> Some examples?
>
> In crypto /x509v3 /v3_purp.c line 294 it is called:
>
> xptable_free(xstandard + i);
>
> xptable_free() makes an free() on this pointer, but xstandard was not
> allocated with malloc(). See line 92:
>
> static X509_PURPOSE xstandard[] = {
> {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
> check_purpose_ssl_client, "SSL client", "sslclient", NULL},
> ...
> };
>
> This is just an example...
I'd suggest you try and understand the code you are talking about before
pretending it has a bug.
Hint: have a look at the .flags field.
Alternatively, you can compile that code with coverage metrics and check
that xptable_free() will never call free() in that case.
Miod
