oss-sec mailing list archives
Re: CVE-2023-31975: memory leak in yasm
From: Steve Grubb <sgrubb () redhat com>
Date: Wed, 21 Jun 2023 21:53:54 -0400
On Wednesday, June 21, 2023 5:54:57 PM EDT Demi Marie Obenour wrote:
On Thu, Jun 22, 2023 at 01:44:04AM +1000, Dave Horsfall wrote:On Wed, 21 Jun 2023, Jeffrey Walton wrote:Memory leaks on exit are par for the course in GNU software per https://www.gnu.org/prep/standards/standards.html#Memory-Usage .Don't bother with this, don't bother with that, etc... Call me old-school (which I am), but I cannot abide sloppy programming[*].Memory leaks on exit are a _good_ thing in general. There is absolutely zero point in calling free() if the program is about to exit — the OS will do a better job of freeing resources than the program itself ever could.
Sure, but how can static analysis or address sanitizers tell the difference between something created and leaked on the error path, vs something that mattered during the life of the program? Meaning something leaks in an event loop and slowly accumulates leakage. Nothing gives you a free pass but the OS when analyzing leaks. Mundane leaks need cleaning up so you can find the real leaks that matter. -Steve
Current thread:
- CVE-2023-31975: memory leak in yasm Alan Coopersmith (Jun 20)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Steve Grubb (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 22)
- Re: CVE-2023-31975: memory leak in yasm Stuart Henderson (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Jakub Wilk (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 22)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 23)