From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
 by sourceware.org (Postfix) with ESMTP id 5D1CD3857C7C
 for <libc-alpha@sourceware.org>; Fri, 10 Jul 2020 07:20:35 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 5D1CD3857C7C
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-38-dv_Ato3UOoOabBQG06HNyw-1; Fri, 10 Jul 2020 03:20:31 -0400
X-MC-Unique: dv_Ato3UOoOabBQG06HNyw-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1E4E0106B242;
 Fri, 10 Jul 2020 07:20:30 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (ovpn-113-118.ams2.redhat.com
 [10.36.113.118])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id DBC396FEE9;
 Fri, 10 Jul 2020 07:20:28 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Joseph Myers <joseph@codesourcery.com>
Cc: <libc-alpha@sourceware.org>,
 Adhemerval Zanella <adhemerval.zanella@linaro.org>
Subject: Re: Fix memory leak in __printf_fp_l (bug 26215)
References: <alpine.DEB.2.21.2007091806270.14941@digraph.polyomino.org.uk>
Date: Fri, 10 Jul 2020 09:20:27 +0200
In-Reply-To: <alpine.DEB.2.21.2007091806270.14941@digraph.polyomino.org.uk>
 (Joseph Myers's message of "Thu, 9 Jul 2020 18:07:06 +0000")
Message-ID: <874kqf6dl0.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE,
 RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 07:20:36 -0000

* Joseph Myers:

> __printf_fp_l has a memory leak in the case of some I/O errors, where
> both buffer and wbuffer have been malloced but the handling of I/O
> errors only frees wbuffer.  This patch fixes this by moving the
> declaration of buffer to an outer scope and ensuring that it is freed
> when wbuffer is freed.

Do we need to treat this as a securityh vulnerability?  I don't think
so, because there are no impacted applications as far as I can tell.

Thanks,
Florian