Tar component in busybox version 1.34.1 has a memory leak bug when trying to unpack a tar file.
Ariadne Conill
ariadne at dereferenced.org
Wed Dec 1 09:41:21 UTC 2021
Hi,
On Wed, 1 Dec 2021, David Laight wrote:
> From: busybox <busybox-bounces at busybox.net> On Behalf Of Ping Lee
>> Sent: 01 December 2021 01:42
>
>> It seems that I found a bug on busybox version 1.34.1:
>> In libbb/xfuncs_printf.c:50, malloc twice for archive_handle and archive_hadle->fileheader with 184 and 72 bytes heap space.
>
>> Back to tar_main function, the two pointers(tar_handle,tar_handle->file_header) hasn't been freed when return.
>
> It can't matter it is a short-lived program that is going to exit.
> It would only be a problem if the code were in a loop.
It can matter: consider large tar files on memory constrained devices.
tar may fail to complete correctly, due to running out of memory, and in
the process of running out of memory, may invoke the OOM killer in the
process, which might kill some other process.
Ariadne
More information about the busybox
mailing list