Closed Bug 620238 Opened 9 years ago Closed Last year

evhttp_parse_headers leaks line for continued lines when append succeeds

Categories

(Core :: IPC, defect)

defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, memory-leak)

Attachments

(1 file)

1430 evhttp_append_to_last_header(struct evkeyvalq *headers, const char *line)

1453 evhttp_parse_headers(struct evhttp_request *req, struct evbuffer* buffer)
1454 {
1455         char *line;
this clobbers line with a new allocation:
1459         while ((line = evbuffer_readline(buffer))
1460                != NULL) {
1461                 char *skey, *svalue;
1470                 if (*line == ' ' || *line == '\t') {
when this doesn't return failure:
1471                         if (evhttp_append_to_last_header(headers, line) == -1)
1472                                 goto error;
we continue:
1473                         continue;
when we continue, we leak line.
1474                 }
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #498667 - Flags: review?(benjamin)
Attachment #498667 - Flags: approval2.0?
Comment on attachment 498667 [details] [diff] [review]
please send upstream

I don't think we use this code at all, and it's part of libevent upstream. Can we either not build it, or just send this patch upstream?
Attachment #498667 - Flags: review?(benjamin) → review?(bent.mozilla)
Attachment #498667 - Flags: approval2.0?
Comment on attachment 498667 [details] [diff] [review]
please send upstream

I think this got fixed.
Attachment #498667 - Flags: review?(bent.mozilla)
This seems to be fixed in our current version of libevent: https://searchfox.org/mozilla-central/rev/1ce4e8a5601da8e744ca6eda69e782318afab54d/ipc/chromium/src/third_party/libevent/http.c#2080
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.