Package: libtar0
Version: 1.2.20-8+b1
Severity: normal

Dear Maintainer,

calling tar_open() for a non-existent file produces a memory leak.

E.g. the following trivial code

--8<-------------------------------------------------------------------------
#include <stddef.h>
#include <fcntl.h>
#include <libtar.h>

int main()
{
        TAR *tar;
        int open_res;

        open_res = tar_open(&tar, "/this/file/does/not/exist", NULL, O_RDONLY, 
0, TAR_GNU);
        if (open_res == 0) {
                tar_close(tar);
        }
        return 0;
}
--8<-------------------------------------------------------------------------

produces the Valgind output:

--8<-------------------------------------------------------------------------
test@buster:~/libtar_memleak$ valgrind --leak-check=full ./libtar-memleak
==2643== Memcheck, a memory error detector
==2643== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2643== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==2643== Command: ./libtar-memleak
==2643==
==2643==
==2643== HEAP SUMMARY:
==2643==     in use at exit: 2,080 bytes in 2 blocks
==2643==   total heap usage: 3 allocs, 1 frees, 2,656 bytes allocated
==2643==
==2643== 2,080 (32 direct, 2,048 indirect) bytes in 1 blocks are definitely 
lost in loss record 2 of 2
==2643==    at 0x4837B65: calloc (vg_replace_malloc.c:752)
==2643==    by 0x4861B97: libtar_hash_new (in 
/usr/lib/x86_64-linux-gnu/libtar.so.0.0.0)
==2643==    by 0x48619A0: ??? (in /usr/lib/x86_64-linux-gnu/libtar.so.0.0.0)
==2643==    by 0x48619FD: tar_open (in 
/usr/lib/x86_64-linux-gnu/libtar.so.0.0.0)
==2643==    by 0x10916F: main (libtar-memleak.c:10)
==2643==
==2643== LEAK SUMMARY:
==2643==    definitely lost: 32 bytes in 1 blocks
==2643==    indirectly lost: 2,048 bytes in 1 blocks
==2643==      possibly lost: 0 bytes in 0 blocks
==2643==    still reachable: 0 bytes in 0 blocks
==2643==         suppressed: 0 bytes in 0 blocks
==2643==
==2643== For counts of detected and suppressed errors, rerun with: -v
==2643== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
--8<-------------------------------------------------------------------------

It appears that the patch
<https://repo.or.cz/libtar.git/commit/36629a41208375f5105427e98078127551692028>
which does fix /exactly/ this issue is missing.



-- System Information:
Debian Release: 10.3
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libtar0 depends on:
ii  libc6  2.28-10

libtar0 recommends no packages.

libtar0 suggests no packages.

-- no debconf information

Reply via email to