Fix memory leaks in libio on allocation failure

diff --git a/ChangeLog b/ChangeLog
index 61494ca6339c992451976099cfe0a693f09e784b..7d32373395583fad20ec7a643a91c841c928f839 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2013-09-09  Allan McRae  <allan@archlinux.org>
+
+       [BZ #15892]
+       * libio/memstream.c (open_memstream): Fix memory leak.
+       * libio/wmemstream.c (open_wmemstream): Likewise.
+
+       [BZ #15895]
+       * nscd/netgroupcache.c: Fix nesting of ifdefs.
+
 2013-09-05  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
 
        * sysdeps/powerpc/powerpc32/power7/memrchr.S (__memrchr): Fix invalid

diff --git a/NEWS b/NEWS
index a71d9fa6cdc59bd89a78e79e914a4ac26a7333a5..e879adb1570587e051d5575701bc40a81d463dd6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,8 @@ Version 2.18.1
 
 * The following bugs are resolved with this release:
 
-  14155, 14699, 15532, 15427, 15522, 15797, 15909, 15996, 16150.
+  14155, 14699, 15532, 15427, 15522, 15797, 15892, 15895, 15909, 15996,
+  16150.
 
 * CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes
   to the d_name member of struct dirent, or omit the terminating NUL
@@ -21,18 +22,18 @@ Version 2.18
 
   2546, 2560, 5159, 6809, 7006, 10060, 10062, 10283, 10357, 10686, 11120,
   11561, 12310, 12387, 12492, 12515, 12723, 13550, 13889, 13951, 13988,
-  14142, 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496,
-  14582, 14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14952,
-  14964, 14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003, 15006,
-  15007, 15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062, 15078,
-  15084, 15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234, 15283,
-  15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336,
-  15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394,
-  15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426,
-  15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488,
-  15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583,
-  15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711, 15755,
-  15759, 15985.
+  14142, 14155, 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478,
+  14496, 14582, 14686, 14699, 14812, 14888, 14894, 14907, 14908, 14909,
+  14920, 14952, 14964, 14981, 14982, 14985, 14991, 14994, 14996, 15000,
+  15003, 15006, 15007, 15014, 15020, 15022, 15023, 15036, 15054, 15055,
+  15062, 15078, 15084, 15085, 15086, 15100, 15160, 15214, 15221, 15232,
+  15234, 15283, 15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330,
+  15331, 15335, 15336, 15337, 15339, 15342, 15346, 15359, 15361, 15366,
+  15380, 15381, 15394, 15395, 15405, 15406, 15409, 15416, 15418, 15419,
+  15423, 15424, 15426, 15427, 15429, 15431, 15432, 15441, 15442, 15448,
+  15465, 15480, 15485, 15488, 15490, 15492, 15493, 15497, 15506, 15522,
+  15529, 15532, 15536, 15553, 15577, 15583, 15618, 15627, 15631, 15654,
+  15655, 15666, 15667, 15674, 15711, 15755, 15759, 15797, 15892, 15895.
 
 * CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal
   has been fixed by disabling the use of pt_chown (Bugzilla #15755).

diff --git a/libio/memstream.c b/libio/memstream.c
index 34534e2f94c4a29d66f0e6d76fd6cb8798d9e136..3cb1bd7057de44f11b975c04973c9a4735a5e5ba 100644 (file)
--- a/libio/memstream.c
+++ b/libio/memstream.c
@@ -84,7 +84,10 @@ open_memstream (bufloc, sizeloc)
 
   buf = calloc (1, _IO_BUFSIZ);
   if (buf == NULL)
-    return NULL;
+    {
+      free (new_f);
+      return NULL;
+    }
   _IO_init (&new_f->fp._sf._sbf._f, 0);
   _IO_JUMPS ((struct _IO_FILE_plus *) &new_f->fp._sf._sbf) = &_IO_mem_jumps;
   _IO_str_init_static_internal (&new_f->fp._sf, buf, _IO_BUFSIZ, buf);

diff --git a/libio/wmemstream.c b/libio/wmemstream.c
index 65738d4d7f241c456309b69d0309b41896ca7def..fd7fe44c4c34d76af8a5375a2b6644a5238f0cae 100644 (file)
--- a/libio/wmemstream.c
+++ b/libio/wmemstream.c
@@ -85,8 +85,10 @@ open_wmemstream (bufloc, sizeloc)
 
   buf = calloc (1, _IO_BUFSIZ);
   if (buf == NULL)
-    return NULL;
-
+    {
+      free (new_f);
+      return NULL;
+    }
   _IO_no_init (&new_f->fp._sf._sbf._f, 0, 0, &new_f->wd, &_IO_wmem_jumps);
   _IO_fwide (&new_f->fp._sf._sbf._f, 1);
   _IO_wstr_init_static (&new_f->fp._sf._sbf._f, buf,