[Digikam-devel] libPGF memory leaks
Andi Clemens
andi.clemens at gmx.net
Sun Nov 21 12:40:23 GMT 2010
Hi,
I just found dangerous code in libPGF. It uses realloc() and assigns the
result of the realloc function directly to the pointer it wants to resize. The
problem is that if this fails for some reason, the original memory location is
unreachable and will result in a memory leak. There is no way to free this
memory afterwards.
So a tmp pointer must be used, which will hold the new adress (or NULL if it
fails). We can then check for a valid pointer and reassign the pointer to the
original pointer variable.
If it failed, we can free the original pointer variable (or keep it and try to
realloc again).
Is this version of libPGF still in developement?
If not, I'd like to fix this locally, otherwise we should contact the author.
I added an example patch to the mail, there might be more issues in the code
though.
Andi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: realloc.patch
Type: text/x-patch
Size: 1465 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/digikam-devel/attachments/20101121/6f89e1f4/attachment.bin>
More information about the Digikam-devel
mailing list