Package: libpaper Version: 1.1.24+nmu4 Hi,
I ran coverity scan for libpaper package and I found following issue, which I
found as important,
because it is in a function, which is in shared library and can be linked to
other projects:
libpaper-1.1.24+nmu4/lib/paper.c:197: *alloc_fn*: Storage is returned from
allocation function "realloc".
libpaper-1.1.24+nmu4/lib/paper.c:197: *var_assign*: Assigning: "newpaper" =
storage returned from "realloc(papername, (m *= 2U) * 1UL)".
libpaper-1.1.24+nmu4/lib/paper.c:204: *var_assign*: Assigning: "papername" =
"newpaper".
libpaper-1.1.24+nmu4/lib/paper.c:205: *leaked_storage*: Variable "newpaper"
going out of scope leaks the storage it points to.
libpaper-1.1.24+nmu4/lib/paper.c:213: *noescape*: Resource "papername" is not
freed or pointed-to in "strlen".
libpaper-1.1.24+nmu4/lib/paper.c:214: *leaked_storage*: Variable "papername"
going out of scope leaks the storage it points to.
# 212|
# 213| paperstr = malloc((strlen(papername) + 1) *
sizeof(char));
# 214|-> if (! paperstr) return 0;
# 215|
# 216| strcpy(paperstr, papername);
I propose the following patch:
diff --git a/lib/paper.c b/lib/paper.c
index 57db599..8817aea 100644
--- a/lib/paper.c
+++ b/lib/paper.c
@@ -211,7 +211,10 @@ PAPERSIZEVAR, fall-back to the old behaviour.
fclose(ps);
paperstr = malloc((strlen(papername) + 1) * sizeof(char));
- if (! paperstr) return 0;
+ if (! paperstr) {
+ free(papername);
+ return 0;
+ }
strcpy(paperstr, papername);
free(papername);
I am using Fedora's version of libpaper-1.1.24+nmu4 (but source code is from
debian),
but it seems nmu5, which is stable, is still affected.
--
Zdenek Dohnal
Associate Software Engineer
Red Hat Czech - Brno TPB-C
signature.asc
Description: OpenPGP digital signature
