lib/56147: libedit: memory leak in fn_complete2()

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/56147: libedit: memory leak in fn_complete2()
From: mlichvar%redhat.com@localhost
Date: Wed, 5 May 2021 13:45:01 +0000 (UTC)

>Number:         56147
>Category:       lib
>Synopsis:       libedit: memory leak in fn_complete2()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 05 13:45:00 +0000 2021
>Originator:     Miroslav Lichvar
>Release:        
>Organization:
Red Hat
>Environment:
>Description:
A memory leak in the fn_complete2() function of libedit was reported by a static analysis tool.

If allocation fails in strdup() or escape_filename(), the matches will not be freed on return from fn_complete2(). Unlikely to happen in real world, but it still might be good to fix it.
>How-To-Repeat:
Simulate an allocation failure in the code.
>Fix:
This change fixes it for me:

--- a/lib/libedit/filecomplete.c
+++ b/lib/libedit/filecomplete.c
@@ -727,7 +727,7 @@ fn_complete2(EditLine *el,
                else
                        completion = strdup(matches[0]);
                if (completion == NULL)
-                       goto out;
+                       goto out2;
 
                /*
                 * Replace the completed string with the common part of
@@ -809,6 +809,7 @@ fn_complete2(EditLine *el,
                retval = CC_NORM;
        }
 
+out2:
        /* free elements of array and the array itself */
        for (i = 0; matches[i]; i++)
                el_free(matches[i]);

Prev by Date: Re: kern/54969 (Disk cache is no longer flushed on shutdown)
Next by Date: PR/56147 CVS commit: src/lib/libedit
Previous by Thread: kern/56145: umb(4): fix kernel panics and make IP traffic actually work
Next by Thread: PR/56147 CVS commit: src/lib/libedit
Indexes:

Home | Main Index | Thread Index | Old Index