On 27 October 2015 at 00:02, Ted Unangst <t...@tedunangst.com> wrote: > Constantine Aleksandrovich Murenin wrote: >> As reported elsewhere (http://seclists.org/oss-sec/2015/q4/87 via >> http://www.opennet.ru/43146), both of these errors were introduced as >> part of the refactoring. >> >> Quick glance through >> http://bxr.su/o/lib/libssl/src/crypto/objects/obj_dat.c#OBJ_obj2txt >> indicates that the memory leak issue was introduced when a block scope >> variable within an if condition within a while loop was moved to >> function scope instead: >> >> http://cvsweb.allbsd.org/cvsweb.cgi/src/lib/libssl/src/crypto/objects/obj_dat.c?cvsroot=openbsd#rev1.25 >> http://cvsweb.allbsd.org/cvsweb.cgi/src/lib/libssl/src/crypto/objects/obj_dat.c.diff?cvsroot=openbsd&r2=1.25&r1=1.24&f=H >> >> May I ask whether after this error, is it still frowned upon declaring >> block scope variables? > > Did you look at the patch?
Yes, the scope revert is good. :-) So you confirm that using block scope in such scenario is the new best practice now? C.
