You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
233 lines
16 KiB
233 lines
16 KiB
From 6ef06c19bb4e0a410f523bdae8c675229408ad17 Mon Sep 17 00:00:00 2001
|
|
From: Coiby Xu <coiby.xu@gmail.com>
|
|
Date: Fri, 11 Jun 2021 11:00:27 +0800
|
|
Subject: [PATCH 1/8] fix RESOURCE_LEAK errors detected by covscan in
|
|
src/xmlpythonizer.c
|
|
|
|
Fix the following errors found by covscan,
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def6]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:853: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:857: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 855| PyADD_DICT_VALUE(retdata, key, value);
|
|
# 856| } else {
|
|
# 857|-> PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)",
|
|
# 858| map_p->rootpath, elmtid, map_p->key);
|
|
# 859| }
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def7]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:879: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:921: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 919| xmlXPathFreeObject(xpo);
|
|
# 920| } else {
|
|
# 921|-> PyReturnError(PyExc_ValueError, "Could not get key value: "
|
|
# 922| "%s [%i] (Defining key: %s)",
|
|
# 923| map_p->rootpath, elmtid, map_p->key);
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def8]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:877: alloc_fn: Storage is returned from allocation function "_get_xpath_values".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:877: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->value)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:921: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to.
|
|
# 919| xmlXPathFreeObject(xpo);
|
|
# 920| } else {
|
|
# 921|-> PyReturnError(PyExc_ValueError, "Could not get key value: "
|
|
# 922| "%s [%i] (Defining key: %s)",
|
|
# 923| map_p->rootpath, elmtid, map_p->key);
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def9]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:933: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:934: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 932| }
|
|
# 933| if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) {
|
|
# 934|-> PyReturnError(PyExc_ValueError,
|
|
# 935| "Could not get key value: %s [%i] (Defining key: %s)",
|
|
# 936| map_p->rootpath, elmtid, map_p->key);
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def10]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:948: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 946| }
|
|
# 947| if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) {
|
|
# 948|-> PyReturnError(PyExc_ValueError,
|
|
# 949| "Could not get key value: %s [%i] (Defining key: %s)",
|
|
# 950| map_p->rootpath, elmtid, map_p->key);
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def11]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:947: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument.
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:959: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 957| xmlXPathFreeObject(xpo);
|
|
# 958| }
|
|
# 959|-> PyReturnError(PyExc_ValueError,
|
|
# 960| "Could not get key value: %s [%i] (Defining key: %s)",
|
|
# 961| map_p->rootpath, elmtid, map_p->key);
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def12]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:947: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument.
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:995: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 993| } else {
|
|
# 994| // If NULL, something is wrong - exception is already set.
|
|
# 995|-> return NULL;
|
|
# 996| }
|
|
# 997| }
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def13]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:954: alloc_fn: Storage is returned from allocation function "_get_xpath_values".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:954: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->value)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:995: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to.
|
|
# 993| } else {
|
|
# 994| // If NULL, something is wrong - exception is already set.
|
|
# 995|-> return NULL;
|
|
# 996| }
|
|
# 997| }
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def14]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1050: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 1048| xpctx = xmlXPathNewContext(xpdoc);
|
|
# 1049| if( xpctx == NULL ) {
|
|
# 1050|-> PyReturnError(PyExc_MemoryError, "Could not setup new XPath context");
|
|
# 1051| }
|
|
# 1052| xpctx->node = data_n;
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def15]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1054: alloc_fn: Storage is returned from allocation function "_get_xpath_values".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1054: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->rootpath)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1065: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to.
|
|
# 1063| // Exit if we get NULL - something is wrong
|
|
# 1064| //and exception is set
|
|
# 1065|-> return NULL;
|
|
# 1066| }
|
|
# 1067| }
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def16]
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: alloc_fn: Storage is returned from allocation function "malloc".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: var_assign: Assigning: "key" = storage returned from "malloc(258UL)".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument.
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument.
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: noescape: Resource "key" is not freed or pointed-to in "_get_key_value".
|
|
python-dmidecode-3.12.2/src/xmlpythonizer.c:1087: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
|
|
# 1085| // Exit if we get NULL - something is wrong
|
|
# 1086| //and exception is set
|
|
# 1087|-> return NULL;
|
|
# 1088| }
|
|
# 1089| }
|
|
|
|
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
|
|
---
|
|
src/xmlpythonizer.c | 27 +++++++++++++++++++++++++++
|
|
1 file changed, 27 insertions(+)
|
|
|
|
diff --git a/src/xmlpythonizer.c b/src/xmlpythonizer.c
|
|
index e9c9242..ce2d067 100644
|
|
--- a/src/xmlpythonizer.c
|
|
+++ b/src/xmlpythonizer.c
|
|
@@ -854,6 +854,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata,
|
|
value = PyBytes_FromString(map_p->value);
|
|
PyADD_DICT_VALUE(retdata, key, value);
|
|
} else {
|
|
+ xmlXPathFreeContext(xpctx);
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)",
|
|
map_p->rootpath, elmtid, map_p->key);
|
|
}
|
|
@@ -918,6 +921,10 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata,
|
|
PyADD_DICT_VALUE(retdata, key, value);
|
|
xmlXPathFreeObject(xpo);
|
|
} else {
|
|
+ xmlXPathFreeObject(xpo);
|
|
+ xmlXPathFreeContext(xpctx);
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
PyReturnError(PyExc_ValueError, "Could not get key value: "
|
|
"%s [%i] (Defining key: %s)",
|
|
map_p->rootpath, elmtid, map_p->key);
|
|
@@ -931,6 +938,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata,
|
|
break;
|
|
}
|
|
if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) {
|
|
+ xmlXPathFreeContext(xpctx);
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
PyReturnError(PyExc_ValueError,
|
|
"Could not get key value: %s [%i] (Defining key: %s)",
|
|
map_p->rootpath, elmtid, map_p->key);
|
|
@@ -945,6 +955,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata,
|
|
break;
|
|
}
|
|
if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) {
|
|
+ xmlXPathFreeContext(xpctx);
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
PyReturnError(PyExc_ValueError,
|
|
"Could not get key value: %s [%i] (Defining key: %s)",
|
|
map_p->rootpath, elmtid, map_p->key);
|
|
@@ -956,6 +969,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata,
|
|
if( xpo != NULL ) {
|
|
xmlXPathFreeObject(xpo);
|
|
}
|
|
+ xmlXPathFreeContext(xpctx);
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
PyReturnError(PyExc_ValueError,
|
|
"Could not get key value: %s [%i] (Defining key: %s)",
|
|
map_p->rootpath, elmtid, map_p->key);
|
|
@@ -991,6 +1007,10 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata,
|
|
PyList_Append(value, dataset);
|
|
}
|
|
} else {
|
|
+ xmlXPathFreeObject(xpo);
|
|
+ xmlXPathFreeContext(xpctx);
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
// If NULL, something is wrong - exception is already set.
|
|
return NULL;
|
|
}
|
|
@@ -1047,6 +1067,8 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) {
|
|
|
|
xpctx = xmlXPathNewContext(xpdoc);
|
|
if( xpctx == NULL ) {
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
PyReturnError(PyExc_MemoryError, "Could not setup new XPath context");
|
|
}
|
|
xpctx->node = data_n;
|
|
@@ -1062,6 +1084,10 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) {
|
|
if( res == NULL ) {
|
|
// Exit if we get NULL - something is wrong
|
|
//and exception is set
|
|
+ xmlXPathFreeObject(xpo);
|
|
+ xmlXPathFreeContext(xpctx);
|
|
+ xmlFreeDoc(xpdoc);
|
|
+ free(key);
|
|
return NULL;
|
|
}
|
|
}
|
|
@@ -1084,6 +1110,7 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) {
|
|
if( res == NULL ) {
|
|
// Exit if we get NULL - something is wrong
|
|
//and exception is set
|
|
+ free(key);
|
|
return NULL;
|
|
}
|
|
}
|
|
--
|
|
2.31.1
|
|
|