diff mbox series

[BlueZ] obexd: Fix memory leak

Message ID 20240516134053.102475-1-hadess@hadess.net (mailing list archive)
State Accepted
Commit 46c0e376fe134aba1d0876a7a50e524dfdf7175d
Headers show
Series [BlueZ] obexd: Fix memory leak | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint fail WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 8: B1 Line exceeds max length (121>80): "bluez-5.75/obexd/plugins/filesystem.c:411:3: alloc_arg: "g_file_get_contents" allocates memory that is stored into "buf"." 9: B1 Line exceeds max length (115>80): "bluez-5.75/obexd/plugins/filesystem.c:418:3: noescape: Resource "buf" is not freed or pointed-to in "g_string_new"." 10: B1 Line exceeds max length (126>80): "bluez-5.75/obexd/plugins/filesystem.c:440:2: leaked_storage: Variable "buf" going out of scope leaks the storage it points to." 11: B3 Line contains hard tab characters (\t): "438| *err = 0;" 13: B3 Line contains hard tab characters (\t): "440|-> return object;"
tedd_an/BuildEll success Build ELL PASS
tedd_an/BluezMake success Bluez Make PASS
tedd_an/MakeCheck success Bluez Make Check PASS
tedd_an/MakeDistcheck success Make Distcheck PASS
tedd_an/CheckValgrind success Check Valgrind PASS
tedd_an/CheckSmatch success CheckSparse PASS
tedd_an/bluezmakeextell success Make External ELL PASS
tedd_an/IncrementalBuild success Incremental Build PASS
tedd_an/ScanBuild success Scan Build PASS

Commit Message

Bastien Nocera May 16, 2024, 1:40 p.m. UTC
To not leak "buf", we need object->buffer to take ownership of it using
g_string_new_take() (but it's only available in 2.78 and newer), or we
need to actually free "buf".

Error: RESOURCE_LEAK (CWE-772): [#def66] [important]
bluez-5.75/obexd/plugins/filesystem.c:411:3: alloc_arg: "g_file_get_contents" allocates memory that is stored into "buf".
bluez-5.75/obexd/plugins/filesystem.c:418:3: noescape: Resource "buf" is not freed or pointed-to in "g_string_new".
bluez-5.75/obexd/plugins/filesystem.c:440:2: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
438|			*err = 0;
439|
440|->	return object;
441|
442|   fail:
---
 obexd/plugins/filesystem.c | 1 +
 1 file changed, 1 insertion(+)

Comments

bluez.test.bot@gmail.com May 16, 2024, 3:40 p.m. UTC | #1
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=853719

---Test result---

Test Summary:
CheckPatch                    PASS      0.46 seconds
GitLint                       FAIL      0.51 seconds
BuildEll                      PASS      24.81 seconds
BluezMake                     PASS      1701.13 seconds
MakeCheck                     PASS      13.71 seconds
MakeDistcheck                 PASS      179.04 seconds
CheckValgrind                 PASS      250.72 seconds
CheckSmatch                   PASS      356.39 seconds
bluezmakeextell               PASS      120.95 seconds
IncrementalBuild              PASS      1481.59 seconds
ScanBuild                     PASS      1015.99 seconds

Details
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[BlueZ] obexd: Fix memory leak

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
8: B1 Line exceeds max length (121>80): "bluez-5.75/obexd/plugins/filesystem.c:411:3: alloc_arg: "g_file_get_contents" allocates memory that is stored into "buf"."
9: B1 Line exceeds max length (115>80): "bluez-5.75/obexd/plugins/filesystem.c:418:3: noescape: Resource "buf" is not freed or pointed-to in "g_string_new"."
10: B1 Line exceeds max length (126>80): "bluez-5.75/obexd/plugins/filesystem.c:440:2: leaked_storage: Variable "buf" going out of scope leaks the storage it points to."
11: B3 Line contains hard tab characters (\t): "438|			*err = 0;"
13: B3 Line contains hard tab characters (\t): "440|->	return object;"


---
Regards,
Linux Bluetooth
patchwork-bot+bluetooth@kernel.org May 17, 2024, 2:50 p.m. UTC | #2
Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Thu, 16 May 2024 15:40:48 +0200 you wrote:
> To not leak "buf", we need object->buffer to take ownership of it using
> g_string_new_take() (but it's only available in 2.78 and newer), or we
> need to actually free "buf".
> 
> Error: RESOURCE_LEAK (CWE-772): [#def66] [important]
> bluez-5.75/obexd/plugins/filesystem.c:411:3: alloc_arg: "g_file_get_contents" allocates memory that is stored into "buf".
> bluez-5.75/obexd/plugins/filesystem.c:418:3: noescape: Resource "buf" is not freed or pointed-to in "g_string_new".
> bluez-5.75/obexd/plugins/filesystem.c:440:2: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
> 438|			*err = 0;
> 439|
> 440|->	return object;
> 441|
> 442|   fail:
> 
> [...]

Here is the summary with links:
  - [BlueZ] obexd: Fix memory leak
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=46c0e376fe13

You are awesome, thank you!
diff mbox series

Patch

diff --git a/obexd/plugins/filesystem.c b/obexd/plugins/filesystem.c
index f52927541bab..4887a0b8ac81 100644
--- a/obexd/plugins/filesystem.c
+++ b/obexd/plugins/filesystem.c
@@ -416,6 +416,7 @@  static void *capability_open(const char *name, int oflag, mode_t mode,
 		}
 
 		object->buffer = g_string_new(buf);
+		g_free(buf);
 
 		if (size)
 			*size = object->buffer->len;