This one hits if the snprintf() fails when we're writing our IPv6 exit policy. It's new in 0.2.4.7-alpha. Part of bug 7816.
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Avoid leaking IPv6 policy content if we fail to format it into
+ a router descriptor. Spotted by Coverity. Fixes part of 7816;
+ bugfix on 0.2.4.7-alpha.
@@ -2190,6 +2190,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
"ipv6-policy %s\n", p6);
if (result<0) {
log_warn(LD_BUG,"Descriptor printf of policy ran out of room");
+ tor_free(p6);
return -1;
}
written += result;