There is a memory leak defect at line 82 in the file /openssl/test/ecstresstest.c. #24476
Labels
branch: master
Merge to master branch
branch: 3.0
Merge to openssl-3.0 branch
branch: 3.1
Merge to openssl-3.1
branch: 3.2
Merge to openssl-3.2
branch: 3.3
Merge to openssl-3.3
good first issue
Bite size change that could be a good start
triaged: bug
The issue/pr is/fixes a bug
In the file /openssl/test/ecstresstest.c, at line 69, a pointer variable named group is defined. At line 78, this variable is assigned a dynamically allocated memory region through the function EC_GROUP_new_by_curve_name. The if statement at line 78 has three conditions connected by ||. When the first condition (line 78) returns false, it indicates that the memory allocation for group was successful. However, if the second condition (line 79) returns true, the function will return at line 82, preventing the release of the dynamically allocated memory for group at line 97, thus causing a memory leak. The code flow is illustrated in the diagram below(note that the defect path provided in the figure does not match my description; my description should be considered accurate):
https://github.com/LuMingYinDetect/openssl_defects/blob/main/openssl_30.png
The text was updated successfully, but these errors were encountered: