diff mbox series

[BlueZ,14/15] shared/bap: Fix memory leak in error path

Message ID 20240516090340.61417-15-hadess@hadess.net (mailing list archive)
State Accepted
Commit 377f2ec0721f3ad210060b156f960c46e561e5f9
Headers show
Series Fix a number of static analysis issues #2 | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint fail WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (106>80): "bluez-5.75/src/shared/bap.c:6066:27: alloc_fn: Storage is returned from allocation function "util_malloc"." 5: B1 Line exceeds max length (115>80): "bluez-5.75/src/shared/bap.c:6066:27: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)"." 6: B1 Line exceeds max length (196>80): "bluez-5.75/src/shared/bap.c:6066:27: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]" 7: B1 Line exceeds max length (118>80): "bluez-5.75/src/shared/bap.c:6066:27: leaked_storage: Variable "__p" going out of scope leaks the storage it points to." 8: B1 Line exceeds max length (88>80): "bluez-5.75/src/shared/bap.c:6066:2: var_assign: Assigning: "base_iov" = "({...; __p;})"." 9: B1 Line exceeds max length (117>80): "bluez-5.75/src/shared/bap.c:6070:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_le24"." 10: B1 Line exceeds max length (122>80): "bluez-5.75/src/shared/bap.c:6071:3: leaked_storage: Variable "base_iov" going out of scope leaks the storage it points to." 12: B3 Line contains hard tab characters (\t): "6070| if (!util_iov_push_le24(base_iov, base->pres_delay))" 13: B3 Line contains hard tab characters (\t): "6071|-> return NULL;" 15: B3 Line contains hard tab characters (\t): "6073| if (!util_iov_push_u8(base_iov," 18: B1 Line exceeds max length (106>80): "bluez-5.75/src/shared/bap.c:6066:27: alloc_fn: Storage is returned from allocation function "util_malloc"." 19: B1 Line exceeds max length (115>80): "bluez-5.75/src/shared/bap.c:6066:27: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)"." 20: B1 Line exceeds max length (196>80): "bluez-5.75/src/shared/bap.c:6066:27: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]" 21: B1 Line exceeds max length (118>80): "bluez-5.75/src/shared/bap.c:6066:27: leaked_storage: Variable "__p" going out of scope leaks the storage it points to." 22: B1 Line exceeds max length (88>80): "bluez-5.75/src/shared/bap.c:6066:2: var_assign: Assigning: "base_iov" = "({...; __p;})"." 23: B1 Line exceeds max length (117>80): "bluez-5.75/src/shared/bap.c:6070:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_le24"." 24: B1 Line exceeds max length (115>80): "bluez-5.75/src/shared/bap.c:6073:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_u8"." 25: B1 Line exceeds max length (122>80): "bluez-5.75/src/shared/bap.c:6075:3: leaked_storage: Variable "base_iov" going out of scope leaks the storage it points to." 26: B3 Line contains hard tab characters (\t): "6073| if (!util_iov_push_u8(base_iov," 27: B3 Line contains hard tab characters (\t): "6074| queue_length(base->subgroups)))" 28: B3 Line contains hard tab characters (\t): "6075|-> return NULL;" 30: B3 Line contains hard tab characters (\t): "6077| queue_foreach(base->subgroups, generate_subgroup_base,"

Commit Message

Bastien Nocera May 16, 2024, 9:03 a.m. UTC
Error: RESOURCE_LEAK (CWE-772): [#def38] [important]
bluez-5.75/src/shared/bap.c:6066:27: alloc_fn: Storage is returned from allocation function "util_malloc".
bluez-5.75/src/shared/bap.c:6066:27: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)".
bluez-5.75/src/shared/bap.c:6066:27: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.75/src/shared/bap.c:6066:27: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
bluez-5.75/src/shared/bap.c:6066:2: var_assign: Assigning: "base_iov" = "({...; __p;})".
bluez-5.75/src/shared/bap.c:6070:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_le24".
bluez-5.75/src/shared/bap.c:6071:3: leaked_storage: Variable "base_iov" going out of scope leaks the storage it points to.
6069|
6070|		if (!util_iov_push_le24(base_iov, base->pres_delay))
6071|->		return NULL;
6072|
6073|		if (!util_iov_push_u8(base_iov,

Error: RESOURCE_LEAK (CWE-772): [#def39] [important]
bluez-5.75/src/shared/bap.c:6066:27: alloc_fn: Storage is returned from allocation function "util_malloc".
bluez-5.75/src/shared/bap.c:6066:27: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)".
bluez-5.75/src/shared/bap.c:6066:27: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.75/src/shared/bap.c:6066:27: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
bluez-5.75/src/shared/bap.c:6066:2: var_assign: Assigning: "base_iov" = "({...; __p;})".
bluez-5.75/src/shared/bap.c:6070:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_le24".
bluez-5.75/src/shared/bap.c:6073:2: noescape: Resource "base_iov" is not freed or pointed-to in "util_iov_push_u8".
bluez-5.75/src/shared/bap.c:6075:3: leaked_storage: Variable "base_iov" going out of scope leaks the storage it points to.
6073|		if (!util_iov_push_u8(base_iov,
6074|				queue_length(base->subgroups)))
6075|->			return NULL;
6076|
6077|		queue_foreach(base->subgroups, generate_subgroup_base,
---
 src/shared/bap.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/src/shared/bap.c b/src/shared/bap.c
index 0026bc8dc989..48b6d7f4ea85 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -6067,12 +6067,18 @@  static struct iovec *generate_base(struct bt_base *base)
 
 	base_iov->iov_base = util_malloc(BASE_MAX_LENGTH);
 
-	if (!util_iov_push_le24(base_iov, base->pres_delay))
+	if (!util_iov_push_le24(base_iov, base->pres_delay)) {
+		free(base_iov->iov_base);
+		free(base_iov);
 		return NULL;
+	}
 
 	if (!util_iov_push_u8(base_iov,
-			queue_length(base->subgroups)))
+			queue_length(base->subgroups))) {
+		free(base_iov->iov_base);
+		free(base_iov);
 		return NULL;
+	}
 
 	queue_foreach(base->subgroups, generate_subgroup_base,
 				base_iov);