(SYSTEM: ArchLinux - current version, gpgme version 1.12.0)
(it is independent from the JSON parser, but it's a bug anyway ;-))
Type : Memory Leak
Risk: low
Desc:
Reference to the "request" is lost when passed to a function and cannot be released afterwards with "free".
FIX:
(line number 3566 and following)
...
+ static char *append_line(char *to, char *line) {
+ char *tmp = NULL;
+ if(to) {
+ tmp = xstrconcat(to, “\n”, line, NULL);
+ xfree(to);
+ to = tmp;
+ } else {
+ to = xstrdup(line);
+ }
+ return to;
+ }
...
- {
- if(!request)
- request = xstrdup (line);
- else
- request = xstrconcat (request, “\n”, line, NULL);
- }
+ request = append_line(request, line);
...found with libFuzzer, ASAN and clang-static-analyser by clang 7.0.1
regards
Sirko Höer
Code Intelligence GmbH