Hi, Found with scan-build, there's a potential leak memory on libkeynote, if kn_encode_base64 is successful inside keynote_sign_assertion function.
OK? Index: signature.c =================================================================== RCS file: /cvs/src/lib/libkeynote/signature.c,v retrieving revision 1.25 diff -u -p -u -r1.25 signature.c --- signature.c 23 Dec 2015 21:15:58 -0000 1.25 +++ signature.c 9 May 2017 12:09:41 -0000 @@ -988,12 +988,10 @@ keynote_sign_assertion(struct assertion return NULL; } - if ((slen = kn_encode_base64(sbuf, slen, finalbuf, - 2 * slen)) == -1) - { - free(sbuf); - return NULL; - } + slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen); + free(sbuf); + if (slen == -1) + return NULL; break; default: