New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
potential memory leak: forgetting to free error message of libsqlite3 API 'sqlite3_exec' -1 #110
Comments
|
Here is another issue: Lines 81 to 92 in 1572d92
|
|
Seeing as both errors seems to be ignored, can we just set the 5th param to NULL? If so, I'd love a pull request with that fix please. |
|
Agree. I think setting to NULL should work : ) |
…5th paramerter of sqlite3_exec() to NULL
|
CVE-2021-42523 was assigned to this issue. |
|
Eigh? Can you explain how a memory leak is a Information Disclosure? That's completely wrong. This should not be a CVE. |
According to libsqlite3 API document, "To avoid memory leaks, the application should invoke sqlite3_free() on error message strings returned through the 5th parameter of sqlite3_exec() after the error message string is no longer needed."
colord/src/cd-device-db.c
Lines 93 to 103 in 1572d92
The text was updated successfully, but these errors were encountered: