netbsd-bugs: bin/9081: possible memory leak in file(1)

Subject: bin/9081: possible memory leak in file(1)
To: None <gnats-bugs@gnats.netbsd.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 12/30/1999 02:07:16
>Number:         9081
>Category:       bin
>Synopsis:       possible memory leak in file(1)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 30 02:06:00 1999
>Last-Modified:
>Originator:     Jun-ichiro itojun Hagino
>Organization:
	itojun.org
>Release:        NetBSD-current and 1.4.1
>Environment:
System: NetBSD turmeric.itojun.org 1.4P NetBSD 1.4P (TURMERIC.v6) #189: Sun Dec 26 21:45:33 PST 1999 itojun@turmeric.itojun.org:/usr/home/itojun/NetBSD/src/sys/arch/i386/compile/TURMERIC.v6 i386


>Description:
	due to realloc() error handling, file(1) has possibility of memory
	leak in apprentice.c:apprentice().  there are two other places
	where realloc() is called, but those cases are okay as they will
	exit very soon after realloc() error is reported (if you care
	they should be fixed as well).
>How-To-Repeat:
>Fix:

Index: apprentice.c
===================================================================
RCS file: /cvsroot/basesrc/usr.bin/file/apprentice.c,v
retrieving revision 1.17
diff -c -r1.17 apprentice.c
*** apprentice.c	1999/11/01 17:39:26	1.17
--- apprentice.c	1999/12/30 09:58:30
***************
*** 188,204 ****
  	int i = 0, nd = *ndx;
  	struct magic *m;
  	char *t, *s;
  
  	if (nd+1 >= maxmagic){
! 	    if ((magic = (struct magic *) realloc(magic, 
  						  sizeof(struct magic) * 
  						  maxmagic * 2)) == NULL) {
  		(void) fprintf(stderr, "%s: Out of memory.\n", progname);
  		if (check)
  			return -1;
  		else
  			exit(1);
  	    }
  	    memset(&magic[maxmagic], 0, sizeof(struct magic) * maxmagic);
  	    maxmagic *= 2;
  	}
--- 188,208 ----
  	int i = 0, nd = *ndx;
  	struct magic *m;
  	char *t, *s;
+ 	struct magic *newmagic;
  
  	if (nd+1 >= maxmagic){
! 	    if ((newmagic = (struct magic *) realloc(magic, 
  						  sizeof(struct magic) * 
  						  maxmagic * 2)) == NULL) {
+ 		if (magic)
+ 			free(magic);
  		(void) fprintf(stderr, "%s: Out of memory.\n", progname);
  		if (check)
  			return -1;
  		else
  			exit(1);
  	    }
+ 	    magic = newmagic;
  	    memset(&magic[maxmagic], 0, sizeof(struct magic) * maxmagic);
  	    maxmagic *= 2;
  	}
>Audit-Trail:
>Unformatted: