[Bug 1554] New: libi2c.c: Memory Leak

bugzilla-daemon at rtems.org bugzilla-daemon at rtems.org
Sun Jun 13 16:55:05 UTC 2010 

https://www.rtems.org/bugzilla/show_bug.cgi?id=1554

           Summary: libi2c.c: Memory Leak
           Product: RTEMS
           Version: 4.10
          Platform: All
        OS/Version: RTEMS
            Status: NEW
          Severity: normal
          Priority: P3
         Component: cpukit
        AssignedTo: thomas.doerfler at embedded-brains.de
        ReportedBy: joel.sherrill at oarcorp.com
                CC: chrisj at rtems.org


Another fairly obvious issue found by Coverity.  This is Coverity Id 17.  At
line 388, memory is malloc'ed.  There appear to be two error paths in which
this memory is not freed.

Also it is assumed that the malloc does succeed.

383      int
384      rtems_libi2c_register_bus (const char *name, rtems_libi2c_bus_t * bus)
385      {
386        int i;
387        rtems_status_code err;

Event alloc_fn: Called allocation function "malloc"
Event var_assign: Assigned variable "nmcpy" to storage returned from "malloc"
Also see events:
[var_assign][leaked_storage][leaked_storage][pass_arg][pass_arg]

388        char *nmcpy = malloc (name ? strlen (name) + 1 : 20);
389        char tmp, *chpt;
390        struct stat sbuf;
391      

Event pass_arg: Variable "nmcpy" not freed or pointed-to in function "strcpy"
Also see events:
[alloc_fn][var_assign][leaked_storage][leaked_storage][pass_arg]
At conditional (1): "name != 0" taking true path

392        strcpy (nmcpy, name ? name : "/dev/i2c");
393      
394      
395        /* check */

At conditional (2): "*nmcpy != 47" taking true path

396        if ('/' != *nmcpy) {
397          safe_printf ( DRVNM "Bad name: must be an absolute path starting
with '/'\n");

Event leaked_storage: Returned without freeing storage "nmcpy"
Also see events: [alloc_fn][var_assign][leaked_storage][pass_arg][pass_arg]

398          return -RTEMS_INVALID_NAME;
399        }
400        /* file must not exist */

Event pass_arg: Variable "nmcpy" not freed or pointed-to in function "stat"
[model]
Also see events:
[alloc_fn][var_assign][leaked_storage][leaked_storage][pass_arg]

401        if (!stat (nmcpy, &sbuf)) {
402          safe_printf ( DRVNM "Bad name: file exists already\n");

Event leaked_storage: Returned without freeing storage "nmcpy"
Also see events: [alloc_fn][var_assign][leaked_storage][pass_arg][pass_arg]

403          return -RTEMS_INVALID_NAME;
404        }
405

-- 
Configure bugmail: https://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the bugs mailing list