Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/krb5/patches/050-libverto_memleak.patch
author Neng Xue <neng.xue@oracle.com>
Mon, 26 Sep 2016 15:58:55 -0700
changeset 6978 14cbeb78966a
parent 6599 1d033832c5e7
permissions -rw-r--r--
24669827 Update Userland krb5 to MIT 1.14.4

#
# Fixes a memory leak in libverto:vfree.
#
# Symbol vfree is defined as a macro vresize(X,0) and eventually realloc(X,0)
# gets called. According to realloc(3C), realloc with size=0 can return either
# NULL or a pointer that can be passed to free. This free-able pointer never
# gets freed in current code and leaks 8 B of memory on every event deletion.
#
# This patch replaces realloc(X,0) with free().
#
# Reported by security/krb5api testsuite and libumem.
#
# This patch has been contributed to MIT in
#    https://github.com/krb5/krb5/pull/294
#
# MIT requested this issue be reported to libverto project:
#    https://fedorahosted.org/libverto/ticket/13
# Patch source: in-house
#
--- a/src/util/verto/verto.c
+++ b/src/util/verto/verto.c
@@ -132,6 +132,11 @@ vresize(void *mem, size_t size)
 {
     if (!resize_cb)
         resize_cb = &realloc;
+    if (size == 0 && resize_cb == &realloc) {
+        /* avoid memleak as realloc(X,0) can return a free-able pointer */
+        free(mem);
+        return (NULL);
+    }
     return (*resize_cb)(mem, size);
 }
upstream/oracle/userland-gate