[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Memleak in glob()

From: Paul Eggert
Subject: Re: Memleak in glob()
Date: Sun, 2 Jul 2017 18:22:52 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

On 07/01/2017 01:44 PM, Tim Rühsen wrote:

fuzzing glob.c immediately discovered a leak.

At ~L600 in glob.c, 'dirname' is heap allocated.
It is free'd at label 'out', but some code paths directly return without
jumping there.

Attached is a patch fixing the issue for me, but just take it as a proof of
concept. You might prefer a different approach.

Regards, Tim

glob.c is taken from glibc, right? Have you investigated whether these problems have been reported and/or fixed in glibc?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]