| 2018-09-27 08:58:30 |
Ran An |
bug |
|
|
added bug |
| 2018-09-27 08:58:49 |
Ran An |
starlingx: assignee |
|
Ran An (an.ran) |
|
| 2018-09-28 07:43:45 |
Ran An |
tags |
|
stx.security |
|
| 2018-09-28 07:45:25 |
Ran An |
bug |
|
|
added subscriber haitao wang |
| 2018-10-08 07:49:58 |
Ran An |
bug |
|
|
added subscriber Ken Young |
| 2018-10-08 07:51:11 |
Ran An |
bug |
|
|
added subscriber Brent Rowsell |
| 2018-10-08 07:51:57 |
Ran An |
bug |
|
|
added subscriber Cindy Xie |
| 2018-10-08 07:53:09 |
Ran An |
bug |
|
|
added subscriber Bruce Jones |
| 2018-10-15 15:44:29 |
Ken Young |
starlingx: status |
New |
Triaged |
|
| 2018-10-15 15:44:33 |
Ken Young |
starlingx: importance |
Undecided |
High |
|
| 2018-10-25 00:28:23 |
Ran An |
bug |
|
|
added subscriber Tao Liu |
| 2018-10-25 00:29:26 |
Ran An |
bug |
|
|
added subscriber Dariush Eslimi |
| 2018-10-25 01:17:00 |
Ran An |
description |
Brief Description
-----------------
there is a memory leak in function 'fm_db_util_get_timestamp' fmDbUtils.cpp
Severity
--------
Major
Steps to Reproduce
------------------
free memory before function return
Expected Behavior
------------------
static analysis do not report this issue
Actual Behavior
----------------
static analysis report this issue
Reproducibility
---------------
Reproducible
System Configuration
--------------------
all |
Brief Description
-----------------
there is a memory leak in function 'fm_db_util_get_timestamp' fmDbUtils.cpp
Severity
--------
Major
Steps to Reproduce
------------------
free memory before function return
Expected Behavior
------------------
static analysis do not report this issue
Actual Behavior
----------------
static analysis report this issue
Reproducibility
---------------
Reproducible
System Configuration
--------------------
all
Static Analysis Reports
--------------------
159 bool fm_db_util_get_timestamp(const char *str, FMTimeT &ft){
160 struct timespec ts;
161 memset(&ts, 0, sizeof(ts));
162 // only check if the year is present
1. Condition strlen(str) < 10, taking false branch.
163 if (strlen(str) < 10){
164 //get the current time
165 clock_gettime(CLOCK_REALTIME, &ts);
166 }else{
167 struct tm t;
168 memset(&t, 0, sizeof(t));
169 strptime(str, "%F %T", &t);
170 ts.tv_sec = mktime(&t);
171 //now get the nanoseconds
2. alloc_fn: Storage is returned from allocation function strdup.
3. var_assign: Assigning: tstr = storage returned from strdup(str).
172 char *tstr = strdup(str);
173 strsep(&tstr, ".");
4. Condition tstr != NULL, taking true branch.
174 if (tstr != NULL){
5. noescape: Resource tstr is not freed or pointed-to in atol. [Note: The source code implementation of the function has been overridden by a builtin model.]
175 ts.tv_nsec = atol(tstr)*1000;
176 }
Resource leak (RESOURCE_LEAK)
6. leaked_storage: Variable tstr going out of scope leaks the storage it points to.
177 }
178 ft = ts.tv_sec*1000000 + ts.tv_nsec/1000;
179 return true;
180} |
|
| 2018-10-25 01:23:26 |
Ran An |
description |
Brief Description
-----------------
there is a memory leak in function 'fm_db_util_get_timestamp' fmDbUtils.cpp
Severity
--------
Major
Steps to Reproduce
------------------
free memory before function return
Expected Behavior
------------------
static analysis do not report this issue
Actual Behavior
----------------
static analysis report this issue
Reproducibility
---------------
Reproducible
System Configuration
--------------------
all
Static Analysis Reports
--------------------
159 bool fm_db_util_get_timestamp(const char *str, FMTimeT &ft){
160 struct timespec ts;
161 memset(&ts, 0, sizeof(ts));
162 // only check if the year is present
1. Condition strlen(str) < 10, taking false branch.
163 if (strlen(str) < 10){
164 //get the current time
165 clock_gettime(CLOCK_REALTIME, &ts);
166 }else{
167 struct tm t;
168 memset(&t, 0, sizeof(t));
169 strptime(str, "%F %T", &t);
170 ts.tv_sec = mktime(&t);
171 //now get the nanoseconds
2. alloc_fn: Storage is returned from allocation function strdup.
3. var_assign: Assigning: tstr = storage returned from strdup(str).
172 char *tstr = strdup(str);
173 strsep(&tstr, ".");
4. Condition tstr != NULL, taking true branch.
174 if (tstr != NULL){
5. noescape: Resource tstr is not freed or pointed-to in atol. [Note: The source code implementation of the function has been overridden by a builtin model.]
175 ts.tv_nsec = atol(tstr)*1000;
176 }
Resource leak (RESOURCE_LEAK)
6. leaked_storage: Variable tstr going out of scope leaks the storage it points to.
177 }
178 ft = ts.tv_sec*1000000 + ts.tv_nsec/1000;
179 return true;
180} |
Brief Description
-----------------
there is a memory leak in function 'fm_db_util_get_timestamp' fmDbUtils.cpp
Severity
--------
Major
Steps to Reproduce
------------------
free memory before function return
Expected Behavior
------------------
static analysis do not report this issue
Actual Behavior
----------------
static analysis report this issue
Reproducibility
---------------
Reproducible
System Configuration
--------------------
all
Static Analysis Reports
--------------------
in file fmDbUtils.cpp:
159 bool fm_db_util_get_timestamp(const char *str, FMTimeT &ft){
160 struct timespec ts;
161 memset(&ts, 0, sizeof(ts));
162 // only check if the year is present
1. Condition strlen(str) < 10, taking false branch.
163 if (strlen(str) < 10){
164 //get the current time
165 clock_gettime(CLOCK_REALTIME, &ts);
166 }else{
167 struct tm t;
168 memset(&t, 0, sizeof(t));
169 strptime(str, "%F %T", &t);
170 ts.tv_sec = mktime(&t);
171 //now get the nanoseconds
2. alloc_fn: Storage is returned from allocation function strdup.
3. var_assign: Assigning: tstr = storage returned from strdup(str).
172 char *tstr = strdup(str);
173 strsep(&tstr, ".");
4. Condition tstr != NULL, taking true branch.
174 if (tstr != NULL){
5. noescape: Resource tstr is not freed or pointed-to in atol. [Note: The source code implementation of the function has been overridden by a builtin model.]
175 ts.tv_nsec = atol(tstr)*1000;
176 }
Resource leak (RESOURCE_LEAK)
6. leaked_storage: Variable tstr going out of scope leaks the storage it points to.
177 }
178 ft = ts.tv_sec*1000000 + ts.tv_nsec/1000;
179 return true;
180} |
|
| 2018-11-07 14:04:57 |
haitao wang |
starlingx: status |
Triaged |
Fix Released |
|
| 2018-11-08 18:34:27 |
Ran An |
bug |
|
|
added subscriber Lachlan Plant |
| 2018-11-14 19:50:53 |
Ken Young |
tags |
stx.security |
stx.2019.03 stx.security |
|
| 2018-11-28 16:19:44 |
Ken Young |
information type |
Private Security |
Public Security |
|
| 2019-01-18 20:50:59 |
Ken Young |
tags |
stx.2019.03 stx.security |
stx.2019.05 stx.security |
|
| 2019-04-05 20:30:50 |
Ken Young |
tags |
stx.2019.05 stx.security |
stx.2.0 stx.security |
|
