From: patrick keshishian <sidster@boxsoft.com>
Subject: Re: watch: missing calloc return check
To: Jan Schreiber <jes@posteo.de>
Cc: tech@openbsd.org
Date: Fri, 3 Apr 2026 15:44:11 -0700

On Fri, Apr 03, 2026 at 07:20:45PM +0000, Jan Schreiber wrote:
> Hi,
> 
> this calloc call never got NULL checked and cmdstr was not free'd.
> The missing free before exit(0) didn't hurt anything except the consistency.
> 
> Jan
> 
> diff --git usr.bin/watch/watch.c usr.bin/watch/watch.c
> index 1d5f8248fb5..3502a72d52b 100644
> --- usr.bin/watch/watch.c
> +++ usr.bin/watch/watch.c
> @@ -447,6 +447,9 @@ start_child()
>  	int fds[2];
>  
>  	child = calloc(1, sizeof(*child));
> +	if ((child = calloc(1, sizeof(*child))) == NULL)
> +		err(1, "calloc");

Now you are leaking memory.
-pk

> +
>  	child->bufsiz = sizeof(child->buf);
>  
>  	if (pipe(fds) == -1)
> @@ -910,6 +913,7 @@ quit(void)
>  	refresh();
>  	endwin();
>  	free(cmdv);
> +	free(cmdstr);
>  	exit(0);
>  }
>  
>