There is a memory leak defect at line 82 in the file /openssl/test/ecstresstest.c. #24476
Labels
branch: master
Merge to master branch
branch: 3.0
Merge to openssl-3.0 branch
branch: 3.1
Merge to openssl-3.1
branch: 3.2
Merge to openssl-3.2
branch: 3.3
Merge to openssl-3.3
good first issue
Bite size change that could be a good start
triaged: bug
The issue/pr is/fixes a bug
Comments
t8m
added
branch: master
NekSaikou
added a commit
to NekSaikou/openssl
that referenced
this issue
May 24, 2024
Nek NekSaikou@proton.me Fri May 24 10:45:01 2024 +0000
NekSaikou
added a commit
to NekSaikou/openssl
that referenced
this issue
May 24, 2024
NekSaikou@proton.me Fri May 24 10:45:01 2024 +0000 CLA: trivial
jvdsn
pushed a commit
to jvdsn/openssl
that referenced
this issue
Jun 3, 2024
Fixes openssl#24476 CLA: trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#24488)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the file /openssl/test/ecstresstest.c, at line 69, a pointer variable named group is defined. At line 78, this variable is assigned a dynamically allocated memory region through the function EC_GROUP_new_by_curve_name. The if statement at line 78 has three conditions connected by ||. When the first condition (line 78) returns false, it indicates that the memory allocation for group was successful. However, if the second condition (line 79) returns true, the function will return at line 82, preventing the release of the dynamically allocated memory for group at line 97, thus causing a memory leak. The code flow is illustrated in the diagram below(note that the defect path provided in the figure does not match my description; my description should be considered accurate):
https://github.com/LuMingYinDetect/openssl_defects/blob/main/openssl_30.png
The text was updated successfully, but these errors were encountered: