http://bugzilla.spamassassin.org/show_bug.cgi?id=4028
------- Additional Comments From [EMAIL PROTECTED] 2004-12-18 11:56 ------- Created an attachment (id=2573) --> (http://bugzilla.spamassassin.org/attachment.cgi?id=2573&action=view) Patch to libspamc that is easier to be sure has no memory leak I looked at the code. It doesn't seem right to me and it seems confusing. m->out may be set to some malloc'd memory. That memory may be freed, at which point m->out is be set to m->msg, a pointer to whose value changes. Thus the logic should be: if m->out points to its own buffer, free it. if m->raw points to anything, free it if m->pre points to anything, free it. The problem is that test for "if m->out points to its own buffer". I'm sure that whoever wrote the code originally had in their head exactly what is done with m->out, m->msg, and m->pre so that the test would be exactly correct. And maybe whoever has changed code afterwards did not accidentally change something in a way that changed the assumptions of the test. But I'm skeptical. I'm attaching a patch that I think is a lot safer. It does this instead of the above: m->outbuf is set to some malloc'd memory. m->out is initially set to m->outbuf. Later it may be set to m-msg, at which point m->outbuf can be freed. That code is repeated four times and I'm adding a line to it, so I'm putting it in a static subroutine. Then the cleanup code becomes: if m->outbuf points to anything, free it. if m->raw points to anything, free it if m->pre points to anything, free it. The patch passes make test so I'm checking this in to trunk. If anyone doesn't like it, please let me know. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
