locale_charset.c

Zhaopeng Li Mon, 12 Jan 2015 22:43:49 -0800

Platform: Ubuntu 14.10 64-bit
Coreutils Version 8.23



At line 534 of coreutils/lib/locale_charset.c, var ‘aliases' points to a buffer 
which is allocated using malloc() .

This buffer is not freed when codeset is still an empty string after the loop 
(Line 534~542).

So it will be leaked under such situation.



Line 533    /* Resolve alias. */
Line 534   for (aliases = get_charset_aliases ();
                *aliases != '\0';
                aliases += strlen (aliases) + 1, aliases += strlen (aliases) + 
1)
                 if (strcmp (codeset, aliases) == 0
                 || (aliases[0] == '*' && aliases[1] == '\0'))
                 {
                         codeset = aliases + strlen (aliases) + 1;
                        break;
                 }

                /* Don't return an empty string.  GNU libc and GNU libiconv 
interpret
                   the empty string as denoting "the locale's character 
encoding",
                   thus GNU libiconv would call this function a second time.  */
                if (codeset[0] == '\0')
                         codeset = "ASCII";

bug#19578: Memory leaks in coreutils/lib/locale_charset.c

Reply via email to