Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
FreeBSD 270511 RESOURCE_LEAK Resource leaks Resource leaks: I hate them, especially in libc, which is code you expect to be hot.
File: /lib/libc/gen/disklabel.c 
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

{
        const char **nm;

        for (nm = names; *nm; nm++)
                if (strcasecmp(t, *nm) == 0)
                        return (nm - names);
        if (isdigit((unsigned char)*t))
                return (atoi(t));
        return (0);
}

struct disklabel *
getdiskbyname(const char *name)
{
        static struct        disklabel disk;
        struct        disklabel *dp = &disk;
        struct partition *pp;
        char        *buf;
        char          *db_array[2] = { _PATH_DISKTAB, 0 };
        char        *cp, *cq;        /* can't be register */
        char        p, max, psize[3], pbsize[3],
                pfsize[3], poffset[3], ptype[3];
        u_int32_t *dx;

 < 1. Condition "cgetent(&buf, db_array, (char *)name) < 0", taking false branch
74
75
76
77
78
79
80
81
82

        if (cgetent(&buf, db_array, (char *) name) < 0)
                return NULL;

        bzero((char *)&disk, sizeof(disk));
        /*
         * typename
         */
        cq = dp->d_typename;
        cp = buf;
 
 < 2. Condition "cq < dp->d_typename + 16U /* sizeof (dp->d_typename) */ - 1", taking true branch
 < 3. Condition "*cq = *cp", taking true branch
 < 4. Condition "*cq != '|'", taking true branch
 < 5. Condition "*cq != ':'", taking true branch
 < 7. Condition "cq < dp->d_typename + 16U /* sizeof (dp->d_typename) */ - 1", taking true branch
 < 8. Condition "*cq = *cp", taking true branch
 < 9. Condition "*cq != '|'", taking true branch
 < 10. Condition "*cq != ':'", taking true branch
 < 12. Condition "cq < dp->d_typename + 16U /* sizeof (dp->d_typename) */ - 1", taking true branch
 < 13. Condition "*cq = *cp", taking true branch
 < 14. Condition "*cq != '|'", taking true branch
 < 15. Condition "*cq != ':'", taking false branch
83
84

        while (cq < dp->d_typename + sizeof(dp->d_typename) - 1 &&
            (*cq = *cp) && *cq != '|' && *cq != ':')
 
 < 6. Jumping back to the beginning of the loop
 < 11. Jumping back to the beginning of the loop
85
86

                cq++, cp++;
        *cq = '\0';

 << 16. "cgetstr" allocates memory that is stored into "cq".
 < 17. Condition "cgetstr(buf, "ty", &cq) > 0", taking false branch
88
89
90
91
92
93
94

        if (cgetstr(buf, "ty", &cq) > 0) {
                if (strcmp(cq, "removable") == 0)
                        dp->d_flags |= D_REMOVABLE;
                else  if (cq && strcmp(cq, "simulated") == 0)
                        dp->d_flags |= D_RAMDISK;
                free(cq);
        }
 
 < 18. Condition "cgetcap(buf, "sf", 58) != NULL", taking false branch
95
96
97
98
99

        if (cgetcap(buf, "sf", ':') != NULL)
                dp->d_flags |= D_BADSECT;

#define getnumdflt(field, dname, dflt) \
        { long f; (field) = (cgetnum(buf, dname, &f) == -1) ? (dflt) : f; }

 < 19. Condition "cgetnum(buf, "se", &f) == -1", taking true branch
101

        getnumdflt(dp->d_secsize, "se", DEV_BSIZE);
 
 < 20. Condition "cgetnum(buf, "nt", &f) == -1", taking true branch
102

        getnumdflt(dp->d_ntracks, "nt", 0);
 
 < 21. Condition "cgetnum(buf, "ns", &f) == -1", taking true branch
103

        getnumdflt(dp->d_nsectors, "ns", 0);
 
 < 22. Condition "cgetnum(buf, "nc", &f) == -1", taking true branch
104

        getnumdflt(dp->d_ncylinders, "nc", 0);

 < 23. Condition "cgetstr(buf, "dt", &cq) > 0", taking false branch
106
107
108
109

        if (cgetstr(buf, "dt", &cq) > 0) {
                dp->d_type = gettype(cq, dktypenames);
                free(cq);
        } else
 
 < 24. Condition "cgetnum(buf, "dt", &f) == -1", taking true branch
110

                getnumdflt(dp->d_type, "dt", 0);
 
 < 25. Condition "cgetnum(buf, "sc", &f) == -1", taking true branch
111

        getnumdflt(dp->d_secpercyl, "sc", dp->d_nsectors * dp->d_ntracks);
 
 < 26. Condition "cgetnum(buf, "su", &f) == -1", taking true branch
112

        getnumdflt(dp->d_secperunit, "su", dp->d_secpercyl * dp->d_ncylinders);
 
 < 27. Condition "cgetnum(buf, "rm", &f) == -1", taking true branch
113

        getnumdflt(dp->d_rpm, "rm", 3600);
 
 < 28. Condition "cgetnum(buf, "il", &f) == -1", taking true branch
114

        getnumdflt(dp->d_interleave, "il", 1);
 
 < 29. Condition "cgetnum(buf, "sk", &f) == -1", taking true branch
115

        getnumdflt(dp->d_trackskew, "sk", 0);
 
 < 30. Condition "cgetnum(buf, "cs", &f) == -1", taking true branch
116

        getnumdflt(dp->d_cylskew, "cs", 0);
 
 < 31. Condition "cgetnum(buf, "hs", &f) == -1", taking true branch
117

        getnumdflt(dp->d_headswitch, "hs", 0);
 
 < 32. Condition "cgetnum(buf, "ts", &f) == -1", taking true branch
118

        getnumdflt(dp->d_trkseek, "ts", 0);
 
 < 33. Condition "cgetnum(buf, "bs", &f) == -1", taking true branch
119

        getnumdflt(dp->d_bbsize, "bs", BBSIZE);
 
 < 34. Condition "cgetnum(buf, "sb", &f) == -1", taking true branch
120
121
122
123
124
125
126
127

        getnumdflt(dp->d_sbsize, "sb", 0);
        strcpy(psize, "px");
        strcpy(pbsize, "bx");
        strcpy(pfsize, "fx");
        strcpy(poffset, "ox");
        strcpy(ptype, "tx");
        max = 'a' - 1;
        pp = &dp->d_partitions[0];
 
 < 35. Condition "p < 'i' /* 97 + 8 */", taking true branch
 < 39. Condition "p < 'i' /* 97 + 8 */", taking false branch
128
129
130

        for (p = 'a'; p < 'a' + MAXPARTITIONS; p++, pp++) {
                long l;
                psize[1] = pbsize[1] = pfsize[1] = poffset[1] = ptype[1] = p;
 
 < 36. Condition "cgetnum(buf, psize, &l) == -1", taking true branch
131

                if (cgetnum(buf, psize, &l) == -1)
 
 < 37. Falling through to end of if statement
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

                        pp->p_size = 0;
                else {
                        pp->p_size = l;
                        cgetnum(buf, poffset, &l);
                        pp->p_offset = l;
                        getnumdflt(pp->p_fsize, pfsize, 0);
                        if (pp->p_fsize) {
                                long bsize;

                                if (cgetnum(buf, pbsize, &bsize) == 0)
                                        pp->p_frag = bsize / pp->p_fsize;
                                else
                                        pp->p_frag = 8;
                        }
                        getnumdflt(pp->p_fstype, ptype, 0);
                        if (pp->p_fstype == 0)
                                if (cgetstr(buf, ptype, &cq) >= 0) {
                                        pp->p_fstype = gettype(cq, fstypenames);
                                        free(cq);
                                }
                        max = p;
                }
 
 < 38. Jumping back to the beginning of the loop
154
155
156
157

        }
        dp->d_npartitions = max + 1 - 'a';
        (void)strcpy(psize, "dx");
        dx = dp->d_drivedata;
 
 < 40. Condition "p < '5' /* 48 + 5 */", taking true branch
 < 43. Condition "p < '5' /* 48 + 5 */", taking false branch
158
159

        for (p = '0'; p < '0' + NDDATA; p++, dx++) {
                psize[1] = p;
 
 < 41. Condition "cgetnum(buf, psize, &f) == -1", taking true branch
160

                getnumdflt(*dx, psize, 0);
 
 < 42. Jumping back to the beginning of the loop
161
162
163
164

        }
        dp->d_magic = DISKMAGIC;
        dp->d_magic2 = DISKMAGIC;
        free(buf);
 
 <<< CID 270511: Resource leaks RESOURCE_LEAK
 <<< 44. Variable "cq" going out of scope leaks the storage it points to.
165
166

        return (dp);
}
Events:
16. alloc_arg disklabel.c:88
44. leaked_storage disklabel.c:165

About Synopsys

Communities and resources