Package: openconnect
Version: 3.20-3
Severity: normal
++
++static void buf_append(struct oc_text_buf *buf, const char *fmt, ...)
++{
++ va_list ap;
[...]
++
++ buf->data = realloc(buf->data, new_buf_len);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
++ if (!buf->data) {
++ buf->error = -ENOMEM;
++ break;
++ }
++ buf->buf_len = new_buf_len;
If realloc fails, it will return NULL but without freeing the original
buffer. This means the marked code will leak the (old) buf->data on
error.
~Niels
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
