Package: libpopt0
Version: 1.16-12
Severity: important
Affects: logrotate
Tags: patch
The patch 318833-incorrect-handling-of-leftovers-with-poptStuffArgs.patch
introduces a memory leak for leftover arguments.
Previously the content of 'con->leftovers' did not hold own memory, so
it did not need to be freed.
With that patch it does, but it is not cleaned properly.
First there is a typo in line 57 (extra '&'), so the content would
never be freed.
Secondly in 'poptFreeContext()' 'poptResetContext()' is called, which
sets 'con->numLeftovers' to 0.
So the whole loop (line 56-58 in the patch) is not executed.
poptleak.sh
Description: application/shellscript
diff -Nru ../popt_orig/popt-1.16/popt.c ../popt/popt-1.16/popt.c
--- ../popt_orig/popt-1.16/popt.c 2019-10-05 23:40:23.0 +0200
+++ ../popt/popt-1.16/popt.c 2019-10-05 23:44:07.784682313 +0200
@@ -234,6 +234,9 @@
con->os->nextArg = _free(con->os->nextArg);
con->os->next = 1; /* skip argv[0] */
+for (i = 0; i < con->numLeftovers; i++) {
+ con->leftovers[i] = _free(con->leftovers[i]);
+}
con->numLeftovers = 0;
con->nextLeftover = 0;
con->restLeftover = 0;
@@ -1651,7 +1654,7 @@
con->numExecs = 0;
for (i = 0; i < con->numLeftovers; i++) {
- con->leftovers[i] = _free(>leftovers[i]);
+ con->leftovers[i] = _free(con->leftovers[i]);
}
con->leftovers = _free(con->leftovers);