git.ipfire.org Git - thirdparty/libarchive.git/commit

author	Sanjay Rawat <sanjayr@ymail.com>
	Thu, 21 May 2026 21:51:09 +0000 (23:51 +0200)
committer	Tobias Stoeckmann <tobias@stoeckmann.org>
	Thu, 21 May 2026 21:56:11 +0000 (23:56 +0200)
commit	1aeaa4d1040b6da6301eb647eb7a44088ae4a855
tree	99b521d50199a9c47c57fac82b33e90eb00c4d82	tree \| snapshot
parent	fd182c5ba56cff54d6963c3928ca4d9f363b9ff9	commit \| diff

xar: fix fflags_text leak in file_free

file_free() releases pathname, symlink, uname, gname, and hardlink but
omits fflags_text. When a XAR archive describes a file with <flags> or
<ext2> children (e.g. <SystemNoUnlink/>, <Compress/>), xml_parse_file_flags
/ xml_parse_file_ext2 populate xar_file->fflags_text via archive_strcat,
which heap-allocates. The buffer leaks on every file_free().

Reproduces with ASan+LSan via the bundled bsdtar:
bsdtar -tvf <xar-with-flags>
=> Direct leak of N bytes ... archive_strcat ... xml_parse_file_flags

Same shape as commit 6767cbe3 ("Free XAR xattr fstype metadata"), which
fixed the analogous miss in xattr_free().

Existing release of fflags_text in archive_string_free is a no-op when
the field was never populated (.s == NULL, free(NULL) is safe), so the
patch is harmless on the non-flags path.

Resolves #3058.