Bug 1998426

Summary: Covscan issues: RESOURCE_LEAK in src/xml_parser_primary.c and xml_parser_filelists.c
Product: Red Hat Enterprise Linux 9 Reporter: Jaroslav Rohel <jrohel>
Component: createrepo_cAssignee: Jaroslav Rohel <jrohel>
Status: CLOSED ERRATA QA Contact: Eva Mrakova <emrakova>
Severity: unspecified Docs Contact:
Priority: medium    
Version: unspecifiedCC: amatej, pkratoch, tbajer
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: createrepo_c-0.17.7-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 12:54:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2006666    
Bug Blocks:    

Description Jaroslav Rohel 2021-08-27 07:04:11 UTC 
6. createrepo_c-0.17.2/src/xml_parser_primary.c:633: alloc_fn: Storage is returned from allocation function "cr_package_file_new".
7. createrepo_c-0.17.2/src/xml_parser_primary.c:633: var_assign: Assigning: "pkg_file" = storage returned from "cr_package_file_new()".
10. createrepo_c-0.17.2/src/xml_parser_primary.c:639: leaked_storage: Variable "pkg_file" going out of scope leaks the storage it points to.
#   637|               g_set_error(&pd->err, ERR_DOMAIN, ERR_CODE_XML,
#   638|                           "Invalid <file> element: %s", pd->content);
#   639|->             break;
#   640|           }
#   641|           pd->content[pd->lcontent - strlen(pkg_file->name)] = '\0';

2. Defect type: RESOURCE_LEAK
5. createrepo_c-0.17.2/src/xml_parser_filelists.c:259: alloc_fn: Storage is returned from allocation function "cr_package_file_new".
6. createrepo_c-0.17.2/src/xml_parser_filelists.c:259: var_assign: Assigning: "pkg_file" = storage returned from "cr_package_file_new()".
9. createrepo_c-0.17.2/src/xml_parser_filelists.c:265: leaked_storage: Variable "pkg_file" going out of scope leaks the storage it points to.
#   263|               g_set_error(&pd->err, ERR_DOMAIN, ERR_CODE_XML,
#   264|                           "Invalid <file> element: %s", pd->content);
#   265|->             break;
#   266|           }

Covscan result: https://cov01.lab.eng.brq.redhat.com/covscanhub/waiving/79582/215034/#defects
Comment 1 amatej 2021-09-01 10:24:57 UTC 
PR: https://github.com/rpm-software-management/createrepo_c/pull/282
Comment 9 errata-xmlrpc 2022-05-17 12:54:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: createrepo_c), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2420