emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#61819: closed (The CVE-2022-48337 fix seems to introduce a memory le

From: GNU bug Tracking System
Subject: bug#61819: closed (The CVE-2022-48337 fix seems to introduce a memory leak)
Date: Sun, 26 Feb 2023 18:05:01 +0000 
Your message dated Sun, 26 Feb 2023 20:04:11 +0200
with message-id <83cz5wi9r8.fsf@gnu.org>
and subject line Re: bug#61819: The CVE-2022-48337 fix seems to introduce a 
memory leak
has caused the debbugs.gnu.org bug report #61819,
regarding The CVE-2022-48337 fix seems to introduce a memory leak
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
61819: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=61819
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: The CVE-2022-48337 fix seems to introduce a memory leak Date: Sun, 26 Feb 2023 12:40:45 +0200 
In the upstream bug for CVE-2022-48337 there was originally[1]
+          free (new_real_name);
+          free (new_tmp_name);
in the fix that later disappeared (by accident?).

This seems to introduce a memory leak, this memory allocated
by escape_shell_arg_string() is now never freed.

cu
Adrian

[1] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817#23

--- End Message ---
--- Begin Message --- Subject: Re: bug#61819: The CVE-2022-48337 fix seems to introduce a memory leak Date: Sun, 26 Feb 2023 20:04:11 +0200 
> Date: Sun, 26 Feb 2023 12:40:45 +0200
> From: Adrian Bunk <bunk@debian.org>
> 
> In the upstream bug for CVE-2022-48337 there was originally[1]
> +          free (new_real_name);
> +          free (new_tmp_name);
> in the fix that later disappeared (by accident?).
> 
> This seems to introduce a memory leak, this memory allocated
> by escape_shell_arg_string() is now never freed.

Thanks, fixed.

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]