On Sun, Feb 17, 2013 at 11:49 PM, Marco Schuster <[email protected]> wrote: > Package: libfuse2 > Version: 2.9.0-2+deb7u1 > Severity: normal > Tags: upstream > > In the source file lib/fuse_opt.c, the function process_opt_param leaks > memory by silently overwriting *(char **) var = copy; in line 218.
That's true. But there's a "but". The previous value may not have been initialized and then we may not be able to free it. The app is probably broken at that point anyway, yet we don't want to make it more broken. I guess I'll fix this in libfuse-3.0 and document it in the header file. Thanks, Miklos > > -- System Information: > Debian Release: wheezy/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages libfuse2 depends on: > ii libc6 2.13-33 > ii multiarch-support 2.13-33 > > libfuse2 recommends no packages. > > Versions of packages libfuse2 suggests: > ii fuse 2.9.0-2+deb7u1 > > -- no debconf information > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
