Details
Description
We have code like this in create_buffer_iarchive and create_buffer_oarchive:
struct iarchive *ia = malloc(sizeof(*ia)); struct buff_struct *buff = malloc(sizeof(struct buff_struct)); if (!ia) return 0; if (!buff) { free(ia); return 0; }
If first malloc failed but second succeeds, then the memory allocated with second malloc will not get freed when the function returned. One could argue that if first malloc failed the second will also fail (i.e. when system run out of memory), but I could also see the possibility of the opposite (the first malloc failed because heap fragmentation but the second succeeds).