YARN-8538. Fixed memory leaks in container-executor and test cases.

            Contributed by Billie Rinaldi

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/configuration.c

@@ -58,6 +58,7 @@ void free_section(struct section *section) {
     section->name = NULL;
   }
   section->size = 0;
+  free(section);
 }
 
 //clean up method for freeing configuration
@@ -466,6 +467,7 @@ static void merge_sections(struct section *section1, struct section *section2, c
   section1->size += section2->size;
   if (free_second_section) {
     free(section2->name);
+    free(section2->kv_pairs);
     memset(section2, 0, sizeof(*section2));
     free(section2);
   }
@@ -708,6 +710,7 @@ char *get_config_path(const char *argv0) {
 
   const char *orig_conf_file = HADOOP_CONF_DIR "/" CONF_FILENAME;
   char *conf_file = resolve_config_path(orig_conf_file, executable_file);
+  free(executable_file);
   if (conf_file == NULL) {
     fprintf(ERRORFILE, "Configuration file %s not found.\n", orig_conf_file);
   }

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c

@@ -128,11 +128,13 @@ static void flush_and_close_log_files() {
     LOGFILE = NULL;
   }
 
-if (ERRORFILE != NULL) {
+  if (ERRORFILE != NULL) {
     fflush(ERRORFILE);
     fclose(ERRORFILE);
     ERRORFILE = NULL;
   }
+
+  free_executor_configurations();
 }
 
 /** Validates the current container-executor setup. Causes program exit

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/modules/cgroups/cgroups-operations.c

@@ -83,6 +83,8 @@ char* get_cgroups_path_to_write(
   }
 
 cleanup:
+  free((void *) cgroups_root);
+  free((void *) yarn_hierarchy_name);
   if (failed) {
     if (buffer) {
       free(buffer);

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c

@@ -143,9 +143,9 @@ int check_trusted_image(const struct configuration *command_config, const struct
     fprintf(ERRORFILE, "image: %s is not trusted.\n", image_name);
     ret = INVALID_DOCKER_IMAGE_TRUST;
   }
-  free(image_name);
 
 free_and_exit:
+  free(image_name);
   free_values(privileged_registry);
   return ret;
 }
@@ -195,7 +195,8 @@ static int add_param_to_command_if_allowed(const struct configuration *command_c
     if (strcmp(key, "net") != 0) {
       if (check_trusted_image(command_config, executor_cfg) != 0) {
         fprintf(ERRORFILE, "Disable %s for untrusted image\n", key);
-        return INVALID_DOCKER_IMAGE_TRUST;
+        ret = INVALID_DOCKER_IMAGE_TRUST;
+        goto free_and_exit;
       }
     }
 
@@ -225,13 +226,13 @@ static int add_param_to_command_if_allowed(const struct configuration *command_c
               dst = strndup(values[i], tmp_ptr - values[i]);
               pattern = strdup(permitted_values[j] + 6);
               ret = execute_regex_match(pattern, dst);
+              free(dst);
+              free(pattern);
             } else {
               ret = strncmp(values[i], permitted_values[j], tmp_ptr - values[i]);
             }
           }
           if (ret == 0) {
-            free(dst);
-            free(pattern);
             permitted = 1;
             break;
           }
@@ -259,7 +260,7 @@ static int add_param_to_command_if_allowed(const struct configuration *command_c
     }
   }
 
-  free_and_exit:
+free_and_exit:
   free_values(values);
   free_values(permitted_values);
   return ret;
@@ -379,6 +380,7 @@ int get_docker_command(const char *command_file, const struct configuration *con
 
   ret = read_config(command_file, &command_config);
   if (ret != 0) {
+    free_configuration(&command_config);
     return INVALID_COMMAND_FILE;
   }
 
@@ -392,36 +394,41 @@ int get_docker_command(const char *command_file, const struct configuration *con
   ret = add_to_args(args, docker);
   free(docker);
   if (ret != 0) {
+    free_configuration(&command_config);
     return BUFFER_TOO_SMALL;
   }
 
   ret = add_docker_config_param(&command_config, args);
   if (ret != 0) {
+    free_configuration(&command_config);
     return BUFFER_TOO_SMALL;
   }
 
   char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, &command_config);
+  free_configuration(&command_config);
   if (strcmp(DOCKER_INSPECT_COMMAND, command) == 0) {
-    return get_docker_inspect_command(command_file, conf, args);
+    ret = get_docker_inspect_command(command_file, conf, args);
   } else if (strcmp(DOCKER_KILL_COMMAND, command) == 0) {
-    return get_docker_kill_command(command_file, conf, args);
+    ret = get_docker_kill_command(command_file, conf, args);
   } else if (strcmp(DOCKER_LOAD_COMMAND, command) == 0) {
-    return get_docker_load_command(command_file, conf, args);
+    ret = get_docker_load_command(command_file, conf, args);
   } else if (strcmp(DOCKER_PULL_COMMAND, command) == 0) {
-    return get_docker_pull_command(command_file, conf, args);
+    ret = get_docker_pull_command(command_file, conf, args);
   } else if (strcmp(DOCKER_RM_COMMAND, command) == 0) {
-    return get_docker_rm_command(command_file, conf, args);
+    ret = get_docker_rm_command(command_file, conf, args);
   } else if (strcmp(DOCKER_RUN_COMMAND, command) == 0) {
-    return get_docker_run_command(command_file, conf, args);
+    ret = get_docker_run_command(command_file, conf, args);
   } else if (strcmp(DOCKER_STOP_COMMAND, command) == 0) {
-    return get_docker_stop_command(command_file, conf, args);
+    ret = get_docker_stop_command(command_file, conf, args);
   } else if (strcmp(DOCKER_VOLUME_COMMAND, command) == 0) {
-    return get_docker_volume_command(command_file, conf, args);
+    ret = get_docker_volume_command(command_file, conf, args);
   } else if (strcmp(DOCKER_START_COMMAND, command) == 0) {
-    return get_docker_start_command(command_file, conf, args);
+    ret = get_docker_start_command(command_file, conf, args);
   } else {
-    return UNKNOWN_DOCKER_COMMAND;
+    ret = UNKNOWN_DOCKER_COMMAND;
   }
+  free(command);
+  return ret;
 }
 
 // check if a key is permitted in the configuration
@@ -456,7 +463,7 @@ int get_docker_volume_command(const char *command_file, const struct configurati
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_VOLUME_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto cleanup;
   }
   sub_command = get_configuration_value("sub-command", DOCKER_COMMAND_FILE_SECTION, &command_config);
 
@@ -533,6 +540,7 @@ int get_docker_volume_command(const char *command_file, const struct configurati
   }
 
 cleanup:
+  free_configuration(&command_config);
   free(driver);
   free(volume_name);
   free(sub_command);
@@ -548,18 +556,19 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_INSPECT_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_and_exit;
   }
 
   container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (container_name == NULL || validate_container_name(container_name) != 0) {
-    return INVALID_DOCKER_CONTAINER_NAME;
+    ret = INVALID_DOCKER_CONTAINER_NAME;
+    goto free_and_exit;
   }
 
   format = get_configuration_value("format", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (format == NULL) {
-    free(container_name);
-    return INVALID_DOCKER_INSPECT_FORMAT;
+    ret = INVALID_DOCKER_INSPECT_FORMAT;
+    goto free_and_exit;
   }
   for (i = 0; i < 2; ++i) {
     if (strcmp(format, valid_format_strings[i]) == 0) {
@@ -569,9 +578,8 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
   }
   if (valid_format != 1) {
     fprintf(ERRORFILE, "Invalid format option '%s' not permitted\n", format);
-    free(container_name);
-    free(format);
-    return INVALID_DOCKER_INSPECT_FORMAT;
+    ret = INVALID_DOCKER_INSPECT_FORMAT;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, DOCKER_INSPECT_COMMAND);
@@ -588,14 +596,12 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
   if (ret != 0) {
     goto free_and_exit;
   }
-  free(format);
-  free(container_name);
-  return 0;
 
-  free_and_exit:
+free_and_exit:
+  free_configuration(&command_config);
   free(format);
   free(container_name);
-  return BUFFER_TOO_SMALL;
+  return ret;
 }
 
 int get_docker_load_command(const char *command_file, const struct configuration *conf, args *args) {
@@ -604,12 +610,13 @@ int get_docker_load_command(const char *command_file, const struct configuration
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_LOAD_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_and_exit;
   }
 
   image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (image_name == NULL) {
-    return INVALID_DOCKER_IMAGE_NAME;
+    ret = INVALID_DOCKER_IMAGE_NAME;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, DOCKER_LOAD_COMMAND);
@@ -617,14 +624,14 @@ int get_docker_load_command(const char *command_file, const struct configuration
     char *tmp_buffer = make_string("--i=%s", image_name);
     ret = add_to_args(args, tmp_buffer);
     free(tmp_buffer);
-    free(image_name);
     if (ret != 0) {
-      return BUFFER_TOO_SMALL;
+      ret = BUFFER_TOO_SMALL;
     }
-    return 0;
   }
+free_and_exit:
   free(image_name);
-  return BUFFER_TOO_SMALL;
+  free_configuration(&command_config);
+  return ret;
 }
 
 static int validate_docker_image_name(const char *image_name) {
@@ -638,26 +645,23 @@ int get_docker_pull_command(const char *command_file, const struct configuration
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_PULL_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_pull;
   }
 
   image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (image_name == NULL || validate_docker_image_name(image_name) != 0) {
-    return INVALID_DOCKER_IMAGE_NAME;
+    ret = INVALID_DOCKER_IMAGE_NAME;
+    goto free_pull;
   }
 
   ret = add_to_args(args, DOCKER_PULL_COMMAND);
   if (ret == 0) {
     ret = add_to_args(args, image_name);
-    free(image_name);
-    if (ret != 0) {
-      goto free_pull;
-    }
-    return 0;
   }
-  free_pull:
+free_pull:
   free(image_name);
-  return BUFFER_TOO_SMALL;
+  free_configuration(&command_config);
+  return ret;
 }
 
 int get_docker_rm_command(const char *command_file, const struct configuration *conf, args *args) {
@@ -666,25 +670,26 @@ int get_docker_rm_command(const char *command_file, const struct configuration *
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_RM_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_and_exit;
   }
 
   container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (container_name == NULL || validate_container_name(container_name) != 0) {
-    return INVALID_DOCKER_CONTAINER_NAME;
+    ret = INVALID_DOCKER_CONTAINER_NAME;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, DOCKER_RM_COMMAND);
   if (ret == 0) {
     ret = add_to_args(args, container_name);
-    free(container_name);
     if (ret != 0) {
-      return BUFFER_TOO_SMALL;
+      ret = BUFFER_TOO_SMALL;
     }
-    return 0;
   }
+free_and_exit:
   free(container_name);
-  return BUFFER_TOO_SMALL;
+  free_configuration(&command_config);
+  return ret;
 }
 
 int get_docker_stop_command(const char *command_file, const struct configuration *conf,
@@ -696,12 +701,13 @@ int get_docker_stop_command(const char *command_file, const struct configuration
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_STOP_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_and_exit;
   }
 
   container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (container_name == NULL || validate_container_name(container_name) != 0) {
-    return INVALID_DOCKER_CONTAINER_NAME;
+    ret = INVALID_DOCKER_CONTAINER_NAME;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, DOCKER_STOP_COMMAND);
@@ -726,7 +732,9 @@ int get_docker_stop_command(const char *command_file, const struct configuration
     ret = add_to_args(args, container_name);
   }
 free_and_exit:
+  free(value);
   free(container_name);
+  free_configuration(&command_config);
   return ret;
 }
 
@@ -739,12 +747,13 @@ int get_docker_kill_command(const char *command_file, const struct configuration
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_KILL_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_and_exit;
   }
 
   container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (container_name == NULL || validate_container_name(container_name) != 0) {
-    return INVALID_DOCKER_CONTAINER_NAME;
+    ret = INVALID_DOCKER_CONTAINER_NAME;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, DOCKER_KILL_COMMAND);
@@ -770,7 +779,9 @@ int get_docker_kill_command(const char *command_file, const struct configuration
     ret = add_to_args(args, container_name);
   }
 free_and_exit:
+  free(value);
   free(container_name);
+  free_configuration(&command_config);
   return ret;
 }
 
@@ -780,12 +791,13 @@ int get_docker_start_command(const char *command_file, const struct configuratio
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_START_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_and_exit;
   }
 
   container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (container_name == NULL || validate_container_name(container_name) != 0) {
-    return INVALID_DOCKER_CONTAINER_NAME;
+    ret = INVALID_DOCKER_CONTAINER_NAME;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, DOCKER_START_COMMAND);
@@ -795,6 +807,7 @@ int get_docker_start_command(const char *command_file, const struct configuratio
   ret = add_to_args(args, container_name);
 free_and_exit:
   free(container_name);
+  free_configuration(&command_config);
   return ret;
 }
 
@@ -1092,7 +1105,9 @@ static int add_mounts(const struct configuration *command_config, const struct c
   char **permitted_rw_mounts = get_configuration_values_delimiter("docker.allowed.rw-mounts",
                                                                   CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf, ",");
   char **values = get_configuration_values_delimiter(key, DOCKER_COMMAND_FILE_SECTION, command_config, ",");
-  const char *container_executor_cfg_path = normalize_mount(get_config_path(""), 0);
+  char *config_path = get_config_path("");
+  const char *container_executor_cfg_path = normalize_mount(config_path, 0);
+  free(config_path);
   int i = 0, permitted_rw = 0, permitted_ro = 0, ret = 0;
   if (ro != 0) {
     ro_suffix = ":ro";
@@ -1172,6 +1187,8 @@ static int add_mounts(const struct configuration *command_config, const struct c
         ret = BUFFER_TOO_SMALL;
         goto free_and_exit;
       }
+      free(mount_src);
+      mount_src = NULL;
     }
   }
 
@@ -1312,7 +1329,7 @@ static int set_privileged(const struct configuration *command_config, const stru
     }
   }
 
-  free_and_exit:
+free_and_exit:
   free(value);
   free(privileged_container_enabled);
   free(user);
@@ -1325,42 +1342,41 @@ int get_docker_run_command(const char *command_file, const struct configuration
   char *tmp_buffer = NULL;
   char **launch_command = NULL;
   char *privileged = NULL;
+  char *no_new_privileges_enabled = NULL;
   struct configuration command_config = {0, NULL};
   ret = read_and_verify_command_file(command_file, DOCKER_RUN_COMMAND, &command_config);
   if (ret != 0) {
-    return ret;
+    goto free_and_exit;
   }
 
   container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (container_name == NULL || validate_container_name(container_name) != 0) {
-    if (container_name != NULL) {
-      free(container_name);
-    }
-    return INVALID_DOCKER_CONTAINER_NAME;
+    ret = INVALID_DOCKER_CONTAINER_NAME;
+    goto free_and_exit;
   }
   user = get_configuration_value("user", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (user == NULL) {
-    return INVALID_DOCKER_USER_NAME;
+    ret = INVALID_DOCKER_USER_NAME;
+    goto free_and_exit;
   }
   image = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config);
   if (image == NULL || validate_docker_image_name(image) != 0) {
-    if (image != NULL) {
-      free(image);
-    }
-    return INVALID_DOCKER_IMAGE_NAME;
+    ret = INVALID_DOCKER_IMAGE_NAME;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, DOCKER_RUN_COMMAND);
   if(ret != 0) {
-    reset_args(args);
-    return BUFFER_TOO_SMALL;
+    ret = BUFFER_TOO_SMALL;
+    goto free_and_exit;
   }
 
   tmp_buffer = make_string("--name=%s", container_name);
   ret = add_to_args(args, tmp_buffer);
+  free(tmp_buffer);
   if (ret != 0) {
-    reset_args(args);
-    return BUFFER_TOO_SMALL;
+    ret = BUFFER_TOO_SMALL;
+    goto free_and_exit;
   }
 
   privileged = get_configuration_value("privileged", DOCKER_COMMAND_FILE_SECTION, &command_config);
@@ -1370,111 +1386,95 @@ int get_docker_run_command(const char *command_file, const struct configuration
     ret = add_to_args(args, user_buffer);
     free(user_buffer);
     if (ret != 0) {
-      reset_args(args);
-      return BUFFER_TOO_SMALL;
+      ret = BUFFER_TOO_SMALL;
+      goto free_and_exit;
     }
-    char *no_new_privileges_enabled =
+    no_new_privileges_enabled =
         get_configuration_value("docker.no-new-privileges.enabled",
         CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf);
     if (no_new_privileges_enabled != NULL &&
         strcasecmp(no_new_privileges_enabled, "True") == 0) {
       ret = add_to_args(args, "--security-opt=no-new-privileges");
       if (ret != 0) {
-        reset_args(args);
-        return BUFFER_TOO_SMALL;
+        ret = BUFFER_TOO_SMALL;
+        goto free_and_exit;
       }
     }
-    free(no_new_privileges_enabled);
   }
-  free(privileged);
 
   ret = detach_container(&command_config, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = rm_container_on_exit(&command_config, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_container_workdir(&command_config, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_network(&command_config, conf, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_pid_namespace(&command_config, conf, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = add_ro_mounts(&command_config, conf, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = add_rw_mounts(&command_config, conf, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_cgroup_parent(&command_config, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_privileged(&command_config, conf, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_capabilities(&command_config, conf, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_hostname(&command_config, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_group_add(&command_config, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_devices(&command_config, conf, args);
   if (ret != 0) {
-    reset_args(args);
-    return ret;
+    goto free_and_exit;
   }
 
   ret = set_env(&command_config, args);
   if (ret != 0) {
-    return BUFFER_TOO_SMALL;
+    goto free_and_exit;
   }
 
   ret = add_to_args(args, image);
   if (ret != 0) {
-    reset_args(args);
-    return BUFFER_TOO_SMALL;
+    goto free_and_exit;
   }
 
   launch_command = get_configuration_values_delimiter("launch-command", DOCKER_COMMAND_FILE_SECTION, &command_config,
@@ -1483,13 +1483,21 @@ int get_docker_run_command(const char *command_file, const struct configuration
     for (i = 0; launch_command[i] != NULL; ++i) {
       ret = add_to_args(args, launch_command[i]);
       if (ret != 0) {
-        free_values(launch_command);
-        reset_args(args);
-        return BUFFER_TOO_SMALL;
+        ret = BUFFER_TOO_SMALL;
+        goto free_and_exit;
       }
     }
-    free_values(launch_command);
   }
-  free(tmp_buffer);
-  return 0;
+free_and_exit:
+  if (ret != 0) {
+    reset_args(args);
+  }
+  free(user);
+  free(image);
+  free(privileged);
+  free(no_new_privileges_enabled);
+  free(container_name);
+  free_values(launch_command);
+  free_configuration(&command_config);
+  return ret;
 }

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/modules/cgroups/test-cgroups-module.cc

@@ -73,6 +73,8 @@ TEST_F(TestCGroupsModule, test_cgroups_get_path_without_define_root) {
   char* path = get_cgroups_path_to_write("devices", "deny", "container_1");
 
   ASSERT_TRUE(NULL == path) << "Should fail.\n";
+
+  free_executor_configurations();
 }
 
 TEST_F(TestCGroupsModule, test_cgroups_get_path_without_define_yarn_hierarchy) {
@@ -92,6 +94,8 @@ TEST_F(TestCGroupsModule, test_cgroups_get_path_without_define_yarn_hierarchy) {
   char* path = get_cgroups_path_to_write("devices", "deny", "container_1");
 
   ASSERT_TRUE(NULL == path) << "Should fail.\n";
+
+  free_executor_configurations();
 }
 
 TEST_F(TestCGroupsModule, test_cgroups_get_path_succeeded) {
@@ -117,5 +121,9 @@ TEST_F(TestCGroupsModule, test_cgroups_get_path_succeeded) {
 
   ASSERT_STREQ(EXPECTED, path)
       << "Return cgroup-path-to-write is not expected\n";
+
+  free(path);
+
+  free_executor_configurations();
 }
 } // namespace ContainerExecutor

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/modules/fpga/test-fpga-module.cc

@@ -84,6 +84,13 @@ static int mock_update_cgroups_parameters(
   return 0;
 }
 
+static void clear_cgroups_parameters_invoked() {
+  for (std::vector<const char*>::size_type i = 0; i < cgroups_parameters_invoked.size(); i++) {
+    free((void *) cgroups_parameters_invoked[i]);
+  }
+  cgroups_parameters_invoked.clear();
+}
+
 static void verify_param_updated_to_cgroups(
     int argc, const char** argv) {
   ASSERT_EQ(argc, cgroups_parameters_invoked.size());
@@ -133,6 +140,9 @@ static void test_fpga_module_enabled_disabled(int enabled) {
     EXPECTED_RC = -1;
   }
   ASSERT_EQ(EXPECTED_RC, rc);
+
+  clear_cgroups_parameters_invoked();
+  free_executor_configurations();
 }
 
 TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
@@ -146,7 +156,7 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
                    container_id };
 
   /* Test case 1: block 2 devices */
-  cgroups_parameters_invoked.clear();
+  clear_cgroups_parameters_invoked();
   int rc = handle_fpga_request(&mock_update_cgroups_parameters,
      "fpga", 5, argv);
   ASSERT_EQ(0, rc) << "Should success.\n";
@@ -157,7 +167,7 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
   verify_param_updated_to_cgroups(8, expected_cgroups_argv);
 
   /* Test case 2: block 0 devices */
-  cgroups_parameters_invoked.clear();
+  clear_cgroups_parameters_invoked();
   char* argv_1[] = { (char*) "--module-fpga", (char*) "--container_id", container_id };
   rc = handle_fpga_request(&mock_update_cgroups_parameters,
      "fpga", 3, argv_1);
@@ -167,7 +177,7 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
   verify_param_updated_to_cgroups(0, NULL);
 
   /* Test case 3: block 2 non-sequential devices */
-  cgroups_parameters_invoked.clear();
+  clear_cgroups_parameters_invoked();
   char* argv_2[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "1,3",
                    (char*) "--container_id", container_id };
   rc = handle_fpga_request(&mock_update_cgroups_parameters,
@@ -178,6 +188,9 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
   const char* expected_cgroups_argv_2[] = { "devices", "deny", container_id, "c 246:1 rwm",
     "devices", "deny", container_id, "c 246:3 rwm"};
   verify_param_updated_to_cgroups(8, expected_cgroups_argv_2);
+
+  clear_cgroups_parameters_invoked();
+  free_executor_configurations();
 }
 
 TEST_F(TestFpgaModule, test_illegal_cli_parameters) {
@@ -193,6 +206,7 @@ TEST_F(TestFpgaModule, test_illegal_cli_parameters) {
   ASSERT_NE(0, rc) << "Should fail.\n";
 
   // Illegal container id - 2
+  clear_cgroups_parameters_invoked();
   char* argv_1[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "0,1",
                    (char*) "--container_id", (char*) "container_1" };
   rc = handle_fpga_request(&mock_update_cgroups_parameters,
@@ -200,10 +214,14 @@ TEST_F(TestFpgaModule, test_illegal_cli_parameters) {
   ASSERT_NE(0, rc) << "Should fail.\n";
 
   // Illegal container id - 3
+  clear_cgroups_parameters_invoked();
   char* argv_2[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "0,1" };
   rc = handle_fpga_request(&mock_update_cgroups_parameters,
      "fpga", 3, argv_2);
   ASSERT_NE(0, rc) << "Should fail.\n";
+
+  clear_cgroups_parameters_invoked();
+  free_executor_configurations();
 }
 
 TEST_F(TestFpgaModule, test_fpga_module_disabled) {

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/modules/gpu/test-gpu-module.cc

@@ -84,6 +84,13 @@ static int mock_update_cgroups_parameters(
   return 0;
 }
 
+static void clear_cgroups_parameters_invoked() {
+  for (std::vector<const char*>::size_type i = 0; i < cgroups_parameters_invoked.size(); i++) {
+    free((void *) cgroups_parameters_invoked[i]);
+  }
+  cgroups_parameters_invoked.clear();
+}
+
 static void verify_param_updated_to_cgroups(
     int argc, const char** argv) {
   ASSERT_EQ(argc, cgroups_parameters_invoked.size());
@@ -133,6 +140,9 @@ static void test_gpu_module_enabled_disabled(int enabled) {
     EXPECTED_RC = -1;
   }
   ASSERT_EQ(EXPECTED_RC, rc);
+
+  clear_cgroups_parameters_invoked();
+  free_executor_configurations();
 }
 
 TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
@@ -146,7 +156,7 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
                    container_id };
 
   /* Test case 1: block 2 devices */
-  cgroups_parameters_invoked.clear();
+  clear_cgroups_parameters_invoked();
   int rc = handle_gpu_request(&mock_update_cgroups_parameters,
      "gpu", 5, argv);
   ASSERT_EQ(0, rc) << "Should success.\n";
@@ -157,7 +167,7 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
   verify_param_updated_to_cgroups(8, expected_cgroups_argv);
 
   /* Test case 2: block 0 devices */
-  cgroups_parameters_invoked.clear();
+  clear_cgroups_parameters_invoked();
   char* argv_1[] = { (char*) "--module-gpu", (char*) "--container_id", container_id };
   rc = handle_gpu_request(&mock_update_cgroups_parameters,
      "gpu", 3, argv_1);
@@ -167,7 +177,7 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
   verify_param_updated_to_cgroups(0, NULL);
 
   /* Test case 3: block 2 non-sequential devices */
-  cgroups_parameters_invoked.clear();
+  clear_cgroups_parameters_invoked();
   char* argv_2[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "1,3",
                    (char*) "--container_id", container_id };
   rc = handle_gpu_request(&mock_update_cgroups_parameters,
@@ -178,6 +188,9 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
   const char* expected_cgroups_argv_2[] = { "devices", "deny", container_id, "c 195:1 rwm",
     "devices", "deny", container_id, "c 195:3 rwm"};
   verify_param_updated_to_cgroups(8, expected_cgroups_argv_2);
+
+  clear_cgroups_parameters_invoked();
+  free_executor_configurations();
 }
 
 TEST_F(TestGpuModule, test_illegal_cli_parameters) {
@@ -193,6 +206,7 @@ TEST_F(TestGpuModule, test_illegal_cli_parameters) {
   ASSERT_NE(0, rc) << "Should fail.\n";
 
   // Illegal container id - 2
+  clear_cgroups_parameters_invoked();
   char* argv_1[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "0,1",
                    (char*) "--container_id", (char*) "container_1" };
   rc = handle_gpu_request(&mock_update_cgroups_parameters,
@@ -200,10 +214,14 @@ TEST_F(TestGpuModule, test_illegal_cli_parameters) {
   ASSERT_NE(0, rc) << "Should fail.\n";
 
   // Illegal container id - 3
+  clear_cgroups_parameters_invoked();
   char* argv_2[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "0,1" };
   rc = handle_gpu_request(&mock_update_cgroups_parameters,
      "gpu", 3, argv_2);
   ASSERT_NE(0, rc) << "Should fail.\n";
+
+  clear_cgroups_parameters_invoked();
+  free_executor_configurations();
 }
 
 TEST_F(TestGpuModule, test_gpu_module_disabled) {

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test_configuration.cc

@@ -51,6 +51,7 @@ namespace ContainerExecutor {
     virtual void TearDown() {
       free_configuration(&new_config_format);
       free_configuration(&old_config_format);
+      free_configuration(&mixed_config_format);
       return;
     }
 
@@ -84,12 +85,12 @@ namespace ContainerExecutor {
     ASSERT_STREQ("/var/run/yarn", split_values[0]);
     ASSERT_STREQ("/tmp/mydir", split_values[1]);
     ASSERT_EQ(NULL, split_values[2]);
-    free(split_values);
+    free_values(split_values);
     split_values = get_configuration_values_delimiter("allowed.system.users",
                       "", &old_config_format, "%");
     ASSERT_STREQ("nobody,daemon", split_values[0]);
     ASSERT_EQ(NULL, split_values[1]);
-    free(split_values);
+    free_values(split_values);
   }
 
   TEST_F(TestConfiguration, test_get_configuration_values) {
@@ -105,13 +106,13 @@ namespace ContainerExecutor {
     split_values = get_configuration_values("yarn.local.dirs", "", &old_config_format);
     ASSERT_STREQ("/var/run/yarn%/tmp/mydir", split_values[0]);
     ASSERT_EQ(NULL, split_values[1]);
-    free(split_values);
+    free_values(split_values);
     split_values = get_configuration_values("allowed.system.users", "",
                       &old_config_format);
     ASSERT_STREQ("nobody", split_values[0]);
     ASSERT_STREQ("daemon", split_values[1]);
     ASSERT_EQ(NULL, split_values[2]);
-    free(split_values);
+    free_values(split_values);
   }
 
   TEST_F(TestConfiguration, test_get_configuration_value) {
@@ -149,21 +150,28 @@ namespace ContainerExecutor {
     char *value = NULL;
     value = get_section_value("yarn.nodemanager.linux-container-executor.group", executor_cfg);
     ASSERT_STREQ("yarn", value);
+    free(value);
     value = get_section_value("feature.docker.enabled", executor_cfg);
     ASSERT_STREQ("1", value);
+    free(value);
     value = get_section_value("feature.tc.enabled", executor_cfg);
     ASSERT_STREQ("0", value);
+    free(value);
     value = get_section_value("min.user.id", executor_cfg);
     ASSERT_STREQ("1000", value);
+    free(value);
     value = get_section_value("docker.binary", executor_cfg);
     ASSERT_STREQ("/usr/bin/docker", value);
+    free(value);
     char **list = get_section_values("allowed.system.users", executor_cfg);
     ASSERT_STREQ("nobody", list[0]);
     ASSERT_STREQ("daemon", list[1]);
+    free_values(list);
     list = get_section_values("banned.users", executor_cfg);
     ASSERT_STREQ("root", list[0]);
     ASSERT_STREQ("testuser1", list[1]);
     ASSERT_STREQ("testuser2", list[2]);
+    free_values(list);
   }
 
   TEST_F(TestConfiguration, test_get_section_values_delimiter) {
@@ -176,12 +184,16 @@ namespace ContainerExecutor {
     free(value);
     value = get_section_value("key2", section);
     ASSERT_EQ(NULL, value);
+    free(value);
     split_values = get_section_values_delimiter(NULL, section, "%");
     ASSERT_EQ(NULL, split_values);
+    free_values(split_values);
     split_values = get_section_values_delimiter("split-key", NULL, "%");
     ASSERT_EQ(NULL, split_values);
+    free_values(split_values);
     split_values = get_section_values_delimiter("split-key", section, NULL);
     ASSERT_EQ(NULL, split_values);
+    free_values(split_values);
     split_values = get_section_values_delimiter("split-key", section, "%");
     ASSERT_FALSE(split_values == NULL);
     ASSERT_STREQ("val1,val2,val3", split_values[0]);
@@ -192,6 +204,7 @@ namespace ContainerExecutor {
     ASSERT_STREQ("perc-val1", split_values[0]);
     ASSERT_STREQ("perc-val2", split_values[1]);
     ASSERT_TRUE(split_values[2] == NULL);
+    free_values(split_values);
   }
 
   TEST_F(TestConfiguration, test_get_section_values) {
@@ -201,13 +214,16 @@ namespace ContainerExecutor {
     section = get_configuration_section("section-1", &new_config_format);
     value = get_section_value(NULL, section);
     ASSERT_EQ(NULL, value);
+    free(value);
     value = get_section_value("key1", NULL);
     ASSERT_EQ(NULL, value);
+    free(value);
     value = get_section_value("key1", section);
     ASSERT_STREQ("value1", value);
     free(value);
     value = get_section_value("key2", section);
     ASSERT_EQ(NULL, value);
+    free(value);
     split_values = get_section_values("split-key", section);
     ASSERT_FALSE(split_values == NULL);
     ASSERT_STREQ("val1", split_values[0]);
@@ -235,14 +251,16 @@ namespace ContainerExecutor {
     section = get_configuration_section("split-section", &new_config_format);
     value = get_section_value(NULL, section);
     ASSERT_EQ(NULL, value);
+    free(value);
     value = get_section_value("key3", NULL);
     ASSERT_EQ(NULL, value);
+    free(value);
     value = get_section_value("key3", section);
     ASSERT_STREQ("value3", value);
     free(value);
     value = get_section_value("key4", section);
     ASSERT_STREQ("value4", value);
-
+    free(value);
   }
 
   TEST_F(TestConfiguration, test_get_configuration_section) {
@@ -343,6 +361,7 @@ namespace ContainerExecutor {
       oss.str("");
       oss << "value" << i;
       ASSERT_STREQ(oss.str().c_str(), value);
+      free((void *) value);
     }
     remove(sample_file_name.c_str());
     free_configuration(&cfg);
@@ -372,6 +391,7 @@ namespace ContainerExecutor {
       oss.str("");
       oss << "value" << i;
       ASSERT_STREQ(oss.str().c_str(), value);
+      free((void *) value);
     }
     remove(sample_file_name.c_str());
     free_configuration(&cfg);
@@ -415,18 +435,22 @@ namespace ContainerExecutor {
     char *value = NULL;
     value = get_section_value("key1", executor_cfg);
     ASSERT_STREQ("value1", value);
+    free(value);
     value = get_section_value("key2", executor_cfg);
     ASSERT_STREQ("value2", value);
     ASSERT_EQ(2, executor_cfg->size);
+    free(value);
     executor_cfg = get_configuration_section("section-1",
                                              &mixed_config_format);
     value = get_section_value("key3", executor_cfg);
     ASSERT_STREQ("value3", value);
+    free(value);
     value = get_section_value("key1", executor_cfg);
     ASSERT_STREQ("value4", value);
     ASSERT_EQ(2, executor_cfg->size);
     ASSERT_EQ(2, mixed_config_format.size);
     ASSERT_STREQ("", mixed_config_format.sections[0]->name);
     ASSERT_STREQ("section-1", mixed_config_format.sections[1]->name);
+    free(value);
   }
 }

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test_util.cc

@@ -51,6 +51,7 @@ namespace ContainerExecutor {
       ASSERT_STREQ(oss.str().c_str(), splits[i-1]);
     }
     ASSERT_EQ(NULL, splits[count]);
+    free(split_string);
     free_values(splits);
 
     split_string = (char *) calloc(str.length() + 1, sizeof(char));
@@ -59,6 +60,7 @@ namespace ContainerExecutor {
     ASSERT_TRUE(splits != NULL);
     ASSERT_TRUE(splits[1] == NULL);
     ASSERT_STREQ(str.c_str(), splits[0]);
+    free(split_string);
     free_values(splits);
 
     splits = split_delimiter(NULL, ",");
@@ -82,6 +84,7 @@ namespace ContainerExecutor {
       ASSERT_STREQ(oss.str().c_str(), splits[i-1]);
     }
     ASSERT_EQ(NULL, splits[count]);
+    free(split_string);
     free_values(splits);
 
     str = "1,2,3,4,5,6,7,8,9,10,11";
@@ -91,6 +94,8 @@ namespace ContainerExecutor {
     ASSERT_TRUE(splits != NULL);
     ASSERT_TRUE(splits[1] == NULL);
     ASSERT_STREQ(str.c_str(), splits[0]);
+    free(split_string);
+    free_values(splits);
     return;
   }
 

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test-string-utils.cc

@@ -59,6 +59,7 @@
    ASSERT_EQ(1, numbers[0]);
    ASSERT_EQ(-1, numbers[3]);
    ASSERT_EQ(0, numbers[5]);
+   free(numbers);
 
    input = "3";
    rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
@@ -66,28 +67,33 @@
    ASSERT_EQ(0, rc) << "Should succeeded\n";
    ASSERT_EQ(1, n_numbers);
    ASSERT_EQ(3, numbers[0]);
+   free(numbers);
 
    input = "";
    rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
    std::cout << "Testing input=" << input << "\n";
    ASSERT_EQ(0, rc) << "Should succeeded\n";
    ASSERT_EQ(0, n_numbers);
+   free(numbers);
 
    input = ",,";
    rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
    std::cout << "Testing input=" << input << "\n";
    ASSERT_EQ(0, rc) << "Should succeeded\n";
    ASSERT_EQ(0, n_numbers);
+   free(numbers);
 
    input = "1,2,aa,bb";
    rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
    std::cout << "Testing input=" << input << "\n";
    ASSERT_TRUE(0 != rc) << "Should failed\n";
+   free(numbers);
 
    input = "1,2,3,-12312312312312312312321311231231231";
    rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
    std::cout << "Testing input=" << input << "\n";
    ASSERT_TRUE(0 != rc) << "Should failed\n";
+   free(numbers);
  }
 
    TEST_F(TestStringUtils, test_validate_container_id) {

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc

@@ -119,23 +119,22 @@ namespace ContainerExecutor {
       struct args tmp = ARGS_INITIAL_VALUE;
       std::vector<std::pair<std::string, std::string> >::const_iterator itr;
       for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-        reset_args(&tmp);
         write_command_file(itr->first);
         int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp);
         ASSERT_EQ(0, ret) << "error message: " << get_docker_error_message(ret) << " for input " << itr->first;
         char *actual = flatten(&tmp);
         ASSERT_STREQ(itr->second.c_str(), actual);
+        reset_args(&tmp);
         free(actual);
       }
 
       std::vector<std::pair<std::string, int> >::const_iterator itr2;
       for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
-        reset_args(&tmp);
         write_command_file(itr2->first);
         int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp);
         ASSERT_EQ(itr2->second, ret) << " for " << itr2->first << std::endl;
+        reset_args(&tmp);
       }
-      reset_args(&tmp);
       int ret = (*docker_func)("unknown-file", &container_executor_cfg, &tmp);
       ASSERT_EQ(static_cast<int>(INVALID_COMMAND_FILE), ret);
       reset_args(&tmp);
@@ -147,7 +146,6 @@ namespace ContainerExecutor {
       for(itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
         struct configuration cfg;
         struct args buff = ARGS_INITIAL_VALUE;
-        reset_args(&buff);
         write_command_file(itr->first);
         int ret = read_config(docker_command_file.c_str(), &cfg);
         if(ret == 0) {
@@ -155,7 +153,9 @@ namespace ContainerExecutor {
           char *actual = flatten(&buff);
           ASSERT_EQ(0, ret);
           ASSERT_STREQ(itr->second.c_str(), actual);
+          reset_args(&buff);
           free(actual);
+          free_configuration(&cfg);
         }
       }
     }
@@ -445,7 +445,6 @@ namespace ContainerExecutor {
   TEST_F(TestDockerUtil, test_set_network) {
     struct configuration container_cfg;
     struct args buff = ARGS_INITIAL_VALUE;
-    reset_args(&buff);
     int ret = 0;
     std::string container_executor_cfg_contents = "[docker]\n  docker.allowed.networks=sdn1,bridge";
     std::vector<std::pair<std::string, std::string> > file_cmd_vec;
@@ -464,7 +463,6 @@ namespace ContainerExecutor {
     }
     for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
       struct configuration cmd_cfg;
-      reset_args(&buff);
       write_command_file(itr->first);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
@@ -474,7 +472,9 @@ namespace ContainerExecutor {
       char *actual = flatten(&buff);
       ASSERT_EQ(0, ret);
       ASSERT_STREQ(itr->second.c_str(), actual);
+      reset_args(&buff);
       free(actual);
+      free_configuration(&cmd_cfg);
     }
     struct configuration cmd_cfg_1;
     write_command_file("[docker-command-execution]\n  docker-command=run\n  net=sdn2");
@@ -482,10 +482,11 @@ namespace ContainerExecutor {
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_network(&cmd_cfg_1, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_NETWORK, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&container_cfg);
 
     container_executor_cfg_contents = "[docker]\n";
     write_container_executor_cfg(container_executor_cfg_contents);
@@ -493,10 +494,12 @@ namespace ContainerExecutor {
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_network(&cmd_cfg_1, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_NETWORK, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg_1);
+    free_configuration(&container_cfg);
   }
 
   TEST_F(TestDockerUtil, test_set_pid_namespace) {
@@ -529,7 +532,6 @@ namespace ContainerExecutor {
         FAIL();
       }
       for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-        reset_args(&buff);
         write_command_file(itr->first);
         ret = read_config(docker_command_file.c_str(), &cmd_cfg);
         if (ret != 0) {
@@ -539,10 +541,11 @@ namespace ContainerExecutor {
         char *actual = flatten(&buff);
         ASSERT_EQ(0, ret);
         ASSERT_STREQ(itr->second.c_str(), actual);
+        reset_args(&buff);
         free(actual);
+        free_configuration(&cmd_cfg);
       }
       for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
-        reset_args(&buff);
         write_command_file(itr2->first);
         ret = read_config(docker_command_file.c_str(), &cmd_cfg);
         if (ret != 0) {
@@ -551,7 +554,10 @@ namespace ContainerExecutor {
         ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
         ASSERT_EQ(itr2->second, ret);
         ASSERT_EQ(0, buff.length);
+        reset_args(&buff);
+        free_configuration(&cmd_cfg);
       }
+      free_configuration(&container_cfg);
     }
 
     // check default case and when it's turned off
@@ -575,6 +581,7 @@ namespace ContainerExecutor {
         ASSERT_EQ(0, ret);
         ASSERT_STREQ(itr->second.c_str(), actual);
         free(actual);
+        free_configuration(&cmd_cfg);
       }
       bad_file_cmd_vec.clear();
       bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -584,7 +591,6 @@ namespace ContainerExecutor {
         "[docker-command-execution]\n  docker-command=run\n pid=host",
         static_cast<int>(PID_HOST_DISABLED)));
       for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
-        reset_args(&buff);
         write_command_file(itr2->first);
         ret = read_config(docker_command_file.c_str(), &cmd_cfg);
         if (ret != 0) {
@@ -593,7 +599,10 @@ namespace ContainerExecutor {
         ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
         ASSERT_EQ(itr2->second, ret);
         ASSERT_EQ(0, buff.length);
+        reset_args(&buff);
+        free_configuration(&cmd_cfg);
       }
+      free_configuration(&container_cfg);
     }
   }
 
@@ -633,6 +642,7 @@ namespace ContainerExecutor {
     for (int i = 0; i < entries; ++i) {
       ASSERT_STREQ(expected[i], ptr[i]);
     }
+    free_values(ptr);
   }
 
   TEST_F(TestDockerUtil, test_set_privileged) {
@@ -665,7 +675,6 @@ namespace ContainerExecutor {
         FAIL();
       }
       for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-        reset_args(&buff);
         write_command_file(itr->first);
         ret = read_config(docker_command_file.c_str(), &cmd_cfg);
         if (ret != 0) {
@@ -674,19 +683,22 @@ namespace ContainerExecutor {
         ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
         ASSERT_EQ(6, ret);
         ASSERT_EQ(0, buff.length);
+        reset_args(&buff);
+        free_configuration(&cmd_cfg);
       }
       write_command_file("[docker-command-execution]\n docker-command=run\n  user=nobody\n privileged=true\n image=nothadoop/image");
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
         FAIL();
       }
-      reset_args(&buff);
       ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
       ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret);
       ASSERT_EQ(0, buff.length);
+      reset_args(&buff);
+      free_configuration(&cmd_cfg);
+      free_configuration(&container_cfg);
     }
 
-
     // check default case and when it's turned off
     for (int i = 3; i < 6; ++i) {
       write_container_executor_cfg(container_executor_cfg_contents[i]);
@@ -698,7 +710,6 @@ namespace ContainerExecutor {
       file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
           "[docker-command-execution]\n  docker-command=run\n  user=root\n privileged=false", ""));
       for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-        reset_args(&buff);
         write_command_file(itr->first);
         ret = read_config(docker_command_file.c_str(), &cmd_cfg);
         if (ret != 0) {
@@ -708,7 +719,9 @@ namespace ContainerExecutor {
         char *actual = flatten(&buff);
         ASSERT_EQ(0, ret);
         ASSERT_STREQ(itr->second.c_str(), actual);
+        reset_args(&buff);
         free(actual);
+        free_configuration(&cmd_cfg);
       }
       write_command_file("[docker-command-execution]\n  docker-command=run\n  user=root\n privileged=true");
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
@@ -718,6 +731,9 @@ namespace ContainerExecutor {
       ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
       ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret);
       ASSERT_EQ(0, buff.length);
+      reset_args(&buff);
+      free_configuration(&cmd_cfg);
+      free_configuration(&container_cfg);
     }
   }
 
@@ -752,7 +768,6 @@ namespace ContainerExecutor {
       FAIL();
     }
     for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-      reset_args(&buff);
       write_command_file(itr->first);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
@@ -762,16 +777,19 @@ namespace ContainerExecutor {
       char *actual = flatten(&buff);
       ASSERT_EQ(0, ret);
       ASSERT_STREQ(itr->second.c_str(), actual);
+      reset_args(&buff);
       free(actual);
+      free_configuration(&cmd_cfg);
     }
     write_command_file("[docker-command-execution]\n  docker-command=run\n  image=hadoop/docker-image\n  cap-add=SETGID");
     ret = read_config(docker_command_file.c_str(), &cmd_cfg);
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_capabilities(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret);
+    reset_args(&buff);
+    free_configuration(&container_cfg);
 
     container_executor_cfg_contents = "[docker]\n  docker.trusted.registries=hadoop\n";
     write_container_executor_cfg(container_executor_cfg_contents);
@@ -779,15 +797,16 @@ namespace ContainerExecutor {
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_capabilities(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
+    free_configuration(&container_cfg);
   }
 
   TEST_F(TestDockerUtil, test_set_devices) {
     struct configuration container_cfg, cmd_cfg;
     struct args buff = ARGS_INITIAL_VALUE;
-    reset_args(&buff);
     int ret = 0;
     std::string container_executor_cfg_contents = "[docker]\n"
         "  docker.trusted.registries=hadoop\n"
@@ -821,7 +840,6 @@ namespace ContainerExecutor {
       FAIL();
     }
     for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-      reset_args(&buff);
       write_command_file(itr->first);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
@@ -831,67 +849,75 @@ namespace ContainerExecutor {
       char *actual = flatten(&buff);
       ASSERT_EQ(0, ret);
       ASSERT_STREQ(itr->second.c_str(), actual);
+      reset_args(&buff);
       free(actual);
+      free_configuration(&cmd_cfg);
     }
     write_command_file("[docker-command-execution]\n  docker-command=run\n image=nothadoop/image\n  devices=/dev/test-device:/dev/test-device");
     ret = read_config(docker_command_file.c_str(), &cmd_cfg);
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_devices(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
 
     write_command_file("[docker-command-execution]\n  docker-command=run\n  image=hadoop/image\n  devices=/dev/device3:/dev/device3");
     ret = read_config(docker_command_file.c_str(), &cmd_cfg);
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_devices(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
 
     write_command_file("[docker-command-execution]\n  docker-command=run\n  image=hadoop/image\n  devices=/dev/device1");
     ret = read_config(docker_command_file.c_str(), &cmd_cfg);
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_devices(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
 
     write_command_file("[docker-command-execution]\n  docker-command=run\n  image=hadoop/image\n  devices=/dev/testnvidia:/dev/testnvidia");
     ret = read_config(docker_command_file.c_str(), &cmd_cfg);
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_devices(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
 
     write_command_file("[docker-command-execution]\n  docker-command=run\n  image=hadoop/image\n  devices=/dev/gpu-nvidia-uvm:/dev/gpu-nvidia-uvm");
     ret = read_config(docker_command_file.c_str(), &cmd_cfg);
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_devices(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
 
     write_command_file("[docker-command-execution]\n  docker-command=run\n  image=hadoop/image\n  devices=/dev/device1");
     ret = read_config(docker_command_file.c_str(), &cmd_cfg);
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_devices(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&container_cfg);
 
     container_executor_cfg_contents = "[docker]\n";
     write_container_executor_cfg(container_executor_cfg_contents);
@@ -899,10 +925,12 @@ namespace ContainerExecutor {
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = set_devices(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
+    free_configuration(&container_cfg);
   }
 
 
@@ -951,7 +979,6 @@ namespace ContainerExecutor {
     std::vector<std::pair<std::string, std::string> >::const_iterator itr;
 
     for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-      reset_args(&buff);
       write_command_file(itr->first);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
@@ -961,7 +988,9 @@ namespace ContainerExecutor {
       char *actual = flatten(&buff);
       ASSERT_EQ(0, ret);
       ASSERT_STREQ(itr->second.c_str(), actual);
+      reset_args(&buff);
       free(actual);
+      free_configuration(&cmd_cfg);
     }
 
     std::vector<std::pair<std::string, int> > bad_file_cmds_vec;
@@ -978,18 +1007,18 @@ namespace ContainerExecutor {
     std::vector<std::pair<std::string, int> >::const_iterator itr2;
 
     for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) {
-      reset_args(&buff);
       write_command_file(itr2->first);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
         FAIL();
       }
-      reset_args(&buff);
       ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
       char *actual = flatten(&buff);
       ASSERT_EQ(itr2->second, ret);
       ASSERT_STREQ("", actual);
+      reset_args(&buff);
       free(actual);
+      free_configuration(&cmd_cfg);
     }
 
     // verify that you can't mount any directory in the container-executor.cfg path
@@ -997,17 +1026,17 @@ namespace ContainerExecutor {
     while (strlen(ce_path) != 0) {
       std::string cmd_file_contents = "[docker-command-execution]\n  docker-command=run\n  image=hadoop/image\n  rw-mounts=";
       cmd_file_contents.append(ce_path).append(":").append("/etc/hadoop");
-      reset_args(&buff);
       write_command_file(cmd_file_contents);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
         FAIL();
       }
-      reset_args(&buff);
       ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
       ASSERT_EQ(INVALID_DOCKER_RW_MOUNT, ret) << " for input " << cmd_file_contents;
       char *actual = flatten(&buff);
       ASSERT_STREQ("", actual);
+      reset_args(&buff);
+      free_configuration(&cmd_cfg);
       free(actual);
       char *tmp = strrchr(ce_path, '/');
       if (tmp != NULL) {
@@ -1015,6 +1044,7 @@ namespace ContainerExecutor {
       }
     }
     free(ce_path);
+    free_configuration(&container_cfg);
 
     // For untrusted image, container add_rw_mounts will pass through
     // without mounting or report error code.
@@ -1024,12 +1054,13 @@ namespace ContainerExecutor {
     if (ret != 0) {
       FAIL();
     }
-    reset_args(&buff);
     ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
     char *actual = flatten(&buff);
     ASSERT_EQ(0, ret);
     ASSERT_STREQ("", actual);
+    reset_args(&buff);
     free(actual);
+    free_configuration(&container_cfg);
   }
 
   TEST_F(TestDockerUtil, test_add_ro_mounts) {
@@ -1080,7 +1111,6 @@ namespace ContainerExecutor {
     std::vector<std::pair<std::string, std::string> >::const_iterator itr;
 
     for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
-      reset_args(&buff);
       write_command_file(itr->first);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
@@ -1090,7 +1120,9 @@ namespace ContainerExecutor {
       char *actual = flatten(&buff);
       ASSERT_EQ(0, ret);
       ASSERT_STREQ(itr->second.c_str(), actual);
+      reset_args(&buff);
       free(actual);
+      free_configuration(&cmd_cfg);
     }
 
     std::vector<std::pair<std::string, int> > bad_file_cmds_vec;
@@ -1104,19 +1136,20 @@ namespace ContainerExecutor {
     std::vector<std::pair<std::string, int> >::const_iterator itr2;
 
     for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) {
-      reset_args(&buff);
       write_command_file(itr2->first);
       ret = read_config(docker_command_file.c_str(), &cmd_cfg);
       if (ret != 0) {
         FAIL();
       }
-      reset_args(&buff);
       ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff);
       char *actual = flatten(&buff);
       ASSERT_EQ(itr2->second, ret);
       ASSERT_STREQ("", actual);
+      reset_args(&buff);
       free(actual);
+      free_configuration(&cmd_cfg);
     }
+    free_configuration(&container_cfg);
 
     container_executor_cfg_contents = "[docker]\n  docker.trusted.registries=hadoop\n";
     write_container_executor_cfg(container_executor_cfg_contents);
@@ -1125,10 +1158,16 @@ namespace ContainerExecutor {
       FAIL();
     }
     write_command_file("[docker-command-execution]\n  docker-command=run\n  image=hadoop/image\n  ro-mounts=/home:/home");
-    reset_args(&buff);
+    ret = read_config(docker_command_file.c_str(), &cmd_cfg);
+    if (ret != 0) {
+      FAIL();
+    }
     ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff);
     ASSERT_EQ(INVALID_DOCKER_RO_MOUNT, ret);
     ASSERT_EQ(0, buff.length);
+    reset_args(&buff);
+    free_configuration(&cmd_cfg);
+    free_configuration(&container_cfg);
   }
 
   TEST_F(TestDockerUtil, test_docker_run_privileged) {
@@ -1310,6 +1349,7 @@ namespace ContainerExecutor {
         static_cast<int>(INVALID_DOCKER_NETWORK)));
 
     run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
+    free_configuration(&container_executor_cfg);
   }
 
   TEST_F(TestDockerUtil, test_docker_run_entry_point) {
@@ -1352,6 +1392,7 @@ namespace ContainerExecutor {
         static_cast<int>(INVALID_DOCKER_CONTAINER_NAME)));
 
     run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
+    free_configuration(&container_executor_cfg);
   }
 
   TEST_F(TestDockerUtil, test_docker_run_no_privileged) {
@@ -1441,6 +1482,7 @@ namespace ContainerExecutor {
           static_cast<int>(PRIVILEGED_CONTAINERS_DISABLED)));
 
       run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
+      free_configuration(&container_executor_cfg);
     }
   }
 
@@ -1471,13 +1513,14 @@ namespace ContainerExecutor {
     struct args buffer = ARGS_INITIAL_VALUE;
     struct configuration cfg = {0, NULL};
     for (itr = input_output_map.begin(); itr != input_output_map.end(); ++itr) {
-      reset_args(&buffer);
       write_command_file(itr->first);
       int ret = get_docker_command(docker_command_file.c_str(), &cfg, &buffer);
+      char *actual = flatten(&buffer);
       ASSERT_EQ(0, ret) << "for input " << itr->first;
-      ASSERT_STREQ(itr->second.c_str(), flatten(&buffer));
+      ASSERT_STREQ(itr->second.c_str(), actual);
+      reset_args(&buffer);
+      free(actual);
     }
-    reset_args(&buffer);
   }
 
   TEST_F(TestDockerUtil, test_docker_module_enabled) {
@@ -1497,6 +1540,7 @@ namespace ContainerExecutor {
       ret = docker_module_enabled(&container_executor_cfg);
       ASSERT_EQ(input_out_vec[i].second, ret) << " incorrect output for "
                                               << input_out_vec[i].first;
+      free_configuration(&container_executor_cfg);
     }
   }
 
@@ -1544,6 +1588,7 @@ namespace ContainerExecutor {
         static_cast<int>(INVALID_DOCKER_VOLUME_DRIVER)));
 
     run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_volume_command);
+    free_configuration(&container_executor_cfg);
   }
 
   TEST_F(TestDockerUtil, test_docker_no_new_privileges) {
@@ -1589,6 +1634,7 @@ namespace ContainerExecutor {
 
       std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
       run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
+      free_configuration(&container_executor_cfg);
     }
 
     for (int i = 2; i < 3; ++i) {
@@ -1611,6 +1657,7 @@ namespace ContainerExecutor {
 
       std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
       run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
+      free_configuration(&container_executor_cfg);
     }
 
     for (int i = 3; i < 5; ++i) {
@@ -1633,6 +1680,7 @@ namespace ContainerExecutor {
 
       std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
       run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
+      free_configuration(&container_executor_cfg);
     }
   }
 }