[BlueZ,10/14] main: Fix memory leaks

Message ID	20240510091814.3172988-11-hadess@hadess.net (mailing list archive)
State	Superseded
Headers	show Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7290C1635CD for <linux-bluetooth@vger.kernel.org>; Fri, 10 May 2024 09:18:26 +0000 (UTC) From: Bastien Nocera <hadess@hadess.net> To: linux-bluetooth@vger.kernel.org Subject: [BlueZ 10/14] main: Fix memory leaks Date: Fri, 10 May 2024 11:11:08 +0200 Message-ID: <20240510091814.3172988-11-hadess@hadess.net> In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net> References: <20240510091814.3172988-1-hadess@hadess.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Fix a number of static analysis issues \| expand [BlueZ,00/14] Fix a number of static analysis issues [BlueZ,01/14] adapter: Use false instead of 0 for bool [BlueZ,02/14] attrib/gatt: Guard against possible integer overflow [BlueZ,03/14] client/gatt: Don't pass negative fd on error [BlueZ,04/14] client/gatt: Check write_value() retval [BlueZ,05/14] client/main: Fix array access [BlueZ,06/14] client/main: Fix mismatched free [BlueZ,07/14] monitor/att: Fix memory leak [BlueZ,08/14] bap: Fix memory leaks [BlueZ,09/14] media: Fix memory leak [BlueZ,10/14] main: Fix memory leaks [BlueZ,11/14] isotest: Consider "0" fd to be valid [BlueZ,12/14] isotest: Fix error check after opening file [BlueZ,13/14] client/player: Fix copy/paste error [BlueZ,14/14] shared/vcp: Fix copy/paste error

Message ID

20240510091814.3172988-11-hadess@hadess.net (mailing list archive)

State

Superseded

Headers

From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Subject: [BlueZ 10/14] main: Fix memory leaks
Date: Fri, 10 May 2024 11:11:08 +0200
Message-ID: <20240510091814.3172988-11-hadess@hadess.net>
In-Reply-To: <20240510091814.3172988-1-hadess@hadess.net>
References: <20240510091814.3172988-1-hadess@hadess.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Fix a number of static analysis issues | expand

Checks

Context	Check	Description
tedd_an/pre-ci_am	success	Success
tedd_an/CheckPatch	success	CheckPatch PASS
tedd_an/GitLint	fail	WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (105>80): "bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str"." 5: B1 Line exceeds max length (135>80): "bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument." 6: B1 Line exceeds max length (126>80): "bluez-5.75/src/main.c:456:3: noescape: Assuming resource "str" is not freed or pointed-to as ellipsis argument to "btd_error"." 7: B1 Line exceeds max length (113>80): "bluez-5.75/src/main.c:457:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to." 8: B1 Line exceeds max length (110>80): "bluez-5.75/src/main.c:457:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to." 9: B3 Line contains hard tab characters (\t): "455\| if (!endptr \|\| endptr != '\0') {" 10: B3 Line contains hard tab characters (\t): "456\| error("%s.%s = %s is not integer", group, key, str);" 11: B3 Line contains hard tab characters (\t): "457\|-> return false;" 12: B3 Line contains hard tab characters (\t): "458\| }" 16: B1 Line exceeds max length (105>80): "bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str"." 17: B1 Line exceeds max length (135>80): "bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument." 18: B1 Line exceeds max length (113>80): "bluez-5.75/src/main.c:463:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to." 19: B1 Line exceeds max length (110>80): "bluez-5.75/src/main.c:463:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to." 20: B3 Line contains hard tab characters (\t): "461\| warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp," 21: B3 Line contains hard tab characters (\t): "462\| min);" 22: B3 Line contains hard tab characters (\t): "463\|-> return false;" 23: B3 Line contains hard tab characters (\t): "464\| }" 27: B1 Line exceeds max length (105>80): "bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str"." 28: B1 Line exceeds max length (135>80): "bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument." 29: B1 Line exceeds max length (113>80): "bluez-5.75/src/main.c:475:2: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to." 30: B1 Line exceeds max length (110>80): "bluez-5.75/src/main.c:475:2: leaked_storage: Variable "str" going out of scope leaks the storage it points to." 31: B3 Line contains hard tab characters (\t): "473\| val = tmp;" 33: B3 Line contains hard tab characters (\t): "475\|-> return true;"

Context

Check

Description

tedd_an/pre-ci_am

success

Success

tedd_an/CheckPatch

success

CheckPatch PASS

tedd_an/GitLint

fail

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (105>80): "bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str"." 5: B1 Line exceeds max length (135>80): "bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument." 6: B1 Line exceeds max length (126>80): "bluez-5.75/src/main.c:456:3: noescape: Assuming resource "str" is not freed or pointed-to as ellipsis argument to "btd_error"." 7: B1 Line exceeds max length (113>80): "bluez-5.75/src/main.c:457:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to." 8: B1 Line exceeds max length (110>80): "bluez-5.75/src/main.c:457:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to." 9: B3 Line contains hard tab characters (\t): "455| if (!endptr || *endptr != '\0') {" 10: B3 Line contains hard tab characters (\t): "456| error("%s.%s = %s is not integer", group, key, str);" 11: B3 Line contains hard tab characters (\t): "457|-> return false;" 12: B3 Line contains hard tab characters (\t): "458| }" 16: B1 Line exceeds max length (105>80): "bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str"." 17: B1 Line exceeds max length (135>80): "bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument." 18: B1 Line exceeds max length (113>80): "bluez-5.75/src/main.c:463:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to." 19: B1 Line exceeds max length (110>80): "bluez-5.75/src/main.c:463:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to." 20: B3 Line contains hard tab characters (\t): "461| warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp," 21: B3 Line contains hard tab characters (\t): "462| min);" 22: B3 Line contains hard tab characters (\t): "463|-> return false;" 23: B3 Line contains hard tab characters (\t): "464| }" 27: B1 Line exceeds max length (105>80): "bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str"." 28: B1 Line exceeds max length (135>80): "bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument." 29: B1 Line exceeds max length (113>80): "bluez-5.75/src/main.c:475:2: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to." 30: B1 Line exceeds max length (110>80): "bluez-5.75/src/main.c:475:2: leaked_storage: Variable "str" going out of scope leaks the storage it points to." 31: B3 Line contains hard tab characters (\t): "473| *val = tmp;" 33: B3 Line contains hard tab characters (\t): "475|-> return true;"

Commit Message

Bastien Nocera May 10, 2024, 9:11 a.m. UTC

Error: RESOURCE_LEAK (CWE-772): [#def51] [important]
bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str".
bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument.
bluez-5.75/src/main.c:456:3: noescape: Assuming resource "str" is not freed or pointed-to as ellipsis argument to "btd_error".
bluez-5.75/src/main.c:457:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to.
bluez-5.75/src/main.c:457:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
455|	if (!endptr || *endptr != '\0') {
456|		error("%s.%s = %s is not integer", group, key, str);
457|->		return false;
458|	}
459|

Error: RESOURCE_LEAK (CWE-772): [#def52] [important]
bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str".
bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument.
bluez-5.75/src/main.c:463:3: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to.
bluez-5.75/src/main.c:463:3: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
461|		warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp,
462|									min);
463|->		return false;
464|	}
465|

Error: RESOURCE_LEAK (CWE-772): [#def53] [important]
bluez-5.75/src/main.c:451:2: alloc_arg: "parse_config_string" allocates memory that is stored into "str".
bluez-5.75/src/main.c:454:2: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument.
bluez-5.75/src/main.c:475:2: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to.
bluez-5.75/src/main.c:475:2: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
473|		*val = tmp;
474|
475|->	return true;
476|   }
477|
---
 src/main.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main.c b/src/main.c
index 23af6781d931..ac840d684f6d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -454,21 +454,25 @@  static bool parse_config_int(GKeyFile *config, const char *group,
 	tmp = strtol(str, &endptr, 0);
 	if (!endptr || *endptr != '\0') {
 		error("%s.%s = %s is not integer", group, key, str);
+		g_free(str);
 		return false;
 	}
 
 	if (tmp < min) {
+		g_free(str);
 		warn("%s.%s = %zu is out of range (< %zu)", group, key, tmp,
 									min);
 		return false;
 	}
 
 	if (tmp > max) {
+		g_free(str);
 		warn("%s.%s = %zu is out of range (> %zu)", group, key, tmp,
 									max);
 		return false;
 	}
 
+	g_free(str);
 	if (val)
 		*val = tmp;