[BlueZ resend 8/9] sdp: Fix memory leak in sdp_data_alloc*()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Make sure to free already allocated memory if we run out of memory
before the end of the loop.

Error: RESOURCE_LEAK (CWE-772): [#def8] [important]
bluez-5.76/lib/sdp.c:542:4: alloc_fn: Storage is returned from allocation function "sdp_data_alloc".
bluez-5.76/lib/sdp.c:542:4: var_assign: Assigning: "data" = storage returned from "sdp_data_alloc(dtd, values[i])".
bluez-5.76/lib/sdp.c:550:4: var_assign: Assigning: "seq" = "data".
bluez-5.76/lib/sdp.c:552:3: var_assign: Assigning: "curr" = "data".
bluez-5.76/lib/sdp.c:553:2: out_of_scope: Variable "data" goes out of scope.
bluez-5.76/lib/sdp.c:552:3: overwrite_var: Overwriting "curr" in "curr = data".
bluez-5.76/lib/sdp.c:545:4: leaked_storage: Variable "seq" going out of scope leaks the storage it points to.
543|
544|		if (!data)
545|->			return NULL;
546|
547|		if (curr)
---
 lib/sdp.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/sdp.c b/lib/sdp.c
index 2e66505b21b8..b87951b007a3 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -513,8 +513,10 @@ sdp_data_t *sdp_seq_alloc_with_length(void **dtds, void **values, int *length,
 		else
 			data = sdp_data_alloc_with_length(dtd, values[i], length[i]);
 
-		if (!data)
+		if (!data) {
+			sdp_data_free(seq);
 			return NULL;
+		}
 
 		if (curr)
 			curr->next = data;
@@ -541,8 +543,10 @@ sdp_data_t *sdp_seq_alloc(void **dtds, void **values, int len)
 		else
 			data = sdp_data_alloc(dtd, values[i]);
 
-		if (!data)
+		if (!data) {
+			sdp_data_free(seq);
 			return NULL;
+		}
 
 		if (curr)
 			curr->next = data;
-- 
2.45.2





[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux