memory leak in __archive_read_get_extract #517

Closed
kwrobot opened this Issue Apr 11, 2015 · 3 comments

Comments

Projects
None yet
2 participants
@kwrobot

kwrobot commented Apr 11, 2015

Original issue 409 created by Google Code user hanno@hboeck.de on 2015-02-13T19:36:08.000Z:

The latest git code of libarchive (not reproducible in latest release) has a memory leak. It seems the variable extract (line 100, archive_read_extract2.c) is never free'd.

Seems to happen independent of the archive used, just bsdtar -xf on a random file.

valgrind output:
==6850== HEAP SUMMARY:
==6850==     in use at exit: 24 bytes in 1 blocks
==6850==   total heap usage: 91 allocs, 90 frees, 133,036 bytes allocated
==6850== 
==6850== 24 bytes in 1 blocks are definitely lost in loss record 1 of 1
==6850==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6850==    by 0x416E1C: __archive_read_get_extract (archive_read_extract2.c:53)
==6850==    by 0x417070: archive_read_extract_set_progress_callback (archive_read_extract2.c:100)
==6850==    by 0x408425: read_archive (read.c:226)
==6850==    by 0x408666: tar_mode_x (read.c:104)
==6850==    by 0x4067B3: main (bsdtar.c:805)

@kwrobot

This comment has been minimized.

Show comment
Hide comment
@kwrobot

kwrobot Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-14T04:23:13.000Z:

Thank you!

I believe this is fixed in git commit d24e79e

kwrobot commented Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-14T04:23:13.000Z:

Thank you!

I believe this is fixed in git commit d24e79e

@petterreinholdtsen

This comment has been minimized.

Show comment
Hide comment
@petterreinholdtsen

petterreinholdtsen Jul 1, 2016

According to https://security-tracker.debian.org/tracker/CVE-2015-8929 this is a security problem with ID CVE-2015-8929.

According to https://security-tracker.debian.org/tracker/CVE-2015-8929 this is a security problem with ID CVE-2015-8929.

@petterreinholdtsen

This comment has been minimized.

Show comment
Hide comment
@petterreinholdtsen

petterreinholdtsen Jul 1, 2016

Just for the record for others investigating this CVE. As far as I can tell from looking at the git history, this leak was introduced in commit 77b2efc when get_extract() was refactored and the fix in commit d24e79e depend on commit 9025047 as the code was moved from archive_read_extract.c to archive_read_extract2.c. The first tag with the leak is v3.1.900a.

Just for the record for others investigating this CVE. As far as I can tell from looking at the git history, this leak was introduced in commit 77b2efc when get_extract() was refactored and the fix in commit d24e79e depend on commit 9025047 as the code was moved from archive_read_extract.c to archive_read_extract2.c. The first tag with the leak is v3.1.900a.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment