The function ef_read in zipcmp.c has a memory leak in its error handling path. If zip_file_extra_field_get() fails after the memory for e->extra_fields has been allocated, the function returns -1 immediately without freeing the allocated memory.
|
if ((e->extra_fields = (struct ef *)malloc(sizeof(e->extra_fields[0]) * e->n_extra_fields)) == NULL) |
|
return -1; |
|
|
|
for (i = 0; i < n_local; i++) { |
|
e->extra_fields[i].name = e->name; |
|
e->extra_fields[i].data = zip_file_extra_field_get(za, idx, i, &e->extra_fields[i].id, &e->extra_fields[i].size, ZIP_FL_LOCAL); |
|
if (e->extra_fields[i].data == NULL) |
|
return -1; |
To fix the memory leak while maintaining the consistent return -1 pattern on failure, the allocated e->extra_fields buffer must be freed before returning from the error paths.
The function
ef_readinzipcmp.chas a memory leak in its error handling path. Ifzip_file_extra_field_get()fails after the memory fore->extra_fieldshas been allocated, the function returns -1 immediately without freeing the allocated memory.libzip/src/zipcmp.c
Lines 671 to 678 in e16526d
To fix the memory leak while maintaining the consistent
return -1pattern on failure, the allocated e->extra_fields buffer must be freed before returning from the error paths.