Tim Rühsen wrote:
> > > Attached is a patch fixing the issue for me
> >
> > The 'return 0;' in line 1104 is correct, because 'dirname' is stuffed into
> > the result array in the lines before. Therefore dirname must NOT be freed
> > here.
>
> This is right for one path, but not all the paths before 'return 0' stuff
> 'dirname' into that array.
Fixed like this. Let's see what remaining issues Coverity reports in glob.c
(next Monday).
2017-07-06 Bruno Haible <br...@clisp.org>
glob: Fix more memory leaks.
* lib/glob.c (glob): Free dirname before returning.
Reported by Coverity and Tim Rühsen.
diff --git a/lib/glob.c b/lib/glob.c
index dc0aff6..a38cf22 100644
--- a/lib/glob.c
+++ b/lib/glob.c
@@ -1091,6 +1091,8 @@ glob (const char *pattern, int flags, int (*errfunc)
(const char *, int),
p = mempcpy (pglob->gl_pathv[newcount], dirname, dirlen);
p[0] = '/';
p[1] = '\0';
+ if (__glibc_unlikely (malloc_dirname))
+ free (dirname);
}
else
{
