(SYSTEM: ArchLinux - current version, gpgme version 1.12.0)
Type : Memory Leak
Risk: low
Desc:
Memory leak of constant size, xjson_Create_Array() is not deallocated
when a leave-jump happens.
FIX:
(line number 2928 and following)
...
2929 - cjson_t j_comps = xjson_CreateArray ();
2930 + cjson_t j_comps;
2931 ctx = get_context (GPGME_PROTOCOL_GPGCONF);
...
2950 + cjson_t j_comps xjson_CreateArray ();
2951 comp = conf;
2952 for (comp = conf; comp; comp = comp->next)
2953 {
2954 if (comp_name && comp->name && strcmp (comp->name, comp_name))
...found with libFuzzer and ASAN by clang 7.0.1
regards
Sirko Höer
Code Intelligence GmbH