Hi,
there is a memory leak in sdiff occurring while parsing ed commands in
parsecmd (which is feeded basically by diff's output through a pipe).
The function xfgets uses fparseln, which means that the return value should
be freed. This is not the case for the variable line. Also, there is a
while-loop not freeing xfgets' return value.
Tobias
PS: I doubt that the errx() calls in parsecmd really help a lot in case
of error, because line will be tampered with (placing '\0' where needed).
Didn't address that issue with this patch, neither do I see a need
for that.
Index: sdiff.c
===================================================================
RCS file: /cvs/src/usr.bin/sdiff/sdiff.c,v
retrieving revision 1.28
diff -u -p -r1.28 sdiff.c
--- sdiff.c 7 Jun 2009 13:29:50 -0000 1.28
+++ sdiff.c 30 Mar 2013 18:14:51 -0000
@@ -740,11 +740,14 @@ parsecmd(FILE *diffpipe, FILE *file1, FI
default:
errx(2, "invalid diff command: %c: %s", cmd, line);
}
+ free(line);
/* Skip to next ed line. */
- while (n--)
- if (!xfgets(diffpipe))
+ while (n--) {
+ if (!(line = xfgets(diffpipe)))
errx(2, "diff ended early");
+ free(line);
+ }
return (0);
}
