419132 – potential memory leakage: forget using libxml2 API 'xmlXPathFreeContext‘ after 'xmlXPathNewContext'

Bug 419132 - potential memory leakage: forget using libxml2 API 'xmlXPathFreeContext‘ after 'xmlXPathNewContext'

Summary: potential memory leakage: forget using libxml2 API 'xmlXPathFreeContext‘ afte...

Status:	RESOLVED FIXED

Alias:	None

Product:	amarok
Classification:	Applications
Component:	Services/MP3tunes (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	kf5
Assignee:	Amarok Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-03-23 08:19 UTC by summerlinasity
Modified:	2024-06-21 10:52 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://invent.kde.org/multimedia/amarok/-/commit/312c36046bf49dadb2edbb0398989ffb6230c3e0
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description summerlinasity 2020-03-23 08:19:35 UTC

SUMMARY
I found this issue when reading source code in the file 'src/services/mp3tunes/libmp3tunes/locker.c'.

STEPS TO REPRODUCE
1. first, there are 2 functions using libxml2 API: the defined xml_xpath_init() in 84 line uses API 'xmlXPathNewContext', the defined xml_xpath_deinit() in 119 line uses API 'xmlXPathFreeContext'.
2. the second usage of xml_xpath_init() in this c file lies in 422 line, inside the defined function mp3tunes_locker_api_post_fetch()
3. then mp3tunes_locker_api_post_fetch() is used in line 1391. After it, xml_xpath_deinit() is not called to free 'result->xpath_ctx' while free() is used directly to free 'result'.
So the unfree 'result->xpath_ctx' memory is leaked.

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

Comment 1 Myriam Schweingruber 2020-03-23 21:29:48 UTC

I am not even sure this service still exists...

Comment 2 Bug Janitor Service 2024-06-21 10:35:11 UTC

A possibly relevant merge request was started @ https://invent.kde.org/multimedia/amarok/-/merge_requests/106

Comment 3 Tuomas Nurmi 2024-06-21 10:52:28 UTC

Git commit 312c36046bf49dadb2edbb0398989ffb6230c3e0 by Tuomas Nurmi.
Committed on 21/06/2024 at 10:31.
Pushed by nurmi into branch 'master'.

Some theoretical mp3tunes fixes

Fix the regexes so it compiles again. Add fixes to reported bugs, including a patch
posted by Zhouyang on bugs.kde.org. Fix some issues reported by code quality scans.

The compilation works now, but no effort was made even to try to test the functionality,
which probably doesn't. The service as is would need work and everything is turned off
in CMakeLists. Hard to predict if someone will ever update the mp3tunes to usable state,
but I guess there's no point in NOT applying the potential fixes (as the service still
exists, so maybe not everything's not broken enough to justify removing) so the existing
issues can be happily cleaned up at least.
Related: bug 391146

M  +3    -2    src/services/mp3tunes/Mp3tunesService.cpp
M  +3    -3    src/services/mp3tunes/Mp3tunesServiceCollection.cpp
M  +27   -5    src/services/mp3tunes/libmp3tunes/locker.c

https://invent.kde.org/multimedia/amarok/-/commit/312c36046bf49dadb2edbb0398989ffb6230c3e0