Memory leak in g10 handle_compressed
Closed, ResolvedPublic

Description

Found using oss-fuzz, see https://github.com/google/oss-fuzz/pull/1310

Function handle_compressed in g10/compress.c allocates and apparently never frees memory

Here is the code with my added comments

   //memory allocated
    cfx = xmalloc_clear (sizeof *cfx);
    cfx->release = release_context;
    cfx->algo = cd->algorithm;
    // cdx can be copied in a cd->buf field
    push_compress_filter(cd->buf,cfx,cd->algorithm);
    if( callback )
	rc = callback(cd->buf, passthru );
    else
      rc = proc_packets (ctrl,procctx, cd->buf);
    //cd->buf goes out of scope
    cd->buf = NULL;
    //patch should be xfree(cfx);
    return rc;

Maybe I am wrong, but there is at least a leak with case COMPRESS_ALGO_NONE

Related Objects

Bug can be reproduced with gpg --verify leak-a702b3e5612e12163f056f41feb9e95a8b3836bb

gniibe claimed this task.EditedApr 13 2018, 3:11 AM
gniibe triaged this task as Normal priority.
gniibe added a project: gnupg (gpg14).
gniibe added a subscriber: gniibe.

Good catch. Thanks. Fixed in STABLE-BRANCH-2-2.

gniibe changed the task status from Open to Testing.Apr 13 2018, 3:24 AM

Applied to STABLE-BRANCH-1-4, too.

werner closed this task as Resolved.May 2 2018, 8:30 PM