Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is a memory leak defect at line 95 of the file /openssl/ssl/quic/quic_trace.c. #24340

Open
LuMingYinDetect opened this issue May 7, 2024 · 2 comments
Open

There is a memory leak defect at line 95 of the file /openssl/ssl/quic/quic_trace.c. #24340

LuMingYinDetect opened this issue May 7, 2024 · 2 comments
Labels
branch: master Merge to master branch branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 good first issue Bite size change that could be a good start triaged: bug The issue/pr is/fixes a bug

Comments

@LuMingYinDetect
Copy link

At line 79 of the file /openssl/ssl/quic/quic_trace.c, a pointer variable named ack_ranges is defined. This variable allocates a dynamic memory region via the function OPENSSL_zalloc at line 86. Since the function OPENSSL_zalloc at line 86 is within an if statement, when this if statement returns false, it indicates successful allocation of the dynamic memory region pointed to by ack_ranges. Subsequently, at line 90, the program assigns the dynamic memory region pointed to by ack_ranges to ack.ack_ranges. Similarly, ack is also a local variable defined within this function. When the if statement at line 94 returns true, the program will return at line 95 without executing the release operation for the dynamic memory region pointed to by ack_ranges at line 115. This constitutes a memory leak defect, as illustrated in the following diagram:
https://github.com/LuMingYinDetect/openssl_defects/blob/main/openssl_21.png
@LuMingYinDetect LuMingYinDetect added the issue: bug report The issue was opened to report a bug label May 7, 2024
@paulidale paulidale added triaged: bug The issue/pr is/fixes a bug and removed issue: bug report The issue was opened to report a bug labels May 7, 2024
@t8m t8m added branch: master Merge to master branch good first issue Bite size change that could be a good start branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 labels May 7, 2024
@changkhothuychung
Copy link

Hi, this is my first time trying openssl, can this issue be assigned to me? I would like to give it a try, thanks!

@paulidale
Copy link
Contributor

Go for it...
I don't think there is a need to assign it to you.
Just include a line Fixes #24340 in the commit message of your fix.

irosay added a commit to irosay/openssl that referenced this issue May 13, 2024
@irosay
quic_trace.c : Free ack_ranges when allocation fails
17c4e0b 
Fixes openssl#24340

CLA: trivial
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: master Merge to master branch branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 good first issue Bite size change that could be a good start triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@t8m @paulidale @changkhothuychung @LuMingYinDetect