This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug regex/23233] New: Memory leak in build_charclass_op function in file posix/regcomp.c
- From: "nixiaoming at huawei dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 25 May 2018 09:37:29 +0000
- Subject: [Bug regex/23233] New: Memory leak in build_charclass_op function in file posix/regcomp.c
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=23233
Bug ID: 23233
Summary: Memory leak in build_charclass_op function in file
posix/regcomp.c
Product: glibc
Version: 2.27
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: regex
Assignee: unassigned at sourceware dot org
Reporter: nixiaoming at huawei dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Created attachment 11045
--> https://sourceware.org/bugzilla/attachment.cgi?id=11045&action=edit
patch for fix memleak
The original code fragment is as follows:
3049 sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
3050 #ifdef RE_ENABLE_I18N
3051 mbcset = (re_charset_t *) calloc (sizeof (re_charset_t), 1);
3052 #endif /* RE_ENABLE_I18N */
3053 #ifdef RE_ENABLE_I18N
3054 if (BE (sbcset == NULL || mbcset == NULL, 0))
3055 #else
3056 if (BE (sbcset == NULL, 0))
3057 #endif /* RE_ENABLE_I18N */
3058 {
3059 re_free (sbcset);
3060 #ifdef RE_ENABLE_I18N
3061 re_free (mbcset);
3062 #endif
3063 *err = REG_ESPACE;
3064 return NULL;
3065 }
..........
.........
3580 static bin_tree_t *
3581 build_charclass_op (re_dfa_t *dfa, RE_TRANSLATE_TYPE trans,
3582 const unsigned char *class_name,
3583 const unsigned char *extra, int non_match,
3584 reg_errcode_t *err)
3585 {
3586 re_bitset_ptr_t sbcset;
3587 #ifdef RE_ENABLE_I18N
3588 re_charset_t *mbcset;
3589 int alloc = 0;
3590 #endif /* not RE_ENABLE_I18N */
3591 reg_errcode_t ret;
3592 re_token_t br_token;
3593 bin_tree_t *tree;
3594
3595 sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
3596 #ifdef RE_ENABLE_I18N
3597 mbcset = (re_charset_t *) calloc (sizeof (re_charset_t), 1);
3598 #endif /* RE_ENABLE_I18N */
3599
3600 #ifdef RE_ENABLE_I18N
3601 if (BE (sbcset == NULL || mbcset == NULL, 0))
3602 #else /* not RE_ENABLE_I18N */
3603 if (BE (sbcset == NULL, 0))
3604 #endif /* not RE_ENABLE_I18N */
3605 {
3606 *err = REG_ESPACE;
3607 return NULL;
3608 }
In RE_ENABLE_I18N case
If sbcset == NULL && mbcset != NULL, no memory is freed at line 3607, resulting
in a memory leak
--
You are receiving this mail because:
You are on the CC list for the bug.