From owner-freebsd-hackers@FreeBSD.ORG Tue Mar 15 20:51:19 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9255416A4CE for ; Tue, 15 Mar 2005 20:51:19 +0000 (GMT) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43DC943D39 for ; Tue, 15 Mar 2005 20:51:19 +0000 (GMT) (envelope-from marcolz@stack.nl) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mailhost.stack.nl (Postfix) with ESMTP id A11691F2E1; Tue, 15 Mar 2005 21:51:18 +0100 (CET) Received: by snail.stack.nl (Postfix, from userid 333) id 8E9BB2287B; Tue, 15 Mar 2005 21:51:18 +0100 (CET) Date: Tue, 15 Mar 2005 21:51:18 +0100 From: Marc Olzheim To: Vijay.Singh@nokia.com Message-ID: <20050315205118.GD74516@stack.nl> References: <20050315204207.GC74516@stack.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9crTWz/Z+Zyzu20v" Content-Disposition: inline In-Reply-To: <20050315204207.GC74516@stack.nl> X-Operating-System: FreeBSD snail.stack.nl 5.3-RELEASE-p5 FreeBSD 5.3-RELEASE-p5 X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.8i cc: marcolz@stack.nl cc: freebsd-hackers@freebsd.org Subject: Re: memory leak in inflate.c X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2005 20:51:19 -0000 --9crTWz/Z+Zyzu20v Content-Type: multipart/mixed; boundary="uxuisgdDHaNETlh8" Content-Disposition: inline --uxuisgdDHaNETlh8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 15, 2005 at 09:42:07PM +0100, Marc Olzheim wrote: > > Thanks. Could someone generate the patch as I dont have the latest > > FreeBSD source checked out. >=20 > Hmm, there seem to be more possible leaks, as the code has been > literally copied from /usr/src/gnu/usr.bin/gzip/, including the define > of PKZIP_BUG_WORKAROUND. Have you checked all possible problems, or did > you just stumble onto this one ? Ah, never mind, that PKZIP_BUG_WORKAROUND part seems to be ok. Here it is. Marc --uxuisgdDHaNETlh8 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="huft_free.patch" Content-Transfer-Encoding: quoted-printable --- kern/inflate.c Tue Mar 15 21:46:14 2005 +++ kern/inflate.c Tue Mar 15 21:46:22 2005 @@ -956,14 +956,15 @@ return i; /* incomplete code set */ #endif } + /* decompress until an end-of-block code */ - if (inflate_codes(glbl, tl, td, bl, bd)) - return 1; + i =3D (inflate_codes(glbl, tl, td, bl, bd)) ? 1 : 0; =20 /* free the decoding tables, return */ huft_free(glbl, tl); huft_free(glbl, td); - return 0; + + return i; } =20 /* decompress an inflated block */ --uxuisgdDHaNETlh8-- --9crTWz/Z+Zyzu20v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCN0rGezjnobFOgrERAjVlAKCOwPY3UwY/5TNMta1YEFcmPcUE7gCfalVA ArLl/ad5wmMCkz/ug2NwZFM= =J1T3 -----END PGP SIGNATURE----- --9crTWz/Z+Zyzu20v--