#3570 new defect

Resource leak in flashdisk.c (CID 1439298)

Reported by: embeddedt Owned by:
Priority: normal Milestone: Indefinite
Component: admin Version: 6
Severity: normal Keywords: Coverity
Cc: Blocked By:
Blocking:

Description

Coverity Scan (https://scan.coverity.com/projects/rtems) reports a resource leak in flashdisk.c. You need a Coverity Scan account and access to the RTEMS project to see more details.

It appears that there are a cluster of issues here. The function tries to allocate memory but when any single allocation fails, the previous allocations are not freed.

Here is one example:

2496    fd->devices = calloc (c->device_count, sizeof (rtems_fdisk_device_ctl));
2497    if (!fd->devices)
    CID 1439298 (#1 of 2): Resource leak (RESOURCE_LEAK)
2498      return RTEMS_NO_MEMORY;

As you can see, on line 2498 it returns without freeing fd (which was allocated on line 2457) and several other allocations in between these lines.

Viewing CID 1439298 on Coverity Scan will give more details.

Change History (1)

comment:1 Changed on Oct 25, 2018 at 11:30:03 PM by embeddedt

Please use this information from Coverity:

2456
    2. alloc_fn: Storage is returned from allocation function calloc. [Note: The source code implementation of the function has been overridden by a builtin model.]
    3. var_assign: Assigning: fd = storage returned from calloc(rtems_flashdisk_configuration_size, 132U).
2457  fd = calloc (rtems_flashdisk_configuration_size, sizeof (*fd));
    4. Condition !fd, taking false branch.
2458  if (!fd)
2459    return RTEMS_NO_MEMORY;
2496    fd->devices = calloc (c->device_count, sizeof (rtems_fdisk_device_ctl));
2497    if (!fd->devices)
    CID 1439298 (#1 of 2): Resource leak (RESOURCE_LEAK) [select issue]
2498      return RTEMS_NO_MEMORY;

There are two places where my mentor noticed a potential leak but these would require further investigation. They are at lines 2568 and 2581.

2558    ret = rtems_fdisk_recover_block_mappings (fd);
2559    if (ret)
2560    {
2561      unlink (name);
2562      rtems_mutex_destroy (&fd->lock);
2563      free (fd->copy_buffer);
2564      free (fd->blocks);
2565      free (fd->devices);
2566      rtems_fdisk_error ("recovery of disk failed: %s (%d)",
2567                         strerror (ret), ret);
2568      return ret;
2569    }
2570
2571    ret = rtems_fdisk_compact (fd);
2572    if (ret)
2573    {
2574      unlink (name);
2575      rtems_mutex_destroy (&fd->lock);
2576      free (fd->copy_buffer);
2577      free (fd->blocks);
2578      free (fd->devices);
2579      rtems_fdisk_error ("compacting of disk failed: %s (%d)",
2580                         strerror (ret), ret);
2581      return ret;
2582    }
Note: See TracTickets for help on using tickets.