|
| From: | Zhaopeng Li |
| Subject: | bug#19580: Memory Leak in coreutils/lib/localcharset.c |
| Date: | Tue, 13 Jan 2015 18:31:18 +0800 |
At line 221, the assignment (old_res_ptr = res_ptr) will lead to memory leak when iteration of corresponding loop is greater than 3. 189 /* Parse the file's contents. */ 190 char *res_ptr = NULL; 191 size_t res_size = 0; 193 for (;;) 194 { 195 int c; 196 char buf1[50+1]; 197 char buf2[50+1]; 198 size_t l1, l2; 199 char *old_res_ptr; 201 c = getc (fp); 202 if (c == EOF) 203 break; 204 if (c == '\n' || c == ' ' || c == '\t') 205 continue; 206 if (c == '#') 207 { 208 /* Skip comment, to end of line. */ 209 do 210 c = getc (fp); 211 while (!(c == EOF || c == '\n')); 212 if (c == EOF) 213 break; 214 continue; 215 } 216 ungetc (c, fp); 217 if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) 218 break; 219 l1 = strlen (buf1); 220 l2 = strlen (buf2); 221 old_res_ptr = res_ptr; 222 if (res_size == 0) 223 { 224 res_size = l1 + 1 + l2 + 1; 225 res_ptr = (char *) malloc (res_size + 1); 226 } 227 else 228 { 229 res_size += l1 + 1 + l2 + 1; 230 res_ptr = (char *) realloc (res_ptr, res_size + 1); 231 } 232 if (res_ptr == NULL) 233 { 234 /* Out of memory. */ 235 res_size = 0; 236 free (old_res_ptr); 237 break; 238 } 239 strcpy (res_ptr + res_size - (l2 + 1) - (l1 + 1), buf1); 240 strcpy (res_ptr + res_size - (l2 + 1), buf2); 241 } |
| [Prev in Thread] | Current Thread | [Next in Thread] |