[Nasm-bugs] [Bug 3392895] potential memory leak in unquote_token_anystr function at asm/preproc.c

[noreply-nasm at dev.nasm.us]

https://bugzilla.nasm.us/show_bug.cgi?id=3392895

C. Masloch <pushbx at ulukai.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pushbx at ulukai.org

--- Comment #1 from C. Masloch <pushbx at ulukai.org> ---
This is where unquote_token_anystr returns the pointer:
https://github.com/netwide-assembler/nasm/blob/a916e4127b2eaa3bf40bddf3de9b0ceefc0d98a4/asm/preproc.c#L733

This is the function nasm_unquote_anystr:
https://github.com/netwide-assembler/nasm/blob/a916e4127b2eaa3bf40bddf3de9b0ceefc0d98a4/asm/quote.c#L281

> Specifically, when olen <= INLINE_TEXT, the variable 'p' is assigned the value of 't->text.a', and then directly returned at line 734. 

Correct. This implies that the token had inline text (the "original length" was
small enough to allow storing the text in the token structure).

> However, 't->text.p.ptr' is memory allocated using nasm_malloc in the new_Token function. Consequently, if 'p' is directly returned at line 734, it may result in 't->text.p.ptr' not being freed, potentially leading to a memory leak.

No, because the pointer part of the union is only used if the original length
(olen) was > INLINE_TEXT.

Union of token inline/external text is defined in
https://github.com/netwide-assembler/nasm/blob/a916e4127b2eaa3bf40bddf3de9b0ceefc0d98a4/asm/preproc.c#L178

> Is it reasonable to free 't->text.p.ptr' before returning 'p' at line 734?

No, this would be incorrect.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.