Package: libmsv0
Version: 0.0.0-1
Severity: normal

There appears to be a memory leak in each invocation of
msv_query_agent() and msv_check_msva(), as well as an opportunity for
a segfault depending on the data returned by the agent.

The memory leak: both functions invoke libjansson's json_loads()
function, but they never json_decref() it.

The segfault: neither function tests whether json_loads() returns NULL
before invoking json_object_iter_at() on the returned value.  If
libjansson had trouble with json_loads() for whatever reason, these
calls to json_object_iter_at() will probably try to dereference the
NULL pointer.

These should both be easy to fix, but i note that fixing the memory
leak by json_decref()ing before returning from msv_query_agent()
implies that the pointer written to response->message will now be
referring to deallocated memory.  This is probably not what the caller
expects.

FWIW, in the existing API, it's not clear who is responsible for
allocating or disposing of the memory referred to by
response->message.  This has worked without failure thus far because
the memory was just staying allocated (and leaking).

Clarifying the responsibility for tracking the memory allocation for
response->message would help in figuring out the right way to deal
with the above bugs.

Thanks for libmsv!

     --dkg

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.7-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libmsv0 depends on:
ii  libc6            2.13-37
ii  libcurl3-gnutls  7.26.0-1
ii  libjansson4      2.3.1-2

libmsv0 recommends no packages.

libmsv0 suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to