core: fix free undefined pointer when strdup failed in the first loop

[JetXujing]

In the first loop, if GREEDY_REALLOC success and strdup failed, free n may cause coredump, such as:

#0 0x00007f61c546f331 in free () from /usr/lib64/libc.so.6
#1 0x00007f61c51cc0f9 in strv_clear (l=, l=) at ../src/basic/strv.c:68
#2 0x00007f61c51cc129 in strv_free (l=0x55fa98a63a80) at ../src/basic/strv.c:74
#3 0x000055fa97b2a05f in strv_freep () at ../src/basic/strv.h:21
#4 config_parse_exec (unit=, filename=, line=, section=, section_line=, lvalue=, ltype=, rvalue=, data=, userdata=) at ../src/core/load-fragment.c:637
#5 0x00007f61c525b357 in next_assignment (userdata=0x55fa98a474f0, flags=CONFIG_PARSE_ALLOW_INCLUDE, rvalue=0x55fa98a639ea "/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only", lvalue=0x55fa98a639e0 "ExecStart", section_line=6, section=0x55fa98a63990 "Service", table=0x55fa97b7e0a0 <load_fragment_gperf_lookup>, lookup=0x7f61c5257d40 <config_item_perf_lookup>, line=9, filename=0x55fa98a31cd0 "/usr/lib/systemd/user/dbus.service", unit=0x55fa98a1fda0 "dbus.service") at ../src/shared/conf-parser.c:133
#6 parse_line (unit=unit@entry=0x55fa98a1fda0 "dbus.service", filename=filename@entry=0x55fa98a31cd0 "/usr/lib/systemd/user/dbus.service", line=line@entry=9, sections=sections@entry=0x55fa97bc7771 "Unit", lookup=lookup@entry=0x7f61c5257d40 <config_item_perf_lookup>, table=table@entry=0x55fa97b7e0a0 <load_fragment_gperf_lookup>, flags=CONFIG_PARSE_ALLOW_INCLUDE, section=0x7ffca42195c8, section_line=0x7ffca42195bc, section_ignored=0x7ffca42195bb, l=0x55fa98a639e0 "ExecStart", userdata=0x55fa98a474f0) at ../src/shared/conf-parser.c:260
#7 0x00007f61c525bb0d in config_parse (unit=0x55fa98a1fda0 "dbus.service", filename=0x55fa98a31cd0 "/usr/lib/systemd/user/dbus.service", f=0x55fa989ff5c0, sections=0x55fa97bc7771 "Unit", lookup=0x7f61c5257d40 <config_item_perf_lookup>, table=0x55fa97b7e0a0 <load_fragment_gperf_lookup>, flags=CONFIG_PARSE_ALLOW_INCLUDE, userdata=0x55fa98a474f0) at ../src/shared/conf-parser.c:381
#8 0x000055fa97b8ffa9 in load_from_path (u=0x55fa98a474f0, path=0x55fa98a1fda0 "dbus.service") at ../src/core/load-fragment.c:4879
#9 0x000055fa97b99605 in unit_load_fragment (u=0x55fa98a474f0) at ../src/core/load-fragment.c:4916
#10 0x000055fa97b2de32 in service_load.lto_priv.38 (u=) at ../src/core/service.c:767
#11 0x000055fa97b91ef4 in unit_load (u=0x55fa98a474f0) at ../src/core/unit.c:1563
#12 manager_dispatch_load_queue (m=) at ../src/core/manager.c:1961
#13 0x000055fa97b92718 in manager_load_unit (m=, name=, path=, e=, _ret=) at ../src/core/manager.c:2057
#14 0x000055fa97b94fb3 in manager_load_unit_from_dbus_path (m=0x55fa989fd290, s=, e=0x0, _u=0x7ffca4219918) at ../src/core/manager.c:3008
#15 0x000055fa97b3b622 in mac_selinux_filter (message=0x55fa98a47180, userdata=0x55fa989fd290, error=0x7ffca4219980) at ../src/core/dbus.c:272
#16 0x00007f61c52c7bc3 in process_filter (bus=bus@entry=0x55fa98a28a40, m=m@entry=0x55fa98a47180) at ../src/libsystemd/sd-bus/sd-bus.c:2616
#17 0x00007f61c52cc6ec in process_message (m=0x55fa98a47180, bus=0x55fa98a28a40) at ../src/libsystemd/sd-bus/sd-bus.c:2752
#18 process_running (ret=0x0, priority=0, hint_priority=false, bus=0x55fa98a28a40) at ../src/libsystemd/sd-bus/sd-bus.c:2806
#19 bus_process_internal (bus=bus@entry=0x55fa98a28a40, hint_priority=hint_priority@entry=false, priority=priority@entry=0, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3026
#20 0x00007f61c52ccadc in sd_bus_process (bus=bus@entry=0x55fa98a28a40, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3053
#21 0x00007f61c52ccaf8 in io_callback.lto_priv.75 (s=, fd=, revents=, userdata=) at ../src/libsystemd/sd-bus/sd-bus.c:3405
#22 0x00007f61c51aa3d9 in source_dispatch (s=s@entry=0x55fa989fe810) at ../src/libsystemd/sd-event/sd-event.c:2929
#23 0x00007f61c51aa6cf in sd_event_dispatch (e=, e@entry=0x55fa989fde20) at ../src/libsystemd/sd-event/sd-event.c:3395
#24 0x00007f61c51aa919 in sd_event_run (e=, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3453
#25 0x000055fa97b0a199 in manager_loop (m=0x55fa989fd290) at ../src/core/manager.c:2962
#26 invoke_main_loop (m=0x55fa989fd290, saved_rlimit_nofile=, saved_rlimit_memlock=, ret_reexecute=, ret_retval=, ret_shutdown_verb=, ret_fds=, ret_switch_root_dir=, ret_switch_root_init=, ret_error_message=) at ../src/core/main.c:1734
#27 0x000055fa97af9eec in main (argc=2, argv=0x7ffca421a0b8) at ../src/core/main.c:2683

[poettering]

another idea: use GREEDY_REALLOC0() instead of GREEDY_REALLOC()

[JetXujing]

another idea: use GREEDY_REALLOC0() instead of GREEDY_REALLOC()

I didn't notice it，I‘m using GREEDY_REALLOC0() now

[yuwata]

Yeah, GREEDY_REALLOC0() is also OK. LGTM.

[JetXujing]

@poettering ptal