; return -1; } // if malloc fails, no memory leak. If malloc succeeds fullPath is passed into get_path() if (get_path(fd, path, &fullPath) < 0) { free(fullPath); return -1; } // if get_path fails, memory is freed, if not the next code is run int status = mkdir(fullPath, mode); free(fullPath); return status; // fullPath is used, memory is freed, function returns. fullPath is allocated before entering get_path and free after so get_path is not responsible for freeing fullPath. It either returns -1 for failure or 0 for success and fullPath is freed afterwards. John Scipione