Skip to content

leaky function coverity testing -- DO NOT MERGE #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SanthoshGujulvajagadeesh wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

leaky function coverity testing -- DO NOT MERGE #24

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions source/MoCASsp/ssp_main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,16 @@ int drop_root(void)
return retval;
}

void leaky_function(void) {
char *p = (char *)malloc(100); // allocated but never freed -> leak
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Memory leak: malloc allocates 100 bytes but the memory is never freed. This will cause a memory leak each time the function is called.

Copilot uses AI. Check for mistakes.
if (!p) {
perror("malloc");
return;
}
strcpy(p, "This buffer is intentionally leaked.");
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strcpy is unsafe and can lead to buffer overflows. Consider using a safer alternative like strncpy, strlcpy, or the safec library functions that are already used in this codebase (as seen in the include for safec_lib_common.h).

Suggested change
strcpy(p, "This buffer is intentionally leaked.");
(void)strcpy_s(p, 100, "This buffer is intentionally leaked.");

Copilot uses AI. Check for mistakes.
// Missing free(p); <-- leak
}
Comment on lines +237 to +245
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This entire function appears to be test code for Coverity analysis and should not be included in production code. The PR title explicitly states "DO NOT MERGE", indicating this is intentional test code that should not be merged.

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@rdkcmf-jenkins rdkcmf-jenkins Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Coverity Issue - Resource leak

Variable "p" going out of scope leaks the storage it points to.

High Impact, CWE-404
RESOURCE_LEAK


int main(int argc, char* argv[])
{
BOOL bRunAsDaemon = TRUE;
Expand All @@ -247,6 +257,8 @@ int main(int argc, char* argv[])
DmErr_t err;
debugLogFile = stderr;

leaky_function();
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling leaky_function in main will cause a memory leak on every program execution. This function serves no purpose and should be removed.

Copilot uses AI. Check for mistakes.

#ifdef FEATURE_SUPPORT_RDKLOG
RDK_LOGGER_INIT();
#endif
Expand Down
Loading