Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

potential memory leak: forgetting to free error message of libsqlite3 API 'sqlite3_exec' -1 #110

Closed
Zero0one1 opened this issue Mar 21, 2020 · 5 comments
Labels

Comments

@Zero0one1
Copy link
Contributor

According to libsqlite3 API document, "To avoid memory leaks, the application should invoke sqlite3_free() on error message strings returned through the 5th parameter of sqlite3_exec() after the error message string is no longer needed."

colord/src/cd-device-db.c

Lines 93 to 103 in 1572d92

rc = sqlite3_exec (priv->db, "SELECT * FROM properties_v2 LIMIT 1",
NULL, NULL, &error_msg);
if (rc != SQLITE_OK) {
statement = "CREATE TABLE properties_v2 ("
"device_id TEXT,"
"property TEXT,"
"value TEXT,"
"PRIMARY KEY (device_id, property));";
sqlite3_exec (priv->db, statement, NULL, NULL, NULL);
}
return TRUE;

@Zero0one1
Copy link
Contributor Author

Here is another issue:

rc = sqlite3_exec (priv->db, "SELECT * FROM properties_pu LIMIT 1",
NULL, NULL, &error_msg);
if (rc != SQLITE_OK) {
statement = "CREATE TABLE properties_pu ("
"profile_id TEXT,"
"property TEXT,"
"uid INTEGER,"
"value TEXT,"
"PRIMARY KEY (profile_id, property, uid));";
sqlite3_exec (priv->db, statement, NULL, NULL, NULL);
}
return TRUE;

@hughsie
Copy link
Owner

hughsie commented Mar 23, 2020

Seeing as both errors seems to be ignored, can we just set the 5th param to NULL? If so, I'd love a pull request with that fix please.

@hughsie hughsie added the bug label Mar 23, 2020
@Zero0one1
Copy link
Contributor Author

Agree. I think setting to NULL should work : )

Zero0one1 added a commit to Zero0one1/colord that referenced this issue Apr 1, 2021
…5th paramerter of sqlite3_exec() to NULL
@hughsie hughsie closed this as completed in adf41f3 Apr 2, 2021
@abergmann
Copy link

CVE-2021-42523 was assigned to this issue.

@hughsie
Copy link
Owner

hughsie commented Aug 26, 2022

Eigh? Can you explain how a memory leak is a Information Disclosure? That's completely wrong. This should not be a CVE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants