Security: The realpath() calls malloc() and free() is not called (memory leak).

I change the code and didn't realize that realpath() conditionally calls malloc().
When I change th code to pass a variable initialized to 0, I ended up triggering realpath() to call malloc().
This results in a memory leak.

Instead, pass a statically allocated array.

diff --git a/level_0/f_path/c/private-path.c b/level_0/f_path/c/private-path.c
index c41f4548e32aee86591dbd03adbe9dd62e678490..8ef4fed749864ee9abad457820f837f425d5934e 100644 (file)
--- a/level_0/f_path/c/private-path.c
+++ b/level_0/f_path/c/private-path.c
@@ -8,9 +8,14 @@ extern "C" {
 #if !defined(_di_f_path_current_) || !defined(_di_f_path_real_)
   f_status_t private_f_path_real(const char *path, f_string_dynamic_t * const real) {
 
-    char *buffer = realpath(path, buffer);
+    // Use a static array so that realpath() does not call malloc().
+    char temporary[PATH_MAX];
 
-    if (buffer == 0) {
+    memset(temporary, 0, sizeof(char) * F_path_length_max_d);
+
+    char * const buffer = realpath(path, temporary);
+
+    if (!buffer) {
       if (errno == EACCES) return F_status_set_error(F_access_denied);
       if (errno == EINVAL) return F_status_set_error(F_parameter);
       if (errno == EIO) return F_status_set_error(F_input_output);