This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=72e359a5d595838f1d727a3b6269541757a54aed commit 72e359a5d595838f1d727a3b6269541757a54aed (HEAD -> master) Author: Guillem Jover <[email protected]> AuthorDate: Mon Jan 20 00:23:42 2020 +0100 libdpkg: Fix memory leaks in zlib and bz2 decompression functions We need to close the handles to release their respective resources. These leaks are not important as they are short-lived in the current implementation as the call site will always execute them in a child process. Warned-by: coverity --- debian/changelog | 1 + lib/dpkg/compress.c | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 1ca4db46b..db1fec204 100644 --- a/debian/changelog +++ b/debian/changelog @@ -122,6 +122,7 @@ dpkg (1.20.0) UNRELEASED; urgency=medium - start-stop-daemon: Explicitly ignore uninmportant function return values. - start-stop-daemon: Fix memory leak on multiple --chuid arguments. - start-stop-daemon: Close the notification socket in the child. + - libdpkg: Fix memory leaks in zlib and bz2 decompression functions. * Build system: - Bump minimal Perl version to 5.24.1. - Add a serial versioning to the m4 files. diff --git a/lib/dpkg/compress.c b/lib/dpkg/compress.c index 44075cdb6..41991317a 100644 --- a/lib/dpkg/compress.c +++ b/lib/dpkg/compress.c @@ -150,6 +150,7 @@ static void decompress_gzip(int fd_in, int fd_out, const char *desc) { char buffer[DPKG_BUFFER_SIZE]; + int z_errnum; gzFile gzfile = gzdopen(fd_in, "r"); if (gzfile == NULL) @@ -160,7 +161,6 @@ decompress_gzip(int fd_in, int fd_out, const char *desc) actualread = gzread(gzfile, buffer, sizeof(buffer)); if (actualread < 0) { - int z_errnum = 0; const char *errmsg = gzerror(gzfile, &z_errnum); if (z_errnum == Z_ERRNO) @@ -176,6 +176,17 @@ decompress_gzip(int fd_in, int fd_out, const char *desc) ohshite(_("%s: internal gzip write error"), desc); } + z_errnum = gzclose(gzfile); + if (z_errnum) { + const char *errmsg; + + if (z_errnum == Z_ERRNO) + errmsg = strerror(errno); + else + errmsg = zError(z_errnum); + ohshit(_("%s: internal gzip read error: %s"), desc, errmsg); + } + if (close(fd_out)) ohshite(_("%s: internal gzip write error"), desc); } @@ -309,6 +320,8 @@ decompress_bzip2(int fd_in, int fd_out, const char *desc) ohshite(_("%s: internal bzip2 write error"), desc); } + BZ2_bzclose(bzfile); + if (close(fd_out)) ohshite(_("%s: internal bzip2 write error"), desc); } -- Dpkg.Org's dpkg
