[nuttx-apps] branch master updated: fsutils/passwd: fix warning: leak of ‘iobuffer’ [CWE-401] [-Wanalyzer-malloc-leak]

xiaoxiang Sat, 18 Feb 2023 01:25:06 -0800

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx-apps.git



The following commit(s) were added to refs/heads/master by this push:
     new 78b7318a0 fsutils/passwd: fix warning: leak of ‘iobuffer’ [CWE-401] 
[-Wanalyzer-malloc-leak]
78b7318a0 is described below

commit 78b7318a049d4f8d519362cf9f396d2d3e1624b3
Author: Junbo Zheng <zhengjun...@xiaomi.com>
AuthorDate: Sat Feb 18 14:41:17 2023 +0800

    fsutils/passwd: fix warning: leak of ‘iobuffer’ [CWE-401] 
[-Wanalyzer-malloc-leak]
    
    In function ‘passwd_find’:
    passwd_find.c:82:14: warning: leak of ‘iobuffer’ [CWE-401] 
[-Wanalyzer-malloc-leak]
       82 |       return -errcode;
          |              ^~~~~~~~
      ‘passwd_find’: events 1-5
        |
        |   65 |   iobuffer = (FAR char 
*)malloc(CONFIG_FSUTILS_PASSWD_IOBUFFER_SIZE);
        |      |                          
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        |      |                          |
        |      |                          (1) allocated here
        |   66 |   if (iobuffer == NULL)
        |      |      ~
        |      |      |
        |      |      (2) assuming ‘iobuffer’ is non-NULL
        |      |      (3) following ‘false’ branch (when ‘iobuffer’ is 
non-NULL)...
        |......
        |   73 |   stream = fopen(CONFIG_FSUTILS_PASSWD_PATH, "r");
        |      |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        |      |            |
        |      |            (4) ...to here
        |   74 |   if (stream == NULL)
        |      |      ~
        |      |      |
        |      |      (5) following ‘true’ branch (when ‘stream’ is NULL)...
        |
      ‘passwd_find’: event 6
        |
        |   80 |       int errcode = errno;
        |      |                     ^~~~~
        |      |                     |
        |      |                     (6) ...to here
        |
      ‘passwd_find’: event 7
        |
        |   82 |       return -errcode;
        |      |              ^~~~~~~~
        |      |              |
        |      |              (7) ‘iobuffer’ leaks here; was allocated at (1)
        |
    
    Signed-off-by: Junbo Zheng <zhengjun...@xiaomi.com>
---
 fsutils/passwd/passwd_find.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fsutils/passwd/passwd_find.c b/fsutils/passwd/passwd_find.c
index 0ba671ed0..e377bbb30 100644
--- a/fsutils/passwd/passwd_find.c
+++ b/fsutils/passwd/passwd_find.c
@@ -73,6 +73,10 @@ int passwd_find(FAR const char *username, FAR struct 
passwd_s *passwd)
   stream = fopen(CONFIG_FSUTILS_PASSWD_PATH, "r");
   if (stream == NULL)
     {
+      /* Free an I/O buffer for the transfer */
+
+      free(iobuffer);
+
       int errcode = errno;
       DEBUGASSERT(errcode > 0);
       return -errcode;

[nuttx-apps] branch master updated: fsutils/passwd: fix warning: leak of ‘iobuffer’ [CWE-401] [-Wanalyzer-malloc-leak]

Reply via email to