Plug a memory leak in CVRF

jan-cerny · jan-cerny · commit 8ded458e4748 · 2018-10-08T10:11:52.000+02:00
If there is 0 iterations of the outer while loop, the 'filtered_ids'
variable isn't freed. Fortunately, we can allocate it inside
the while loop. If it's not free'd in this function, it is free'd
in cvrf_product_status_free.
diff --git a/src/CVRF/cvrf_priv.c b/src/CVRF/cvrf_priv.c
@@ -512,14 +512,14 @@ struct cvrf_vulnerability *cvrf_vulnerability_clone(const struct cvrf_vulnerabil
 }
 
 int cvrf_vulnerability_filter_by_product(struct cvrf_vulnerability *vuln, const char *prod) {
-	struct oscap_stringlist *filtered_ids = oscap_stringlist_new();
 	int ret = 0;
 
 	struct cvrf_product_status_iterator *statuses = cvrf_vulnerability_get_product_statuses(vuln);
 	while (cvrf_product_status_iterator_has_more(statuses)) {
 		struct cvrf_product_status *stat = cvrf_product_status_iterator_next(statuses);
 
 		struct oscap_string_iterator *products = cvrf_product_status_get_ids(stat);
+		struct oscap_stringlist *filtered_ids = oscap_stringlist_new();
 		while (oscap_string_iterator_has_more(products)) {
 			const char *product_id = oscap_string_iterator_next(products);
 			if (oscap_str_startswith(product_id, prod))
