There is a memory leak defect at line 110 in /libmowgli-2/src/libmowgli/base/argstack.c.

[LuMingYinDetect]

Hello! I am a graduate student specializing in static analysis. Recently, I used a static analysis tool to test libmowgli-2 and found a potential memory leak defect. Here are the specific details of the defect:

Affected Version: libmowgli-2 2.1.3 21abd51006891ba89785cf198e130828453515ea

Vulnerability Description: The vulnerability is a memory leak bug located at line 110 of the file /libmowgli-2/src/libmowgli/base/argstack.c. This vulnerability could potentially be exploited maliciously to cause resource exhaustion and denial of service attacks.

libmowgli-2 download address: https://github.com/atheme/libmowgli-2.git

Detailed Description of the Defect:

1.At line 87 of the file /libmowgli-2/src/libmowgli/base/argstack.c, a pointer named 'e' is defined, and it is allocated a dynamic memory area using the mowgli_alloc function. When the switch statement at line 89 enters the default branch at line 107, although the dynamic memory area stored in the variable 'out' is released by calling the mowgli_object_unref function at line 108, the statement that adds the pointer 'e' to the variable 'out' is located at line 113. This means that in this iteration of the loop, 'e' has not yet been added to the variable 'out'. Subsequently, the program returns at line 110, during which the memory area pointed to by 'e' is not released, thus resulting in a memory leak defect, as illustrated below: