| Project Name | CID | Checker | Category | Developer Description |
|---|---|---|---|---|
| scilab | 1321065 | RESOURCE_LEAK | Resource leaks | Allocated memory leaked in several cases. All of them were pinpointed by Coverity, kudos! |
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
* 2 : complex * 3 : int32 * 4 : int16 * 5 : int8 * 6 : uint32 * 7 : uint16 * 8 : uint8 * else : double * can be all int type or double matrix * can have n,1 or 1,n size * * lhs 1 : a list of size n * * 02/07/06, Alan : Initial version. * 21/11/06, Alan : Allow void rhs input param. * 05/12/14, Paul : Rewrite to C++. * */ /*--------------------------------------------------------------------------*/ static const std::string funname = "buildouttb"; types::Function::ReturnValue sci_buildouttb(types::typed_list &in, int _iRetCount, types::typed_list &out) { |
< 1. Condition "in->size() != 2", taking false branch
66 67 68 69 70 |
if (in.size() != 2) { Scierror(77, _("%s: Wrong number of input argument(s): %d expected.\n"), funname.data(), 2); return types::Function::Error; } |
< 2. Condition "_iRetCount > 1", taking false branch
72 73 74 75 76 77 78 79 80 81 |
if (_iRetCount > 1) { Scierror(78, _("%s: Wrong number of output argument(s): %d expected.\n"), funname.data(), 1); return types::Function::Error; } int m1, n1, mn1; int* p1Copy; int m2, n2, mn2; int* p2Copy; |
< 3. Switch case value "types::InternalType::ScilabInt8"
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
switch (in[0]->getType()) { case types::InternalType::ScilabDouble: { types::Double* p1D = in[0]->getAs<types::Double>(); if (p1D->isComplex()) { Scierror(999, _("%s: Wrong type for input argument #%d : A real or integer matrix expected.\n"), funname.data(), 1); return types::Function::Error; } m1 = p1D->getRows(); n1 = p1D->getCols(); mn1 = m1 * n1; p1Copy = new int[mn1]; for (int i = 0; i < mn1; ++i) { p1Copy[i] = static_cast<int>(p1D->get(i)); } break; } case types::InternalType::ScilabInt8: { types::Int8* p1Int8 = in[0]->getAs<types::Int8>(); m1 = p1Int8->getRows(); n1 = p1Int8->getCols(); mn1 = m1 * n1; |
<< 4. Storage is returned from allocation function "operator new[]".
<< 5. Assigning: "buffer" = storage returned from "new char[mn1]".
111 |
char* buffer = new char[mn1]; |
<< 6. Resource "buffer" is not freed or pointed-to in "memcpy".
112 113 |
memcpy(buffer, p1Int8->get(), mn1 * sizeof(char)); p1Copy = new int[mn1]; |
<< 7. Resource "buffer" is not freed or pointed-to in "memcpy".
114 |
memcpy(p1Copy, buffer, mn1 * sizeof(int)); |
< 8. Breaking from switch
<<< CID 1321065: Resource leaks RESOURCE_LEAK <<< 9. Variable "buffer" going out of scope leaks the storage it points to.
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
break; } case types::InternalType::ScilabInt16: { types::Int16* p1Int16 = in[0]->getAs<types::Int16>(); m1 = p1Int16->getRows(); n1 = p1Int16->getCols(); mn1 = m1 * n1; char* buffer = new char[mn1]; memcpy(buffer, p1Int16->get(), mn1 * sizeof(char)); p1Copy = new int[mn1]; memcpy(p1Copy, buffer, mn1 * sizeof(int)); break; } case types::InternalType::ScilabInt32: { types::Int32* p1Int32 = in[0]->getAs<types::Int32>(); m1 = p1Int32->getRows(); n1 = p1Int32->getCols(); mn1 = m1 * n1; char* buffer = new char[mn1]; memcpy(buffer, p1Int32->get(), mn1 * sizeof(char)); p1Copy = new int[mn1]; memcpy(p1Copy, buffer, mn1 * sizeof(int)); break; |
| 4. alloc_fn | sci_buildouttb.cpp:111 | |
| 5. var_assign | sci_buildouttb.cpp:111 | |
| 6. noescape | sci_buildouttb.cpp:112 | |
| 7. noescape | sci_buildouttb.cpp:114 | |
| 9. leaked_storage | sci_buildouttb.cpp:115 |