Package: libpopt0 Version: 1.16-12 Severity: important Affects: logrotate Tags: patch
The patch 318833-incorrect-handling-of-leftovers-with-poptStuffArgs.patch introduces a memory leak for leftover arguments. Previously the content of 'con->leftovers' did not hold own memory, so it did not need to be freed. With that patch it does, but it is not cleaned properly. First there is a typo in line 57 (extra '&'), so the content would never be freed. Secondly in 'poptFreeContext()' 'poptResetContext()' is called, which sets 'con->numLeftovers' to 0. So the whole loop (line 56-58 in the patch) is not executed.
poptleak.sh
Description: application/shellscript
diff -Nru ../popt_orig/popt-1.16/popt.c ../popt/popt-1.16/popt.c
--- ../popt_orig/popt-1.16/popt.c 2019-10-05 23:40:23.000000000 +0200
+++ ../popt/popt-1.16/popt.c 2019-10-05 23:44:07.784682313 +0200
@@ -234,6 +234,9 @@
con->os->nextArg = _free(con->os->nextArg);
con->os->next = 1; /* skip argv[0] */
+ for (i = 0; i < con->numLeftovers; i++) {
+ con->leftovers[i] = _free(con->leftovers[i]);
+ }
con->numLeftovers = 0;
con->nextLeftover = 0;
con->restLeftover = 0;
@@ -1651,7 +1654,7 @@
con->numExecs = 0;
for (i = 0; i < con->numLeftovers; i++) {
- con->leftovers[i] = _free(&con->leftovers[i]);
+ con->leftovers[i] = _free(con->leftovers[i]);
}
con->leftovers = _free(con->leftovers);
