GNU bug report logs - #19578
Memory leaks in coreutils/lib/locale_charset.c

Previous Next

Full log

Message #21 received at 19578 <at> debbugs.gnu.org (full text, mbox):

From: Zhaopeng Li <zpli <at> ustc.edu.cn>
To: 19578 <at> debbugs.gnu.org
Subject: the code
Date: Tue, 13 Jan 2015 18:17:57 +0800

[Message part 1 (text/plain, inline)]

At line 589 of coreutils/lib/locale_charset.c, var ‘aliases' points to a buffer which is allocated using malloc() .This buffer is not freed when codeset is still an empty string after the loop (Line 589~597).

So it will be leaked under such situation.
Our static analysis tool reports this problem.



 588 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l588>   /* Resolve alias. */
 589 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l589>   for (aliases = get_charset_aliases ();
 590 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l590>        *aliases != '\0';
 591 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l591>        aliases += strlen (aliases) + 1, aliases += strlen (aliases) + 1)
 592 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l592>     if (strcmp (codeset, aliases) == 0
 593 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l593>         || (aliases[0] == '*' && aliases[1] == '\0'))
 594 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l594>       {
 595 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l595>         codeset = aliases + strlen (aliases) + 1;
 596 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l596>         break;
 597 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l597>       }
 598 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l598> 
 599 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l599>   /* Don't return an empty string.  GNU libc and GNU libiconv interpret
 600 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l600>      the empty string as denoting "the locale's character encoding",
 601 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l601>      thus GNU libiconv would call this function a second time.  */
 602 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l602>   if (codeset[0] == '\0')
 603 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l603>     codeset = "ASCII”;
 604 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l604> 
 605 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l605> #ifdef DARWIN7
 606 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l606>   /* Mac OS X sets MB_CUR_MAX to 1 when LC_ALL=C, and "UTF-8"
 607 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l607>      (the default codeset) does not work when MB_CUR_MAX is 1.  */
 608 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l608>   if (strcmp (codeset, "UTF-8") == 0 && MB_CUR_MAX_L (uselocale (NULL)) <= 1)
 609 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l609>     codeset = "ASCII";
 610 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l610> #endif
 611 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l611> 
 612 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l612>   return codeset;
 613 <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/localcharset.c;h=b4af28cd#l613> }

[Message part 2 (text/html, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.