static analysis reports "Resource leak" issues in stx-nfv
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Ran An |
Bug Description
Brief Description
-----------------
there are some memory and file handle leak
Severity
--------
Major
Steps to Reproduce
------------------
free memory or file handle before function return
Expected Behavior
------------------
static analysis do not report this issue
Actual Behavior
----------------
static analysis report this issue
Reproducibility
---------------
Reproducible
System Configuration
-------
all
Static Analysis Reports
-------
in file guest_scale_
""""""
237 void cpu_scale_
238 json_object *jobj_response)
239 {
240 ...
279 pick_cpu:
1. alloc_fn: Storage is returned from allocation function range_to_array. [show details]
2. var_assign: Assigning: current_online_cpus = storage returned from range_to_
302 struct online_cpus *current_
303
304 // no need to release jobj_array as its ownership is transferred to jobj_response
3. noescape: Resource current_online_cpus is not freed or pointed-to in new_json_
305 struct json_object *jobj_array = new_json_
306 json_object_
Resource leak (RESOURCE_LEAK)
4. leaked_storage: Variable current_online_cpus going out of scope leaks the storage it points to.
307 return;
....
313 }
""""""
similar cases in
parser.c:131
leaked_storage: Variable token going out of scope leaks the storage it points to.
leaked_storage: Variable tmp going out of scope leaks the storage it points to.
guest_scale_
leaked_storage: Variable current_online_cpus going out of scope leaks the storage it points to.
in file guest_scale_agent.c
""""""
148 int offline_
149 {
...
1. open_fn: Returning handle opened by open.
2. var_assign: Assigning: fd = handle returned from open(buf, 2).
155 fd = open(buf, O_RDWR);
...
Resource leak (RESOURCE_LEAK)
9. leaked_handle: Handle variable fd going out of scope leaks the handle.
175 return 0;
176}
""""""
similar cases in guest_scale_
Changed in starlingx: | |
assignee: | nobody → Ran An (an.ran) |
tags: | added: stx.security |
description: | updated |
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → High |
description: | updated |
description: | updated |
tags: | added: stx.2019.03 |
Changed in starlingx: | |
status: | Triaged → Fix Released |
information type: | Private Security → Public Security |
tags: |
added: stx.2019.05 removed: stx.2019.03 |
tags: |
added: stx.2.0 removed: stx.2019.05 |
Please update this bug with specific file and line number information for the static analysis issue. Make sure the bug has enough information for someone to find the problem in the code without access to the tool or the report.