Bug#702551: ssdeep: memleak on error (fuzzy.c)

Niels Thykier niels at thykier.net
Fri Mar 8 10:02:10 UTC 2013


Package: ssdeep
Version: 2.7-2
Severity: minor
Tags: upstream

Reading the ssdeep source code I found the following:


"""
  s1 = eliminate_sequences(str1+1);
  s2 = eliminate_sequences(str2+1);
  
  if (!s1 || !s2) return 0;

  // now break them into the two pieces 
  s1_1 = s1;
  s2_1 = s2;
  
  s1_2 = strchr(s1, ':');
  s2_2 = strchr(s2, ':');
  
  if (!s1_2 || !s2_2) {
    // a signature is malformed - it doesn't have 2 parts 
    free(s1); free(s2);
    return 0;
  }
"""

Notice that in the second "if", both s1 and s2 are freed.  But in the
first "if" none of them are despite the fact that s1 may be non-NULL
at that point.

~Niels



More information about the forensics-devel mailing list