Skip to content

leaky function coverity testing -- DO NOT MERGE #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
SanthoshGujulvajagadeesh wants to merge 1 commit into from
Closed

leaky function coverity testing -- DO NOT MERGE #21

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions source/MoCASsp/ssp_main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,16 @@ int drop_root(void)
return retval;
}

void leaky_function(void) {
char *p = (char *)malloc(100); // allocated but never freed -> leak
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Memory leak: allocated memory is never freed. The malloc'ed buffer should be freed before the function returns, either after use or in the error path if needed.

Copilot uses AI. Check for mistakes.
if (!p) {
perror("malloc");
return;
}
strcpy(p, "This buffer is intentionally leaked.");
Comment on lines +239 to +243
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use of strcpy is unsafe and can lead to buffer overflow vulnerabilities. Consider using strncpy or snprintf with explicit bounds checking to ensure the string does not exceed the allocated buffer size.

Suggested change
if (!p) {
perror("malloc");
return;
}
strcpy(p, "This buffer is intentionally leaked.");
errno_t rc;
if (!p) {
perror("malloc");
return;
}
rc = strcpy_s(p, 100, "This buffer is intentionally leaked.");
if (rc != EOK) {
/* If the copy fails, avoid using an uninitialized buffer. */
free(p);
return;
}

Copilot uses AI. Check for mistakes.
// Missing free(p); <-- leak
}
Comment on lines +237 to +245
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function serves no purpose in the application and should be removed. It allocates memory, copies a string into it, but never uses the result or returns any value. This appears to be dead code.

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@rdkcmf-jenkins rdkcmf-jenkins Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Coverity Issue - Resource leak

Variable "p" going out of scope leaks the storage it points to.

High Impact, CWE-404
RESOURCE_LEAK


int main(int argc, char* argv[])
{
BOOL bRunAsDaemon = TRUE;
Expand All @@ -247,6 +257,8 @@ int main(int argc, char* argv[])
DmErr_t err;
debugLogFile = stderr;

leaky_function();

Comment on lines +260 to +261
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling leaky_function introduces a memory leak at program startup. This call should be removed as it serves no functional purpose and wastes system resources.

Suggested change
leaky_function();

Copilot uses AI. Check for mistakes.
#ifdef FEATURE_SUPPORT_RDKLOG
RDK_LOGGER_INIT();
#endif
Expand Down
Loading