<<< Date Index >>>     <<< Thread Index >>>

fromcode memory leak



About the fromcode memory leak (see bug 3215), function
convert_file_from_to of sendlib.c is declared as static and
is called only once in sendlib.c:

    if (Charset && (chs || SendCharset) &&
        convert_file_from_to (fp, fchs, chs ? chs : SendCharset,
                              &fromcode, &tocode, info) != (size_t)(-1))

so that the parameter fromcode of convert_file_from_to cannot be null
(it is an address). The body of the function contains:

  if (fromcode)
  {
[...]
  }
  else
  {
    /* There is only one fromcode */
    ret = convert_file_to (file, fromcodes, ncodes, (const char **)tcode,
                           &cn, info);
    if (ret != (size_t)(-1))
    {
      *tocode = tcode[cn];
      tcode[cn] = 0;
    }
  }

So, I suppose that the "if (fromcode)" is not necessary and that the
"else" code is never executed and should be removed. Can you confirm?

Also, due to the

        *fromcode = fcode;

fcode must not be freed here if ret != (size_t)(-1). Concerning the
caller:

    if (Charset && (chs || SendCharset) &&
        convert_file_from_to (fp, fchs, chs ? chs : SendCharset,
                              &fromcode, &tocode, info) != (size_t)(-1))
    {
      if (!chs)
      {
        mutt_canonical_charset (chsbuf, sizeof (chsbuf), tocode);
        mutt_set_parameter ("charset", chsbuf, &b->parameter);
      }
      b->charset = fromcode;
      FREE (&tocode);
      safe_fclose (&fp);
      return info;
    }

If the "if" condition is not satisfied, everything is OK (fcode was
freed if convert_file_from_to returned -1). But due to the

      b->charset = fromcode;

the string still must not be freed here. But what if b->charset
contained an old charset string before the assignment? Should this
old string be freed? Or could it be referenced several times?

One should probably check all the (BODY *)->charset occurrences...

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)