Package: liboauth0 Version: 0.9.4-1 Severity: normal The patch 02_xmalloc_dont_exit.patch changes xmalloc_fatal to not exit in case of failure. However this is done wrong as the functions calling xmalloc and friends expect to never get a NULL pointer.
This can be verified by "sabotaging" xmalloc to always call xmalloc_fatal (even when malloc was successful). Doing so results in the test suite crashing with a segmentation fault, cf. [1]. If the library should not just call exit(), the code must make sure to return an error whenever xmalloc fails. Also the return value of the patched xmalloc_fatal is currently not well defined: there is no return statement at the end of the function. Regards, Ansgar [1] <http://lists.debian.org/[email protected]> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
