NetBSD Problem Report #56147

From www@netbsd.org  Wed May  5 13:42:04 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 8B1781A924E
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  5 May 2021 13:42:04 +0000 (UTC)
Message-Id: <20210505134203.3C03C1A924F@mollari.NetBSD.org>
Date: Wed,  5 May 2021 13:42:03 +0000 (UTC)
From: mlichvar@redhat.com
Reply-To: mlichvar@redhat.com
To: gnats-bugs@NetBSD.org
Subject: libedit: memory leak in fn_complete2()
X-Send-Pr-Version: www-1.0

>Number:         56147
>Category:       lib
>Synopsis:       libedit: memory leak in fn_complete2()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 05 13:45:00 +0000 2021
>Closed-Date:    Fri Jun 04 18:50:32 +0000 2021
>Last-Modified:  Fri Jun 04 18:50:32 +0000 2021
>Originator:     Miroslav Lichvar
>Release:        
>Organization:
Red Hat
>Environment:
>Description:
A memory leak in the fn_complete2() function of libedit was reported by a static analysis tool.

If allocation fails in strdup() or escape_filename(), the matches will not be freed on return from fn_complete2(). Unlikely to happen in real world, but it still might be good to fix it.
>How-To-Repeat:
Simulate an allocation failure in the code.
>Fix:
This change fixes it for me:

--- a/lib/libedit/filecomplete.c
+++ b/lib/libedit/filecomplete.c
@@ -727,7 +727,7 @@ fn_complete2(EditLine *el,
                else
                        completion = strdup(matches[0]);
                if (completion == NULL)
-                       goto out;
+                       goto out2;

                /*
                 * Replace the completed string with the common part of
@@ -809,6 +809,7 @@ fn_complete2(EditLine *el,
                retval = CC_NORM;
        }

+out2:
        /* free elements of array and the array itself */
        for (i = 0; matches[i]; i++)
                el_free(matches[i]);

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/56147 CVS commit: src/lib/libedit
Date: Wed, 5 May 2021 10:49:59 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Wed May  5 14:49:59 UTC 2021

 Modified Files:
 	src/lib/libedit: filecomplete.c

 Log Message:
 PR/56147: Miroslav Lichvar: Avoid memory leak if strdup fails.


 To generate a diff of this commit:
 cvs rdiff -u -r1.67 -r1.68 src/lib/libedit/filecomplete.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Fri, 04 Jun 2021 18:50:32 +0000
State-Changed-Why:
Christos committed it.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.