leaky function coverity testing -- DO NOT MERGE#21
leaky function coverity testing -- DO NOT MERGE#21SanthoshGujulvajagadeesh wants to merge 1 commit intodevelopfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request introduces an intentionally defective function for testing Coverity static analysis capabilities. The PR adds a function with deliberate memory management and security issues to verify that the static analysis tool can detect these problems.
Changes:
- Added
leaky_function()with intentional memory leak and unsafe string operation - Added call to
leaky_function()in the main function
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| void leaky_function(void) { | ||
| char *p = (char *)malloc(100); // allocated but never freed -> leak |
There was a problem hiding this comment.
Memory leak: allocated memory is never freed. The malloc'ed buffer should be freed before the function returns, either after use or in the error path if needed.
| if (!p) { | ||
| perror("malloc"); | ||
| return; | ||
| } | ||
| strcpy(p, "This buffer is intentionally leaked."); |
There was a problem hiding this comment.
Use of strcpy is unsafe and can lead to buffer overflow vulnerabilities. Consider using strncpy or snprintf with explicit bounds checking to ensure the string does not exceed the allocated buffer size.
| if (!p) { | |
| perror("malloc"); | |
| return; | |
| } | |
| strcpy(p, "This buffer is intentionally leaked."); | |
| errno_t rc; | |
| if (!p) { | |
| perror("malloc"); | |
| return; | |
| } | |
| rc = strcpy_s(p, 100, "This buffer is intentionally leaked."); | |
| if (rc != EOK) { | |
| /* If the copy fails, avoid using an uninitialized buffer. */ | |
| free(p); | |
| return; | |
| } |
| void leaky_function(void) { | ||
| char *p = (char *)malloc(100); // allocated but never freed -> leak | ||
| if (!p) { | ||
| perror("malloc"); | ||
| return; | ||
| } | ||
| strcpy(p, "This buffer is intentionally leaked."); | ||
| // Missing free(p); <-- leak | ||
| } |
There was a problem hiding this comment.
This function serves no purpose in the application and should be removed. It allocates memory, copies a string into it, but never uses the result or returns any value. This appears to be dead code.
| leaky_function(); | ||
|
|
There was a problem hiding this comment.
Calling leaky_function introduces a memory leak at program startup. This call should be removed as it serves no functional purpose and wastes system resources.
| leaky_function(); |
| } | ||
| strcpy(p, "This buffer is intentionally leaked."); | ||
| // Missing free(p); <-- leak | ||
| } |
There was a problem hiding this comment.
Coverity Issue - Resource leak
Variable "p" going out of scope leaks the storage it points to.
High Impact, CWE-404
RESOURCE_LEAK
2 participants
No description provided.