Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in __archive_read_get_extract #517

Closed
kwrobot opened this issue Apr 11, 2015 · 3 comments
Closed

memory leak in __archive_read_get_extract #517

kwrobot opened this issue Apr 11, 2015 · 3 comments

Comments

@kwrobot
Copy link

kwrobot commented Apr 11, 2015

Original issue 409 created by Google Code user hanno@hboeck.de on 2015-02-13T19:36:08.000Z:

The latest git code of libarchive (not reproducible in latest release) has a memory leak. It seems the variable extract (line 100, archive_read_extract2.c) is never free'd.

Seems to happen independent of the archive used, just bsdtar -xf on a random file.

valgrind output:
==6850== HEAP SUMMARY:
==6850==     in use at exit: 24 bytes in 1 blocks
==6850==   total heap usage: 91 allocs, 90 frees, 133,036 bytes allocated
==6850== 
==6850== 24 bytes in 1 blocks are definitely lost in loss record 1 of 1
==6850==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6850==    by 0x416E1C: __archive_read_get_extract (archive_read_extract2.c:53)
==6850==    by 0x417070: archive_read_extract_set_progress_callback (archive_read_extract2.c:100)
==6850==    by 0x408425: read_archive (read.c:226)
==6850==    by 0x408666: tar_mode_x (read.c:104)
==6850==    by 0x4067B3: main (bsdtar.c:805)

@kwrobot
Copy link
Author

kwrobot commented Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-14T04:23:13.000Z:

Thank you!

I believe this is fixed in git commit d24e79e

@petterreinholdtsen
Copy link

According to https://security-tracker.debian.org/tracker/CVE-2015-8929 this is a security problem with ID CVE-2015-8929.

@petterreinholdtsen
Copy link

Just for the record for others investigating this CVE. As far as I can tell from looking at the git history, this leak was introduced in commit 77b2efc when get_extract() was refactored and the fix in commit d24e79e depend on commit 9025047 as the code was moved from archive_read_extract.c to archive_read_extract2.c. The first tag with the leak is v3.1.900a.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants