[Aptitude-devel] Bug#954973: potential memory leak: forgetting to free error message of libsqlite3 API 'sqlite3_exec'

李蕊诗 summerlinasity at gmail.com
Thu Mar 26 02:11:51 GMT 2020

Package: aptitude

Version: 0.8.12

Source: aptitude

I downloaded the newest source code
The bug lies in src/generic/util/sqlite.cc:201-202:

201:  int result = sqlite3_exec(handle, sql.c_str(),
202:			callback, data, &msg);

According to libsqlite3 API document of 'sqlite3_exec': "To avoid
memory leaks, the application should invoke sqlite3_free() on error
message strings returned through the 5th parameter of sqlite3_exec()
after the error message string is no longer needed."

So this is potential memory leak, and the patch should be:

208:   if(result != SQLITE_OK || msg != NULL)
209:    	throw exception(errmsg, result);
210:+	if(msg)
211:+		sqlite3_free(msg)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/aptitude-devel/attachments/20200326/4af52738/attachment.html>

More information about the Aptitude-devel mailing list