From: Jan Schreiber <jes@posteo.de>
Subject: Re: watch: missing calloc return check
To: patrick keshishian <sidster@boxsoft.com>
Cc: tech@openbsd.org
Date: Sat, 04 Apr 2026 08:26:30 +0000

On Fri, 3 Apr 2026 15:44:11 -0700
patrick keshishian <sidster@boxsoft.com> wrote:

> On Fri, Apr 03, 2026 at 07:20:45PM +0000, Jan Schreiber wrote:
> > Hi,
> > 
> > this calloc call never got NULL checked and cmdstr was not free'd.
> > The missing free before exit(0) didn't hurt anything except the consistency.
> > 
> > Jan
> > 
> > diff --git usr.bin/watch/watch.c usr.bin/watch/watch.c
> > index 1d5f8248fb5..3502a72d52b 100644
> > --- usr.bin/watch/watch.c
> > +++ usr.bin/watch/watch.c
> > @@ -447,6 +447,9 @@ start_child()
> >  	int fds[2];
> >  
> >  	child = calloc(1, sizeof(*child));
> > +	if ((child = calloc(1, sizeof(*child))) == NULL)
> > +		err(1, "calloc");  
> 
> Now you are leaking memory.
> -pk 

Missed removing the original call to calloc, thx!
New diff below.

diff --git usr.bin/watch/watch.c usr.bin/watch/watch.c
index 1d5f8248fb5..7efc43be8ad 100644
--- usr.bin/watch/watch.c
+++ usr.bin/watch/watch.c
@@ -446,7 +446,9 @@ start_child()
 	struct child *child;
 	int fds[2];

-	child = calloc(1, sizeof(*child));
+	if ((child = calloc(1, sizeof(*child))) == NULL)
+		err(1, "calloc");
+
 	child->bufsiz = sizeof(child->buf);

 	if (pipe(fds) == -1)
@@ -910,6 +912,7 @@ quit(void)
 	refresh();
 	endwin();
 	free(cmdv);
+	free(cmdstr);
 	exit(0);
 }