[BlueZ,v2,09/20] media: Fix memory leak

Message ID	20240510121355.3241456-10-hadess@hadess.net (mailing list archive)
State	Accepted
Commit	3652e98d2bb6fe8d7ba5b66f9cd6403fca3995b7
Headers	show Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AAFA16F829 for <linux-bluetooth@vger.kernel.org>; Fri, 10 May 2024 12:14:05 +0000 (UTC) From: Bastien Nocera <hadess@hadess.net> To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera <hadess@hadess.net> Subject: [BlueZ v2 09/20] media: Fix memory leak Date: Fri, 10 May 2024 14:10:19 +0200 Message-ID: <20240510121355.3241456-10-hadess@hadess.net> In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Fix a number of static analysis issues \| expand [BlueZ,v2,00/20] Fix a number of static analysis issues [BlueZ,v2,01/20] adapter: Use false instead of 0 for bool [BlueZ,v2,02/20] attrib/gatt: Guard against possible integer overflow [BlueZ,v2,03/20] client/gatt: Don't pass negative fd on error [BlueZ,v2,04/20] client/gatt: Check write_value() retval [BlueZ,v2,05/20] client/main: Fix array access [BlueZ,v2,06/20] client/main: Fix mismatched free [BlueZ,v2,07/20] monitor/att: Fix memory leak [BlueZ,v2,08/20] bap: Fix memory leaks [BlueZ,v2,09/20] media: Fix memory leak [BlueZ,v2,10/20] main: Fix memory leaks [BlueZ,v2,11/20] isotest: Consider "0" fd to be valid [BlueZ,v2,12/20] isotest: Fix error check after opening file [BlueZ,v2,13/20] client/player: Fix copy/paste error [BlueZ,v2,14/20] shared/vcp: Fix copy/paste error [BlueZ,v2,15/20] isotest: Fix fd leak [BlueZ,v2,16/20] iso-tester: Fix fd leak [BlueZ,v2,17/20] sdp: Fix use of uninitialised memory [BlueZ,v2,18/20] monitor: Work-around memory leak warning [BlueZ,v2,19/20] avrcp: Fix uninitialised memory usage [BlueZ,v2,20/20] main: Simplify variable assignment

Message ID

20240510121355.3241456-10-hadess@hadess.net (mailing list archive)

State

Accepted

Commit

3652e98d2bb6fe8d7ba5b66f9cd6403fca3995b7

Headers

From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Cc: Bastien Nocera <hadess@hadess.net>
Subject: [BlueZ v2 09/20] media: Fix memory leak
Date: Fri, 10 May 2024 14:10:19 +0200
Message-ID: <20240510121355.3241456-10-hadess@hadess.net>
In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net>
References: <20240510121355.3241456-1-hadess@hadess.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Fix a number of static analysis issues | expand

Checks

Context	Check	Description
tedd_an/pre-ci_am	success	Success
tedd_an/CheckPatch	success	CheckPatch PASS
tedd_an/GitLint	fail	WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (203>80): "bluez-5.75/profiles/audio/media.c:1278:2: alloc_arg: "asprintf" allocates memory that is stored into "name". [Note: The source code implementation of the function has been overridden by a builtin model.]" 5: B1 Line exceeds max length (122>80): "bluez-5.75/profiles/audio/media.c:1291:2: noescape: Resource "name" is not freed or pointed-to in "bt_bap_add_vendor_pac"." 6: B1 Line exceeds max length (124>80): "bluez-5.75/profiles/audio/media.c:1297:3: leaked_storage: Variable "name" going out of scope leaks the storage it points to." 7: B3 Line contains hard tab characters (\t): "1295\| error("Unable to create PAC");" 8: B3 Line contains hard tab characters (\t): "1296\| free(metadata);" 9: B3 Line contains hard tab characters (\t): "1297\|-> return false;" 10: B3 Line contains hard tab characters (\t): "1298\| }"
tedd_an/IncrementalBuild	success	Incremental Build PASS

Context

Check

Description

tedd_an/pre-ci_am

success

Success

tedd_an/CheckPatch

success

CheckPatch PASS

tedd_an/GitLint

fail

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (203>80): "bluez-5.75/profiles/audio/media.c:1278:2: alloc_arg: "asprintf" allocates memory that is stored into "name". [Note: The source code implementation of the function has been overridden by a builtin model.]" 5: B1 Line exceeds max length (122>80): "bluez-5.75/profiles/audio/media.c:1291:2: noescape: Resource "name" is not freed or pointed-to in "bt_bap_add_vendor_pac"." 6: B1 Line exceeds max length (124>80): "bluez-5.75/profiles/audio/media.c:1297:3: leaked_storage: Variable "name" going out of scope leaks the storage it points to." 7: B3 Line contains hard tab characters (\t): "1295| error("Unable to create PAC");" 8: B3 Line contains hard tab characters (\t): "1296| free(metadata);" 9: B3 Line contains hard tab characters (\t): "1297|-> return false;" 10: B3 Line contains hard tab characters (\t): "1298| }"

tedd_an/IncrementalBuild

success

Incremental Build PASS

Commit Message

Bastien Nocera May 10, 2024, 12:10 p.m. UTC

Error: RESOURCE_LEAK (CWE-772): [#def47] [important]
bluez-5.75/profiles/audio/media.c:1278:2: alloc_arg: "asprintf" allocates memory that is stored into "name". [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.75/profiles/audio/media.c:1291:2: noescape: Resource "name" is not freed or pointed-to in "bt_bap_add_vendor_pac".
bluez-5.75/profiles/audio/media.c:1297:3: leaked_storage: Variable "name" going out of scope leaks the storage it points to.
1295|			error("Unable to create PAC");
1296|			free(metadata);
1297|->			return false;
1298|		}
1299|
---
 profiles/audio/media.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/profiles/audio/media.c b/profiles/audio/media.c
index 07147a25d532..4bbd584deaba 100644
--- a/profiles/audio/media.c
+++ b/profiles/audio/media.c
@@ -1293,6 +1293,7 @@  static bool endpoint_init_pac(struct media_endpoint *endpoint, uint8_t type,
 				&data, metadata);
 	if (!endpoint->pac) {
 		error("Unable to create PAC");
+		free(name);
 		free(metadata);
 		return false;
 	}