[Aptitude-devel] Bug#954973: potential memory leak: forgetting to free error message of libsqlite3 API 'sqlite3_exec'
李蕊诗
summerlinasity at gmail.com
Thu Mar 26 02:11:51 GMT 2020
Package: aptitude
Version: 0.8.12
Source: aptitude
I downloaded the newest source code
from:http://deb.debian.org/debian/pool/main/a/aptitude/aptitude_0.8.12.orig.tar.xz.
The bug lies in src/generic/util/sqlite.cc:201-202:
201: int result = sqlite3_exec(handle, sql.c_str(),
202: callback, data, &msg);
According to libsqlite3 API document of 'sqlite3_exec': "To avoid
memory leaks, the application should invoke sqlite3_free() on error
message strings returned through the 5th parameter of sqlite3_exec()
after the error message string is no longer needed."
So this is potential memory leak, and the patch should be:
208: if(result != SQLITE_OK || msg != NULL)
209: throw exception(errmsg, result);
210:+ if(msg)
211:+ sqlite3_free(msg)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/aptitude-devel/attachments/20200326/4af52738/attachment.html>
More information about the Aptitude-devel
mailing list