[PATCH v2 0/1] MR3013: wusa: Fix memory leak on error path in read_components (scan-build).
If read_identity returns FALSE, it has already called clear_identity.
This is the same problem as in merge request !2970. Unfortunately I did not notice at first that the problem was present in two places.
-- v2: wusa: Fix double free on error path in read_components (scan-build).
From: Alex Henrie alexhenrie24@gmail.com
If read_identity returns FALSE, it has already called clear_identity. --- programs/wusa/manifest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/programs/wusa/manifest.c b/programs/wusa/manifest.c index 83d4125133f..684ffb1f4ef 100644 --- a/programs/wusa/manifest.c +++ b/programs/wusa/manifest.c @@ -360,7 +360,7 @@ static BOOL read_components(IXMLDOMElement *child, WCHAR *tagname, void *context list_add_tail(&assembly->dependencies, &entry->entry); return TRUE; } - free_dependency(entry); + free(entry); }
return FALSE;
On Thu Jun 8 16:03:04 2023 +0000, Hans Leidekker wrote:
There's even more, read_dependency() also calls free_dependency() after calling read_identity() indirectly. I think it would be better reset the pointers in clear_identity(), to avoid reintroducing this bug. Please also fix the title. This is a double free, not a memory leak.
Whoops. I fixed the title, but I will have to come back to this when I have time to look at the other double frees you mentioned (hopefully later today). Thanks for the feedback.
-
Alex Henrie -
Alex Henrie (@alexhenrie)