Currently, the function store_alias() in argparse.c has the following todo:
/* TODO: replace this dummy function with a rea one * and fix the probelms IRIX has with (ALIAS_DEV)arg.. * used as lvalue */
This causes the memory leaks as caller expect the function will take ownership of the allocated value, but it is leaked instead:
"Error: RESOURCE_LEAK (CWE-772): libgpg-error-1.47/src/argparse.c:1965: alloc_fn: Storage is returned from allocation function ""_gpgrt_realloc"". libgpg-error-1.47/src/argparse.c:1965: var_assign: Assigning: ""tmp"" = storage returned from ""_gpgrt_realloc(buffer, tmplen)"". libgpg-error-1.47/src/argparse.c:1969: var_assign: Assigning: ""buffer"" = ""tmp"". libgpg-error-1.47/src/argparse.c:1978: leaked_storage: Variable ""tmp"" going out of scope leaks the storage it points to. libgpg-error-1.47/src/argparse.c:1812: identity_transfer: Passing ""buffer"" as argument 1 to function ""strpbrk"", which returns an offset off that argument. libgpg-error-1.47/src/argparse.c:1812: noescape: Resource ""buffer"" is not freed or pointed-to in ""strpbrk"". libgpg-error-1.47/src/argparse.c:1812: var_assign: Assigning: ""p"" = storage returned from ""strpbrk(buffer, "" \t"")"". libgpg-error-1.47/src/argparse.c:1816: noescape: Resource ""p"" is not freed or pointed-to in ""trim_spaces"". libgpg-error-1.47/src/argparse.c:1825: noescape: Resource ""buffer"" is not freed or pointed-to in ""store_alias"". libgpg-error-1.47/src/argparse.c:1825: noescape: Resource ""p"" is not freed or pointed-to in ""store_alias"". libgpg-error-1.47/src/argparse.c:1827: leaked_storage: Variable ""p"" going out of scope leaks the storage it points to. libgpg-error-1.47/src/argparse.c:2016: leaked_storage: Variable ""buffer"" going out of scope leaks the storage it points to. # 2014| # 2015| leave: # 2016|-> return arg->r_opt; # 2017| } # 2018|"
It is not clear to me if the IRIX issue described is still relevant (probably worth investigating).
The least effort fix would be just to free the passed buffer as it looks like the alias is not used for anything:
diff --git a/src/argparse.c b/src/argparse.c index 106e818..7554417 100644 --- a/src/argparse.c +++ b/src/argparse.c @@ -583,7 +583,7 @@ store_alias( gpgrt_argparse_t *arg, char *name, char *value ) * used as lvalue */ (void)arg; - (void)name; + xfree(name); (void)value; #if 0 ALIAS_DEF a = xmalloc( sizeof *a );