Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-55284

Resource leak in rpmspec --shell mode

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Minor Minor
    • rhel-10.1
    • rhel-10.0
    • rpm
    • rpm-4.19.1.1-13.el10
    • No
    • Low
    • rhel-swm
    • ssg_core_services
    • 10
    • 12
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Release Note Not Required
    • None

      Found by OpenScanHab:

      1. rpm-4.19.1.1/tools/rpmspec.c:70:5: alloc_fn: Storage is returned from allocation function "readline".
2. rpm-4.19.1.1/tools/rpmspec.c:70:5: var_assign: Assigning: "line" = storage returned from "readline("> ")".
4. rpm-4.19.1.1/tools/rpmspec.c:71:2: noescape: Resource "line" is not freed or pointed-to in "rpmExpand".
8. rpm-4.19.1.1/tools/rpmspec.c:70:5: overwrite_var: Overwriting "line" in "line = readline("> ")" leaks the storage that "line" points to.
#    68|       fprintf(stderr, _("RPM version %s macro shell\n"), rpmEVR);
#    69|       char *line = NULL;
#    70|->     while ((line = readline("> ")) != NULL) {
#    71|   	char *exp = rpmExpand(line, NULL);
#    72|   	if (*exp)

              mdomonko@redhat.com Michal Domonkos
              mdomonko@redhat.com Michal Domonkos
              packaging-team-maint packaging-team-maint
              Tomas Bajer Tomas Bajer
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: