Bug#702551: ssdeep: memleak on error (fuzzy.c)
Niels Thykier
niels at thykier.net
Fri Mar 8 10:02:10 UTC 2013
Package: ssdeep
Version: 2.7-2
Severity: minor
Tags: upstream
Reading the ssdeep source code I found the following:
"""
s1 = eliminate_sequences(str1+1);
s2 = eliminate_sequences(str2+1);
if (!s1 || !s2) return 0;
// now break them into the two pieces
s1_1 = s1;
s2_1 = s2;
s1_2 = strchr(s1, ':');
s2_2 = strchr(s2, ':');
if (!s1_2 || !s2_2) {
// a signature is malformed - it doesn't have 2 parts
free(s1); free(s2);
return 0;
}
"""
Notice that in the second "if", both s1 and s2 are freed. But in the
first "if" none of them are despite the fact that s1 may be non-NULL
at that point.
~Niels
More information about the forensics-devel
mailing list