[Bug 929115] New: VUL-0: R-base: possible memory leak
http://bugzilla.suse.com/show_bug.cgi?id=929115 Bug ID: 929115 Summary: VUL-0: R-base: possible memory leak Classification: openSUSE Product: openSUSE Factory Version: 201503* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: vpereira@novell.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Compiling R-Base with Address Sanitizer enabled, I'm getting the following error: [ 324s] ================================================================= [ 324s] ==19643==ERROR: LeakSanitizer: detected memory leaks [ 324s] [ 324s] Direct leak of 18478 byte(s) in 1 object(s) allocated from: [ 324s] #0 0x7f2df0d4ac4a in malloc (/usr/lib64/libasan.so.2+0x96c4a) [ 324s] #1 0x7f2df05667d0 in Rf_yyparse (/home/abuild/rpmbuild/BUILD/R-3.1.1/lib/libR.so+0x2667d0) [ 324s] #2 0x7f2df056f6a8 in R_Parse1 (/home/abuild/rpmbuild/BUILD/R-3.1.1/lib/libR.so+0x26f6a8) [ 324s] [ 324s] SUMMARY: AddressSanitizer: 18478 byte(s) leaked in 1 allocation(s). [ 324s] Makefile:30: recipe for target 'all' failed [ 324s] make[3]: *** [all] Error 23 [ 324s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/R-3.1.1/src/library/tools' [ 324s] Makefile:36: recipe for target 'R' failed [ 324s] make[2]: *** [R] Error 1 [ 324s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/R-3.1.1/src/library' [ 324s] Makefile:28: recipe for target 'R' failed [ 324s] make[1]: *** [R] Error 1 [ 324s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/R-3.1.1/src' [ 324s] Makefile:57: recipe for target 'R' failed [ 324s] make: *** [R] Error 1 [ 324s] error: Bad exit status from /var/tmp/rpm-tmp.ydsSje (%build) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=929115
Victor Pereira
http://bugzilla.suse.com/show_bug.cgi?id=929115
Detlef Steuer
http://bugzilla.suse.com/show_bug.cgi?id=929115
Sebastian Krahmer
http://bugzilla.suse.com/show_bug.cgi?id=929115
http://bugzilla.suse.com/show_bug.cgi?id=929115#c3
Andreas Stieger
R-3.1.1 is really old.
Factory now contains R-3.2.0.
Now 3.2.1.
Does it still exist?
Victor could you please re-run with Factory, or share generic instructions to maintainer so he could re-run?
And: I must admit I have no idea what to do besides telling upstream, if it still exists in R-3.2.0
Detlef if you could attempt to reproduce the memory leak with ASAN and tell upstream that would be nice. That being said, resolving as "upstream" what looks like a simple memory handling bug, unless we find a reason why this would be exploitable and significant enough to be security relevant. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com