Constantine Aleksandrovich Murenin wrote: > As reported elsewhere (http://seclists.org/oss-sec/2015/q4/87 via > http://www.opennet.ru/43146), both of these errors were introduced as > part of the refactoring. > > Quick glance through > http://bxr.su/o/lib/libssl/src/crypto/objects/obj_dat.c#OBJ_obj2txt > indicates that the memory leak issue was introduced when a block scope > variable within an if condition within a while loop was moved to > function scope instead: > > http://cvsweb.allbsd.org/cvsweb.cgi/src/lib/libssl/src/crypto/objects/obj_dat.c?cvsroot=openbsd#rev1.25 > http://cvsweb.allbsd.org/cvsweb.cgi/src/lib/libssl/src/crypto/objects/obj_dat.c.diff?cvsroot=openbsd&r2=1.25&r1=1.24&f=H > > May I ask whether after this error, is it still frowned upon declaring > block scope variables?
Did you look at the patch?
