* [BlueZ] Coverity scan results for bluez-5.64
@ 2022-05-19 7:29 Gopal Tiwari
0 siblings, 0 replies; only message in thread
From: Gopal Tiwari @ 2022-05-19 7:29 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz, gtiwari
From: Gopal Tiwari <gtiwari@redhat.com>
Hi Team/Luiz,
Red Hat is using the Coverity scan tool to perform static analysis of the package which has a set of supported static analyzers including Coverity Analysis. Following are the results performed over the package bluez-5.64. Let us know your view on the following results.
Task #252303 - bluez-5.64-1.el9/scan-results-imp.err
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:1521: alloc_fn: Storage is returned from allocation function "g_malloc0_n".
bluez-5.64/client/gatt.c:1521: var_assign: Assigning: "__p" = storage returned from "g_malloc0_n(__n, __s)".
bluez-5.64/client/gatt.c:1521: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
bluez-5.64/client/gatt.c:1521: var_assign: Assigning: "service" = "({...; __p;})".
bluez-5.64/client/gatt.c:1531: leaked_storage: Variable "service" going out of scope leaks the storage it points to.
# 1529| service->handle = parse_handle(argv[2]);
# 1530| if (!service->handle)
# 1531|-> return bt_shell_noninteractive_quit(EXIT_FAILURE);
# 1532| }
# 1533|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2615: alloc_fn: Storage is returned from allocation function "g_malloc0_n".
bluez-5.64/client/gatt.c:2615: var_assign: Assigning: "__p" = storage returned from "g_malloc0_n(__n, __s)".
bluez-5.64/client/gatt.c:2615: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
bluez-5.64/client/gatt.c:2615: var_assign: Assigning: "chrc" = "({...; __p;})".
bluez-5.64/client/gatt.c:2626: leaked_storage: Variable "chrc" going out of scope leaks the storage it points to.
# 2624| chrc->handle = parse_handle(argv[3]);
# 2625| if (!chrc->handle)
# 2626|-> return bt_shell_noninteractive_quit(EXIT_FAILURE);
# 2627| }
# 2628|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2896: alloc_fn: Storage is returned from allocation function "g_malloc0_n".
bluez-5.64/client/gatt.c:2896: var_assign: Assigning: "__p" = storage returned from "g_malloc0_n(__n, __s)".
bluez-5.64/client/gatt.c:2896: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
bluez-5.64/client/gatt.c:2896: var_assign: Assigning: "desc" = "({...; __p;})".
bluez-5.64/client/gatt.c:2906: leaked_storage: Variable "desc" going out of scope leaks the storage it points to.
# 2904| desc->handle = parse_handle(argv[3]);
# 2905| if (!desc->handle)
# 2906|-> return bt_shell_noninteractive_quit(EXIT_FAILURE);
# 2907| }
# 2908|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/ell/cert-crypto.c:220: alloc_fn: Storage is returned from allocation function "l_utf8_to_ucs2be".
bluez-5.64/ell/cert-crypto.c:220: var_assign: Assigning: "bmpstring" = storage returned from "l_utf8_to_ucs2be(password, &passwd_len)".
bluez-5.64/ell/cert-crypto.c:264: leaked_storage: Variable "bmpstring" going out of scope leaks the storage it points to.
# 262| l_checksum_free(h);
# 263| l_free(key);
# 264|-> return NULL;
# 265| }
# 266|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/ell/cert-crypto.c:220: alloc_fn: Storage is returned from allocation function "l_utf8_to_ucs2be".
bluez-5.64/ell/cert-crypto.c:220: var_assign: Assigning: "bmpstring" = storage returned from "l_utf8_to_ucs2be(password, &passwd_len)".
bluez-5.64/ell/cert-crypto.c:306: leaked_storage: Variable "bmpstring" going out of scope leaks the storage it points to.
# 304| explicit_bzero(di, sizeof(di));
# 305| l_checksum_free(h);
# 306|-> return key;
# 307| }
# 308|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/ell/pem.c:205: alloc_arg: "pem_next" allocates memory that is stored into "label".
bluez-5.64/ell/pem.c:208: leaked_storage: Variable "label" going out of scope leaks the storage it points to.
# 206| out_endp, false);
# 207| if (!base64)
# 208|-> return NULL;
# 209|
# 210| if (memchr(base64, ':', base64_len)) {
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/gobex/gobex-transfer.c:53: freed_arg: "g_obex_cancel_req" frees "transfer->obex".
bluez-5.64/gobex/gobex-transfer.c:56: deref_arg: Calling "g_obex_remove_request_function" dereferences freed pointer "transfer->obex".
# 54|
# 55| if (transfer->put_id > 0)
# 56|-> g_obex_remove_request_function(transfer->obex,
# 57| transfer->put_id);
# 58|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/gobex/gobex-transfer.c:53: freed_arg: "g_obex_cancel_req" frees "transfer->obex".
bluez-5.64/gobex/gobex-transfer.c:60: deref_arg: Calling "g_obex_remove_request_function" dereferences freed pointer "transfer->obex".
# 58|
# 59| if (transfer->get_id > 0)
# 60|-> g_obex_remove_request_function(transfer->obex,
# 61| transfer->get_id);
# 62|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/gobex/gobex-transfer.c:53: freed_arg: "g_obex_cancel_req" frees "transfer->obex".
bluez-5.64/gobex/gobex-transfer.c:64: deref_arg: Calling "g_obex_remove_request_function" dereferences freed pointer "transfer->obex".
# 62|
# 63| if (transfer->abort_id > 0)
# 64|-> g_obex_remove_request_function(transfer->obex,
# 65| transfer->abort_id);
# 66|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/gobex/gobex-transfer.c:53: freed_arg: "g_obex_cancel_req" frees "transfer->obex".
bluez-5.64/gobex/gobex-transfer.c:67: deref_arg: Calling "g_obex_unref" dereferences freed pointer "transfer->obex".
# 65| transfer->abort_id);
# 66|
# 67|-> g_obex_unref(transfer->obex);
# 68| g_free(transfer);
# 69| }
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/gobex/gobex-transfer.c:53: freed_arg: "g_obex_cancel_req" frees "transfer->obex".
bluez-5.64/gobex/gobex-transfer.c:67: pass_freed_arg: Passing freed pointer "transfer->obex" as an argument to "g_obex_unref".
# 65| transfer->abort_id);
# 66|
# 67|-> g_obex_unref(transfer->obex);
# 68| g_free(transfer);
# 69| }
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/gobex/gobex-transfer.c:421: freed_arg: "transfer_put_req_first" frees "transfer".
bluez-5.64/gobex/gobex-transfer.c:423: pass_freed_arg: Passing freed pointer "transfer" as an argument to "g_slist_find".
# 421| transfer_put_req_first(transfer, req, first_hdr_id, args);
# 422| va_end(args);
# 423|-> if (!g_slist_find(transfers, transfer))
# 424| return 0;
# 425|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/lib/sdp.c:540: alloc_fn: Storage is returned from allocation function "sdp_data_alloc".
bluez-5.64/lib/sdp.c:540: var_assign: Assigning: "data" = storage returned from "sdp_data_alloc(dtd, values[i])".
bluez-5.64/lib/sdp.c:548: var_assign: Assigning: "seq" = "data".
bluez-5.64/lib/sdp.c:550: var_assign: Assigning: "curr" = "data".
bluez-5.64/lib/sdp.c:551: leaked_storage: Variable "data" going out of scope leaks the storage it points to.
bluez-5.64/lib/sdp.c:543: leaked_storage: Variable "seq" going out of scope leaks the storage it points to.
bluez-5.64/lib/sdp.c:543: leaked_storage: Variable "curr" going out of scope leaks the storage it points to.
# 541|
# 542| if (!data)
# 543|-> return NULL;
# 544|
# 545| if (curr)
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/lib/sdp.c:4586: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/lib/sdp.c:4586: var_assign: Assigning: "rec_list" = storage returned from "sdp_list_append(rec_list, rec)".
bluez-5.64/lib/sdp.c:4586: noescape: Resource "rec_list" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/lib/sdp.c:4586: overwrite_var: Overwriting "rec_list" in "rec_list = sdp_list_append(rec_list, rec)" leaks the storage that "rec_list" points to.
# 4584| SDPDBG("Bytes scanned : %d", scanned);
# 4585| SDPDBG("Attrlist byte count : %d", attr_list_len);
# 4586|-> rec_list = sdp_list_append(rec_list, rec);
# 4587| } while (scanned < attr_list_len && pdata_len > 0);
# 4588|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/lib/sdp.c:4605: alloc_arg: "hci_inquiry" allocates memory that is stored into "ii".
bluez-5.64/lib/sdp.c:4611: leaked_storage: Returning without freeing "ii" leaks the storage that it points to.
# 4609| }
# 4610| *found = n;
# 4611|-> return 0;
# 4612| }
# 4613|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/lib/sdp.c:4919: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/lib/sdp.c:4919: var_assign: Assigning: "tseq" = storage returned from "sdp_list_append(tseq, subseq)".
bluez-5.64/lib/sdp.c:4919: noescape: Resource "tseq" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/lib/sdp.c:4919: overwrite_var: Overwriting "tseq" in "tseq = sdp_list_append(tseq, subseq)" leaks the storage that "tseq" points to.
# 4917| subseq = sdp_list_append(subseq, data);
# 4918| }
# 4919|-> tseq = sdp_list_append(tseq, subseq);
# 4920| }
# 4921| *seqp = tseq;
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/mesh/appkey.c:135: alloc_fn: Storage is returned from allocation function "app_key_new".
bluez-5.64/mesh/appkey.c:135: var_assign: Assigning: "key" = storage returned from "app_key_new()".
bluez-5.64/mesh/appkey.c:142: noescape: Resource "key" is not freed or pointed-to in "set_key".
bluez-5.64/mesh/appkey.c:143: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
# 141|
# 142| if (key_value && !set_key(key, app_idx, key_value, false))
# 143|-> return false;
# 144|
# 145| if (new_key_value && !set_key(key, app_idx, new_key_value, true))
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/mesh/appkey.c:135: alloc_fn: Storage is returned from allocation function "app_key_new".
bluez-5.64/mesh/appkey.c:135: var_assign: Assigning: "key" = storage returned from "app_key_new()".
bluez-5.64/mesh/appkey.c:145: noescape: Resource "key" is not freed or pointed-to in "set_key".
bluez-5.64/mesh/appkey.c:146: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
# 144|
# 145| if (new_key_value && !set_key(key, app_idx, new_key_value, true))
# 146|-> return false;
# 147|
# 148| l_queue_push_tail(app_keys, key);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/monitor/jlink.c:87: alloc_fn: Storage is returned from allocation function "dlopen".
bluez-5.64/monitor/jlink.c:87: var_assign: Assigning: "so" = storage returned from "dlopen(jlink_so_name[i], 1)".
bluez-5.64/monitor/jlink.c:95: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:96: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:97: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:98: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:99: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:100: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:101: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:102: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:103: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:104: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:111: leaked_storage: Variable "so" going out of scope leaks the storage it points to.
# 109| !jlink.emu_getproductname ||
# 110| !jlink.rtterminal_control || !jlink.rtterminal_read)
# 111|-> return -EIO;
# 112|
# 113| return 0;
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/monitor/jlink.c:87: alloc_fn: Storage is returned from allocation function "dlopen".
bluez-5.64/monitor/jlink.c:87: var_assign: Assigning: "so" = storage returned from "dlopen(jlink_so_name[i], 1)".
bluez-5.64/monitor/jlink.c:95: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:96: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:97: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:98: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:99: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:100: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:101: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:102: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:103: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:104: noescape: Resource "so" is not freed or pointed-to in "dlsym".
bluez-5.64/monitor/jlink.c:113: leaked_storage: Variable "so" going out of scope leaks the storage it points to.
# 111| return -EIO;
# 112|
# 113|-> return 0;
# 114| }
# 115|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/obexd/client/manager.c:50: freed_arg: "obc_session_shutdown" frees "session".
bluez-5.64/obexd/client/manager.c:51: deref_arg: Calling "obc_session_unref" dereferences freed pointer "session".
# 49| {
# 50| obc_session_shutdown(session);
# 51|-> obc_session_unref(session);
# 52| }
# 53|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/obexd/client/manager.c:50: freed_arg: "obc_session_shutdown" frees "session".
bluez-5.64/obexd/client/manager.c:51: pass_freed_arg: Passing freed pointer "session" as an argument to "obc_session_unref".
# 49| {
# 50| obc_session_shutdown(session);
# 51|-> obc_session_unref(session);
# 52| }
# 53|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:369: alloc_fn: Storage is returned from allocation function "parse_offset".
bluez-5.64/obexd/client/map.c:369: leaked_storage: Failing to save or free storage allocated by "parse_offset(apparam, &value)" leaks it.
# 367|
# 368| if (strcasecmp(key, "Offset") == 0) {
# 369|-> if (parse_offset(apparam, &value) == NULL)
# 370| return NULL;
# 371| } else if (strcasecmp(key, "MaxCount") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:372: alloc_fn: Storage is returned from allocation function "parse_max_count".
bluez-5.64/obexd/client/map.c:372: leaked_storage: Failing to save or free storage allocated by "parse_max_count(apparam, &value)" leaks it.
# 370| return NULL;
# 371| } else if (strcasecmp(key, "MaxCount") == 0) {
# 372|-> if (parse_max_count(apparam, &value) == NULL)
# 373| return NULL;
# 374| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1478: alloc_fn: Storage is returned from allocation function "parse_offset".
bluez-5.64/obexd/client/map.c:1478: leaked_storage: Failing to save or free storage allocated by "parse_offset(apparam, &value)" leaks it.
# 1476|
# 1477| if (strcasecmp(key, "Offset") == 0) {
# 1478|-> if (parse_offset(apparam, &value) == NULL)
# 1479| return NULL;
# 1480| } else if (strcasecmp(key, "MaxCount") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1481: alloc_fn: Storage is returned from allocation function "parse_max_count".
bluez-5.64/obexd/client/map.c:1481: leaked_storage: Failing to save or free storage allocated by "parse_max_count(apparam, &value)" leaks it.
# 1479| return NULL;
# 1480| } else if (strcasecmp(key, "MaxCount") == 0) {
# 1481|-> if (parse_max_count(apparam, &value) == NULL)
# 1482| return NULL;
# 1483| } else if (strcasecmp(key, "SubjectLength") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1484: alloc_fn: Storage is returned from allocation function "parse_subject_length".
bluez-5.64/obexd/client/map.c:1484: leaked_storage: Failing to save or free storage allocated by "parse_subject_length(apparam, &value)" leaks it.
# 1482| return NULL;
# 1483| } else if (strcasecmp(key, "SubjectLength") == 0) {
# 1484|-> if (parse_subject_length(apparam, &value) == NULL)
# 1485| return NULL;
# 1486| } else if (strcasecmp(key, "Fields") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1487: alloc_fn: Storage is returned from allocation function "parse_fields".
bluez-5.64/obexd/client/map.c:1487: leaked_storage: Failing to save or free storage allocated by "parse_fields(apparam, &value)" leaks it.
# 1485| return NULL;
# 1486| } else if (strcasecmp(key, "Fields") == 0) {
# 1487|-> if (parse_fields(apparam, &value) == NULL)
# 1488| return NULL;
# 1489| } else if (strcasecmp(key, "Types") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1490: alloc_fn: Storage is returned from allocation function "parse_filter_type".
bluez-5.64/obexd/client/map.c:1490: leaked_storage: Failing to save or free storage allocated by "parse_filter_type(apparam, &value)" leaks it.
# 1488| return NULL;
# 1489| } else if (strcasecmp(key, "Types") == 0) {
# 1490|-> if (parse_filter_type(apparam, &value) == NULL)
# 1491| return NULL;
# 1492| } else if (strcasecmp(key, "PeriodBegin") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1493: alloc_fn: Storage is returned from allocation function "parse_period_begin".
bluez-5.64/obexd/client/map.c:1493: leaked_storage: Failing to save or free storage allocated by "parse_period_begin(apparam, &value)" leaks it.
# 1491| return NULL;
# 1492| } else if (strcasecmp(key, "PeriodBegin") == 0) {
# 1493|-> if (parse_period_begin(apparam, &value) == NULL)
# 1494| return NULL;
# 1495| } else if (strcasecmp(key, "PeriodEnd") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1496: alloc_fn: Storage is returned from allocation function "parse_period_end".
bluez-5.64/obexd/client/map.c:1496: leaked_storage: Failing to save or free storage allocated by "parse_period_end(apparam, &value)" leaks it.
# 1494| return NULL;
# 1495| } else if (strcasecmp(key, "PeriodEnd") == 0) {
# 1496|-> if (parse_period_end(apparam, &value) == NULL)
# 1497| return NULL;
# 1498| } else if (strcasecmp(key, "Read") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1499: alloc_fn: Storage is returned from allocation function "parse_filter_read".
bluez-5.64/obexd/client/map.c:1499: leaked_storage: Failing to save or free storage allocated by "parse_filter_read(apparam, &value)" leaks it.
# 1497| return NULL;
# 1498| } else if (strcasecmp(key, "Read") == 0) {
# 1499|-> if (parse_filter_read(apparam, &value) == NULL)
# 1500| return NULL;
# 1501| } else if (strcasecmp(key, "Recipient") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1502: alloc_fn: Storage is returned from allocation function "parse_filter_recipient".
bluez-5.64/obexd/client/map.c:1502: leaked_storage: Failing to save or free storage allocated by "parse_filter_recipient(apparam, &value)" leaks it.
# 1500| return NULL;
# 1501| } else if (strcasecmp(key, "Recipient") == 0) {
# 1502|-> if (parse_filter_recipient(apparam, &value) == NULL)
# 1503| return NULL;
# 1504| } else if (strcasecmp(key, "Sender") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1505: alloc_fn: Storage is returned from allocation function "parse_filter_sender".
bluez-5.64/obexd/client/map.c:1505: leaked_storage: Failing to save or free storage allocated by "parse_filter_sender(apparam, &value)" leaks it.
# 1503| return NULL;
# 1504| } else if (strcasecmp(key, "Sender") == 0) {
# 1505|-> if (parse_filter_sender(apparam, &value) == NULL)
# 1506| return NULL;
# 1507| } else if (strcasecmp(key, "Priority") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1508: alloc_fn: Storage is returned from allocation function "parse_filter_priority".
bluez-5.64/obexd/client/map.c:1508: leaked_storage: Failing to save or free storage allocated by "parse_filter_priority(apparam, &value)" leaks it.
# 1506| return NULL;
# 1507| } else if (strcasecmp(key, "Priority") == 0) {
# 1508|-> if (parse_filter_priority(apparam, &value) == NULL)
# 1509| return NULL;
# 1510| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1740: alloc_fn: Storage is returned from allocation function "parse_transparent".
bluez-5.64/obexd/client/map.c:1740: leaked_storage: Failing to save or free storage allocated by "parse_transparent(apparam, &value)" leaks it.
# 1738|
# 1739| if (strcasecmp(key, "Transparent") == 0) {
# 1740|-> if (parse_transparent(apparam, &value) == NULL)
# 1741| return NULL;
# 1742| } else if (strcasecmp(key, "Retry") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1743: alloc_fn: Storage is returned from allocation function "parse_retry".
bluez-5.64/obexd/client/map.c:1743: leaked_storage: Failing to save or free storage allocated by "parse_retry(apparam, &value)" leaks it.
# 1741| return NULL;
# 1742| } else if (strcasecmp(key, "Retry") == 0) {
# 1743|-> if (parse_retry(apparam, &value) == NULL)
# 1744| return NULL;
# 1745| } else if (strcasecmp(key, "Charset") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/map.c:1746: alloc_fn: Storage is returned from allocation function "parse_charset".
bluez-5.64/obexd/client/map.c:1746: leaked_storage: Failing to save or free storage allocated by "parse_charset(apparam, &value)" leaks it.
# 1744| return NULL;
# 1745| } else if (strcasecmp(key, "Charset") == 0) {
# 1746|-> if (parse_charset(apparam, &value) == NULL)
# 1747| return NULL;
# 1748| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/pbap.c:588: alloc_fn: Storage is returned from allocation function "parse_format".
bluez-5.64/obexd/client/pbap.c:588: leaked_storage: Failing to save or free storage allocated by "parse_format(apparam, &value)" leaks it.
# 586|
# 587| if (strcasecmp(key, "Format") == 0) {
# 588|-> if (parse_format(apparam, &value) == NULL)
# 589| return NULL;
# 590| } else if (strcasecmp(key, "Order") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/pbap.c:591: alloc_fn: Storage is returned from allocation function "parse_order".
bluez-5.64/obexd/client/pbap.c:591: leaked_storage: Failing to save or free storage allocated by "parse_order(apparam, &value)" leaks it.
# 589| return NULL;
# 590| } else if (strcasecmp(key, "Order") == 0) {
# 591|-> if (parse_order(apparam, &value) == NULL)
# 592| return NULL;
# 593| } else if (strcasecmp(key, "Offset") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/pbap.c:594: alloc_fn: Storage is returned from allocation function "parse_offset".
bluez-5.64/obexd/client/pbap.c:594: leaked_storage: Failing to save or free storage allocated by "parse_offset(apparam, &value)" leaks it.
# 592| return NULL;
# 593| } else if (strcasecmp(key, "Offset") == 0) {
# 594|-> if (parse_offset(apparam, &value) == NULL)
# 595| return NULL;
# 596| } else if (strcasecmp(key, "MaxCount") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/pbap.c:597: alloc_fn: Storage is returned from allocation function "parse_max_count".
bluez-5.64/obexd/client/pbap.c:597: leaked_storage: Failing to save or free storage allocated by "parse_max_count(apparam, &value)" leaks it.
# 595| return NULL;
# 596| } else if (strcasecmp(key, "MaxCount") == 0) {
# 597|-> if (parse_max_count(apparam, &value) == NULL)
# 598| return NULL;
# 599| } else if (strcasecmp(key, "Fields") == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/pbap.c:600: alloc_fn: Storage is returned from allocation function "parse_fields".
bluez-5.64/obexd/client/pbap.c:600: leaked_storage: Failing to save or free storage allocated by "parse_fields(apparam, &value)" leaks it.
# 598| return NULL;
# 599| } else if (strcasecmp(key, "Fields") == 0) {
# 600|-> if (parse_fields(apparam, &value) == NULL)
# 601| return NULL;
# 602| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/client/pbap.c:923: alloc_fn: Storage is returned from allocation function "parse_attribute".
bluez-5.64/obexd/client/pbap.c:923: var_assign: Assigning: "apparam" = storage returned from "parse_attribute(NULL, field)".
bluez-5.64/obexd/client/pbap.c:929: leaked_storage: Variable "apparam" going out of scope leaks the storage it points to.
# 927|
# 928| if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING)
# 929|-> return g_dbus_create_error(message,
# 930| ERROR_INTERFACE ".InvalidArguments", NULL);
# 931|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/obexd/client/session.c:926: freed_arg: "session_process_queue" frees "session".
bluez-5.64/obexd/client/session.c:928: deref_arg: Calling "obc_session_unref" dereferences freed pointer "session".
# 926| session_process_queue(session);
# 927|
# 928|-> obc_session_unref(session);
# 929| }
# 930|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/obexd/client/session.c:926: freed_arg: "session_process_queue" frees "session".
bluez-5.64/obexd/client/session.c:928: pass_freed_arg: Passing freed pointer "session" as an argument to "obc_session_unref".
# 926| session_process_queue(session);
# 927|
# 928|-> obc_session_unref(session);
# 929| }
# 930|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/obexd/client/transfer.c:411: freed_arg: "g_obex_cancel_req" frees "transfer->obex".
bluez-5.64/obexd/client/transfer.c:442: deref_arg: Calling "g_obex_unref" dereferences freed pointer "transfer->obex".
# 440|
# 441| if (transfer->obex)
# 442|-> g_obex_unref(transfer->obex);
# 443|
# 444| g_free(transfer->callback);
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/obexd/client/transfer.c:411: freed_arg: "g_obex_cancel_req" frees "transfer->obex".
bluez-5.64/obexd/client/transfer.c:442: pass_freed_arg: Passing freed pointer "transfer->obex" as an argument to "g_obex_unref".
# 440|
# 441| if (transfer->obex)
# 442|-> g_obex_unref(transfer->obex);
# 443|
# 444| g_free(transfer->callback);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/plugins/filesystem.c:411: alloc_arg: "g_file_get_contents" allocates memory that is stored into "buf".
bluez-5.64/obexd/plugins/filesystem.c:418: noescape: Resource "buf" is not freed or pointed-to in "g_string_new".
bluez-5.64/obexd/plugins/filesystem.c:440: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
# 438| *err = 0;
# 439|
# 440|-> return object;
# 441|
# 442| fail:
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/obexd/plugins/messages-dummy.c:141: alloc_fn: Storage is returned from allocation function "get_next_subdir".
bluez-5.64/obexd/plugins/messages-dummy.c:141: var_assign: Assigning: "name" = storage returned from "get_next_subdir(dp, path)".
bluez-5.64/obexd/plugins/messages-dummy.c:141: overwrite_var: Overwriting "name" in "name = get_next_subdir(dp, path)" leaks the storage that "name" points to.
# 139| n = 0;
# 140|
# 141|-> while ((name = get_next_subdir(dp, path)) != NULL) {
# 142| n++;
# 143| if (fld->max > 0)
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/plugins/sixaxis.c:425: alloc_arg: "get_pairing_type_for_device" allocates memory that is stored into "sysfs_path".
bluez-5.64/plugins/sixaxis.c:428: leaked_storage: Variable "sysfs_path" going out of scope leaks the storage it points to.
# 426| if (!cp || (cp->type != CABLE_PAIRING_SIXAXIS &&
# 427| cp->type != CABLE_PAIRING_DS4))
# 428|-> return;
# 429| if (bus != BUS_USB)
# 430| return;
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/plugins/sixaxis.c:442: closed_arg: "setup_device(int, char const *, struct cable_pairing const *, struct btd_adapter *)" closes "fd".
bluez-5.64/plugins/sixaxis.c:443: double_close: Calling "close(int)" closes handle "fd" which has already been closed.
# 441| /* Only close the fd if an authentication is not pending */
# 442| if (!setup_device(fd, sysfs_path, cp, adapter))
# 443|-> close(fd);
# 444|
# 445| g_free(sysfs_path);
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/profiles/audio/avdtp.c:893: alias: Assigning: "req" = "l->data". Now both point to the same storage.
bluez-5.64/profiles/audio/avdtp.c:894: freed_arg: "pending_req_free" frees "req".
bluez-5.64/profiles/audio/avdtp.c:895: pass_freed_arg: Passing freed pointer "req" as an argument to "g_slist_remove".
# 893| req = l->data;
# 894| pending_req_free(req);
# 895|-> session->prio_queue = g_slist_remove(session->prio_queue, req);
# 896| }
# 897|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/profiles/audio/avdtp.c:900: alias: Assigning: "req" = "l->data". Now both point to the same storage.
bluez-5.64/profiles/audio/avdtp.c:901: freed_arg: "pending_req_free" frees "req".
bluez-5.64/profiles/audio/avdtp.c:902: pass_freed_arg: Passing freed pointer "req" as an argument to "g_slist_remove".
# 900| req = l->data;
# 901| pending_req_free(req);
# 902|-> session->req_queue = g_slist_remove(session->req_queue, req);
# 903| }
# 904| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/audio/avrcp.c:3669: alloc_fn: Storage is returned from allocation function "g_slist_copy".
bluez-5.64/profiles/audio/avrcp.c:3669: var_assign: Assigning: "removed" = storage returned from "g_slist_copy(session->controller->players)".
bluez-5.64/profiles/audio/avrcp.c:3688: leaked_storage: Variable "removed" going out of scope leaks the storage it points to.
# 3686| if (i + len > operand_count) {
# 3687| error("Invalid player item length");
# 3688|-> return FALSE;
# 3689| }
# 3690|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:41: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/profiles/cups/sdp.c:41: var_assign: Assigning: "attrs" = storage returned from "sdp_list_append(NULL, &attr1)".
bluez-5.64/profiles/cups/sdp.c:43: noescape: Resource "attrs" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/profiles/cups/sdp.c:43: overwrite_var: Overwriting "attrs" in "attrs = sdp_list_append(attrs, &attr2)" leaks the storage that "attrs" points to.
# 41| attrs = sdp_list_append(NULL, &attr1);
# 42| attr2 = SDP_ATTR_ADD_PROTO_DESC_LIST;
# 43|-> attrs = sdp_list_append(attrs, &attr2);
# 44|
# 45| err = sdp_service_search_attr_req(sdp, srch, SDP_ATTR_REQ_INDIVIDUAL, attrs, &rsp);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:43: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/profiles/cups/sdp.c:43: var_assign: Assigning: "attrs" = storage returned from "sdp_list_append(attrs, &attr2)".
bluez-5.64/profiles/cups/sdp.c:45: noescape: Resource "attrs" is not freed or pointed-to in "sdp_service_search_attr_req".
bluez-5.64/profiles/cups/sdp.c:47: leaked_storage: Variable "attrs" going out of scope leaks the storage it points to.
# 45| err = sdp_service_search_attr_req(sdp, srch, SDP_ATTR_REQ_INDIVIDUAL, attrs, &rsp);
# 46| if (err)
# 47|-> return -1;
# 48|
# 49| for (; rsp; rsp = rsp->next) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:38: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/profiles/cups/sdp.c:38: var_assign: Assigning: "srch" = storage returned from "sdp_list_append(NULL, &svclass)".
bluez-5.64/profiles/cups/sdp.c:45: noescape: Resource "srch" is not freed or pointed-to in "sdp_service_search_attr_req".
bluez-5.64/profiles/cups/sdp.c:47: leaked_storage: Variable "srch" going out of scope leaks the storage it points to.
# 45| err = sdp_service_search_attr_req(sdp, srch, SDP_ATTR_REQ_INDIVIDUAL, attrs, &rsp);
# 46| if (err)
# 47|-> return -1;
# 48|
# 49| for (; rsp; rsp = rsp->next) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:53: alloc_arg: "sdp_get_access_protos" allocates memory that is stored into "protos".
bluez-5.64/profiles/cups/sdp.c:54: noescape: Resource "protos" is not freed or pointed-to in "sdp_get_proto_port".
bluez-5.64/profiles/cups/sdp.c:61: noescape: Resource "protos" is not freed or pointed-to in "sdp_get_proto_port".
bluez-5.64/profiles/cups/sdp.c:64: leaked_storage: Variable "protos" going out of scope leaks the storage it points to.
# 62| if (psm > 0 && *ctrl_psm > 0) {
# 63| *data_psm = psm;
# 64|-> return 0;
# 65| }
# 66| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:53: alloc_arg: "sdp_get_access_protos" allocates memory that is stored into "protos".
bluez-5.64/profiles/cups/sdp.c:54: noescape: Resource "protos" is not freed or pointed-to in "sdp_get_proto_port".
bluez-5.64/profiles/cups/sdp.c:61: noescape: Resource "protos" is not freed or pointed-to in "sdp_get_proto_port".
bluez-5.64/profiles/cups/sdp.c:67: leaked_storage: Variable "protos" going out of scope leaks the storage it points to.
# 65| }
# 66| }
# 67|-> }
# 68|
# 69| return -1;
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:86: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/profiles/cups/sdp.c:86: var_assign: Assigning: "attrs" = storage returned from "sdp_list_append(NULL, &attr)".
bluez-5.64/profiles/cups/sdp.c:88: noescape: Resource "attrs" is not freed or pointed-to in "sdp_service_search_attr_req".
bluez-5.64/profiles/cups/sdp.c:90: leaked_storage: Variable "attrs" going out of scope leaks the storage it points to.
# 88| err = sdp_service_search_attr_req(sdp, srch, SDP_ATTR_REQ_INDIVIDUAL, attrs, &rsp);
# 89| if (err)
# 90|-> return -1;
# 91|
# 92| for (; rsp; rsp = rsp->next) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:83: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/profiles/cups/sdp.c:83: var_assign: Assigning: "srch" = storage returned from "sdp_list_append(NULL, &svclass)".
bluez-5.64/profiles/cups/sdp.c:88: noescape: Resource "srch" is not freed or pointed-to in "sdp_service_search_attr_req".
bluez-5.64/profiles/cups/sdp.c:90: leaked_storage: Variable "srch" going out of scope leaks the storage it points to.
# 88| err = sdp_service_search_attr_req(sdp, srch, SDP_ATTR_REQ_INDIVIDUAL, attrs, &rsp);
# 89| if (err)
# 90|-> return -1;
# 91|
# 92| for (; rsp; rsp = rsp->next) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:96: alloc_arg: "sdp_get_access_protos" allocates memory that is stored into "protos".
bluez-5.64/profiles/cups/sdp.c:97: noescape: Resource "protos" is not freed or pointed-to in "sdp_get_proto_port".
bluez-5.64/profiles/cups/sdp.c:100: leaked_storage: Variable "protos" going out of scope leaks the storage it points to.
# 98| if (ch > 0) {
# 99| *channel = ch;
# 100|-> return 0;
# 101| }
# 102| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/profiles/cups/sdp.c:96: alloc_arg: "sdp_get_access_protos" allocates memory that is stored into "protos".
bluez-5.64/profiles/cups/sdp.c:97: noescape: Resource "protos" is not freed or pointed-to in "sdp_get_proto_port".
bluez-5.64/profiles/cups/sdp.c:103: leaked_storage: Variable "protos" going out of scope leaks the storage it points to.
# 101| }
# 102| }
# 103|-> }
# 104|
# 105| return -1;
Error: BUFFER_SIZE (CWE-170):
bluez-5.64/profiles/input/device.c:938: buffer_size_warning: Calling "strncpy" with a maximum size argument of 128 bytes on destination array "ev.u.create.name" of size 128 bytes might leave the destination string unterminated.
# 936| memset(&ev, 0, sizeof(ev));
# 937| ev.type = UHID_CREATE;
# 938|-> strncpy((char *) ev.u.create.name, req->name, sizeof(ev.u.create.name));
# 939| ba2strlc(&idev->src, (char *) ev.u.create.phys);
# 940| ba2strlc(&idev->dst, (char *) ev.u.create.uniq);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/advertising.c:839: alloc_fn: Storage is returned from allocation function "generate_adv_data".
bluez-5.64/src/advertising.c:839: var_assign: Assigning: "adv_data" = storage returned from "generate_adv_data(client, &flags, &adv_data_len)".
bluez-5.64/src/advertising.c:842: leaked_storage: Variable "adv_data" going out of scope leaks the storage it points to.
# 840| if (!adv_data || (adv_data_len > calc_max_adv_len(client, flags))) {
# 841| error("Advertising data too long or couldn't be generated.");
# 842|-> return -EINVAL;
# 843| }
# 844|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/src/device.c:3007: freed_arg: "device_connect_le" frees "device->bonding".
bluez-5.64/src/device.c:3018: double_free: Calling "bonding_request_free" frees pointer "device->bonding" which has already been freed.
# 3016|
# 3017| if (err < 0) {
# 3018|-> bonding_request_free(device->bonding);
# 3019| return btd_error_failed(msg, strerror(-err));
# 3020| }
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/device.c:7089: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/src/device.c:7089: var_assign: Assigning: "recs" = storage returned from "sdp_list_append(recs, rec)".
bluez-5.64/src/device.c:7089: noescape: Resource "recs" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/src/device.c:7089: overwrite_var: Overwriting "recs" in "recs = sdp_list_append(recs, rec)" leaks the storage that "recs" points to.
# 7087|
# 7088| rec = record_from_string(str);
# 7089|-> recs = sdp_list_append(recs, rec);
# 7090| g_free(str);
# 7091| }
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/src/gatt-database.c:3878: freed_arg: "send_notification_to_device" frees "state".
bluez-5.64/src/gatt-database.c:3880: deref_after_free: Dereferencing freed pointer "state".
# 3878| send_notification_to_device(state, state->pending);
# 3879|
# 3880|-> free(state->pending->value);
# 3881| free(state->pending);
# 3882| state->pending = NULL;
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/src/gatt-database.c:3878: freed_arg: "send_notification_to_device" frees "state->pending".
bluez-5.64/src/gatt-database.c:3880: deref_after_free: Dereferencing freed pointer "state->pending".
# 3878| send_notification_to_device(state, state->pending);
# 3879|
# 3880|-> free(state->pending->value);
# 3881| free(state->pending);
# 3882| state->pending = NULL;
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:359: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:359: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, group, params[i].val_name, &err)".
bluez-5.64/src/main.c:368: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument.
bluez-5.64/src/main.c:370: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to.
bluez-5.64/src/main.c:370: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
# 368| val = strtol(str, &endptr, 0);
# 369| if (!endptr || *endptr != '\0')
# 370|-> continue;
# 371|
# 372| info("%s=%s(%d)", params[i].val_name, str, val);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:359: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:359: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, group, params[i].val_name, &err)".
bluez-5.64/src/main.c:368: identity_transfer: Passing "str" as argument 1 to function "strtol", which sets "endptr" to that argument.
bluez-5.64/src/main.c:372: noescape: Assuming resource "str" is not freed or pointed-to as ellipsis argument to "info".
bluez-5.64/src/main.c:380: leaked_storage: Variable "endptr" going out of scope leaks the storage it points to.
bluez-5.64/src/main.c:381: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
# 379| ++btd_opts.defaults.num_entries;
# 380| }
# 381|-> }
# 382| }
# 383|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:673: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:673: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "General", "Privacy", &err)".
bluez-5.64/src/main.c:709: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "General", "JustWorksRepairing", &err)" leaks the storage that "str" points to.
# 707| }
# 708|
# 709|-> str = g_key_file_get_string(config, "General",
# 710| "JustWorksRepairing", &err);
# 711| if (err) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:709: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:709: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "General", "JustWorksRepairing", &err)".
bluez-5.64/src/main.c:731: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "General", "Name", &err)" leaks the storage that "str" points to.
# 729| }
# 730|
# 731|-> str = g_key_file_get_string(config, "General", "Name", &err);
# 732| if (err) {
# 733| DBG("%s", err->message);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:731: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:731: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "General", "Name", &err)".
bluez-5.64/src/main.c:741: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "General", "Class", &err)" leaks the storage that "str" points to.
# 739| }
# 740|
# 741|-> str = g_key_file_get_string(config, "General", "Class", &err);
# 742| if (err) {
# 743| DBG("%s", err->message);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:741: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:741: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "General", "Class", &err)".
bluez-5.64/src/main.c:751: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "General", "DeviceID", &err)" leaks the storage that "str" points to.
# 749| }
# 750|
# 751|-> str = g_key_file_get_string(config, "General", "DeviceID", &err);
# 752| if (err) {
# 753| DBG("%s", err->message);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:751: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:751: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "General", "DeviceID", &err)".
bluez-5.64/src/main.c:783: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "General", "ControllerMode", &err)" leaks the storage that "str" points to.
# 781| btd_opts.debug_keys = boolean;
# 782|
# 783|-> str = g_key_file_get_string(config, "General", "ControllerMode", &err);
# 784| if (err) {
# 785| g_clear_error(&err);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:783: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:783: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "General", "ControllerMode", &err)".
bluez-5.64/src/main.c:800: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "General", "MultiProfile", &err)" leaks the storage that "str" points to.
# 798| }
# 799|
# 800|-> str = g_key_file_get_string(config, "General", "MultiProfile", &err);
# 801| if (err) {
# 802| g_clear_error(&err);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:800: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:800: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "General", "MultiProfile", &err)".
bluez-5.64/src/main.c:849: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "GATT", "Cache", &err)" leaks the storage that "str" points to.
# 847| }
# 848|
# 849|-> str = g_key_file_get_string(config, "GATT", "Cache", &err);
# 850| if (err) {
# 851| DBG("%s", err->message);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:849: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:849: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "GATT", "Cache", &err)".
bluez-5.64/src/main.c:893: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "AVDTP", "SessionMode", &err)" leaks the storage that "str" points to.
# 891| }
# 892|
# 893|-> str = g_key_file_get_string(config, "AVDTP", "SessionMode", &err);
# 894| if (err) {
# 895| DBG("%s", err->message);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:893: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:893: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "AVDTP", "SessionMode", &err)".
bluez-5.64/src/main.c:911: overwrite_var: Overwriting "str" in "str = g_key_file_get_string(config, "AVDTP", "StreamMode", &err)" leaks the storage that "str" points to.
# 909| }
# 910|
# 911|-> str = g_key_file_get_string(config, "AVDTP", "StreamMode", &err);
# 912| if (err) {
# 913| DBG("%s", err->message);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:911: alloc_fn: Storage is returned from allocation function "g_key_file_get_string".
bluez-5.64/src/main.c:911: var_assign: Assigning: "str" = storage returned from "g_key_file_get_string(config, "AVDTP", "StreamMode", &err)".
bluez-5.64/src/main.c:943: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
# 941| parse_br_config(config);
# 942| parse_le_config(config);
# 943|-> }
# 944|
# 945| static void init_defaults(void)
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/main.c:830: alloc_fn: Storage is returned from allocation function "g_key_file_get_string_list".
bluez-5.64/src/main.c:830: var_assign: Assigning: "strlist" = storage returned from "g_key_file_get_string_list(config, "General", "Experimental", NULL, &err)".
bluez-5.64/src/main.c:943: leaked_storage: Variable "strlist" going out of scope leaks the storage it points to.
# 941| parse_br_config(config);
# 942| parse_le_config(config);
# 943|-> }
# 944|
# 945| static void init_defaults(void)
Error: BUFFER_SIZE (CWE-170):
bluez-5.64/src/profile.c:1997: buffer_size_warning: Calling "strncpy" with a maximum size argument of 37 bytes on destination array "svc_str" of size 37 bytes might leave the destination string unterminated.
# 1995| sdp_uuid2strn(&uuid, svc_str, sizeof(svc_str));
# 1996| } else {
# 1997|-> strncpy(svc_str, uuid_str, sizeof(svc_str));
# 1998| }
# 1999|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/sdpd-request.c:265: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/src/sdpd-request.c:265: var_assign: Assigning: "pSeq" = storage returned from "sdp_list_append(pSeq, pElem)".
bluez-5.64/src/sdpd-request.c:262: leaked_storage: Variable "pSeq" going out of scope leaks the storage it points to.
# 260| break;
# 261| default:
# 262|-> return -1;
# 263| }
# 264| if (status == 0) {
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/src/sdpd-request.c:265: alloc_fn: Storage is returned from allocation function "sdp_list_append".
bluez-5.64/src/sdpd-request.c:265: var_assign: Assigning: "pSeq" = storage returned from "sdp_list_append(pSeq, pElem)".
bluez-5.64/src/sdpd-request.c:265: identity_transfer: Passing "pSeq" as argument 1 to function "sdp_list_append", which returns that argument.
bluez-5.64/src/sdpd-request.c:265: noescape: Resource "pSeq" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/src/sdpd-request.c:265: var_assign: Assigning: "pSeq" = storage returned from "sdp_list_append(pSeq, pElem)".
bluez-5.64/src/sdpd-request.c:265: identity_transfer: Passing "pSeq" as argument 1 to function "sdp_list_append", which returns that argument.
bluez-5.64/src/sdpd-request.c:265: noescape: Resource "pSeq" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/src/sdpd-request.c:265: var_assign: Assigning: "pSeq" = storage returned from "sdp_list_append(pSeq, pElem)".
bluez-5.64/src/sdpd-request.c:265: identity_transfer: Passing "pSeq" as argument 1 to function "sdp_list_append", which returns that argument.
bluez-5.64/src/sdpd-request.c:265: noescape: Resource "pSeq" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/src/sdpd-request.c:265: var_assign: Assigning: "pSeq" = storage returned from "sdp_list_append(pSeq, pElem)".
bluez-5.64/src/sdpd-request.c:265: noescape: Resource "pSeq" is not freed or pointed-to in "sdp_list_append".
bluez-5.64/src/sdpd-request.c:265: overwrite_var: Overwriting "pSeq" in "pSeq = sdp_list_append(pSeq, pElem)" leaks the storage that "pSeq" points to.
# 263| }
# 264| if (status == 0) {
# 265|-> pSeq = sdp_list_append(pSeq, pElem);
# 266| numberOfElements++;
# 267| SDPDBG("No of elements : %d", numberOfElements);
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/avtest.c:327: open_fn: Returning handle opened by "accept".
bluez-5.64/tools/avtest.c:327: var_assign: Assigning: "media_sock" = handle returned from "accept(srv_sk, (struct sockaddr *)&addr, &optlen)".
bluez-5.64/tools/avtest.c:327: overwrite_var: Overwriting handle "media_sock" in "media_sock = accept(srv_sk, (struct sockaddr *)&addr, &optlen)" leaks the handle.
# 325| optlen = sizeof(addr);
# 326|
# 327|-> media_sock = accept(srv_sk,
# 328| (struct sockaddr *) &addr,
# 329| &optlen);
Error: BUFFER_SIZE (CWE-170):
bluez-5.64/tools/bneptest.c:80: buffer_size_warning: Calling "strncpy" with a maximum size argument of 16 bytes on destination array "ifr.ifr_ifrn.ifrn_name" of size 16 bytes might leave the destination string unterminated.
# 78|
# 79| memset(&ifr, 0, sizeof(ifr));
# 80|-> strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
# 81| ifr.ifr_data = (char *) args;
# 82|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/btproxy.c:513: alloc_fn: Storage is returned from allocation function "util_malloc".
bluez-5.64/tools/btproxy.c:513: var_assign: Assigning: "__p" = storage returned from "util_malloc(__n * __s)".
bluez-5.64/tools/btproxy.c:513: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.64/tools/btproxy.c:513: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
bluez-5.64/tools/btproxy.c:513: var_assign: Assigning: "proxy" = "({...; __p;})".
bluez-5.64/tools/btproxy.c:527: noescape: Resource "proxy" is not freed or pointed-to in "mainloop_add_fd".
bluez-5.64/tools/btproxy.c:530: noescape: Resource "proxy" is not freed or pointed-to in "mainloop_add_fd".
bluez-5.64/tools/btproxy.c:533: leaked_storage: Variable "proxy" going out of scope leaks the storage it points to.
# 531| dev_read_callback, proxy, dev_read_destroy);
# 532|
# 533|-> return true;
# 534| }
# 535|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/cltest.c:41: open_fn: Returning handle opened by "socket".
bluez-5.64/tools/cltest.c:41: var_assign: Assigning: "fd" = handle returned from "socket(31, 524290, 0)".
bluez-5.64/tools/cltest.c:51: noescape: Resource "fd" is not freed or pointed-to in "bind".
bluez-5.64/tools/cltest.c:62: noescape: Resource "fd" is not freed or pointed-to in "connect".
bluez-5.64/tools/cltest.c:68: noescape: Resource "fd" is not freed or pointed-to in "send".
bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
# 73| }
# 74|
# 75|-> return true;
# 76| }
# 77|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/cltest.c:116: open_fn: Returning handle opened by "socket".
bluez-5.64/tools/cltest.c:116: var_assign: Assigning: "fd" = handle returned from "socket(31, 524290, 0)".
bluez-5.64/tools/cltest.c:127: noescape: Resource "fd" is not freed or pointed-to in "bind".
bluez-5.64/tools/cltest.c:133: noescape: Resource "fd" is not freed or pointed-to in "mainloop_add_fd".
bluez-5.64/tools/cltest.c:135: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
# 133| mainloop_add_fd(fd, EPOLLIN, receiver_callback, NULL, NULL);
# 134|
# 135|-> return true;
# 136| }
# 137|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/create-image.c:82: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
bluez-5.64/tools/create-image.c:82: var_assign: Assigning: "fd" = handle returned from "open(pathname, 524288)".
bluez-5.64/tools/create-image.c:90: noescape: Resource "fd" is not freed or pointed-to in "fstat".
bluez-5.64/tools/create-image.c:98: noescape: Resource "fd" is not freed or pointed-to in "mmap".
bluez-5.64/tools/create-image.c:124: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
# 122| close(fd);
# 123| }
# 124|-> }
# 125|
# 126| static void usage(void)
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/create-image.c:98: alloc_fn: Storage is returned from allocation function "mmap".
bluez-5.64/tools/create-image.c:98: var_assign: Assigning: "map" = storage returned from "mmap(NULL, st.st_size, 1, 1, fd, 0L)".
bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map" going out of scope leaks the storage it points to.
# 122| close(fd);
# 123| }
# 124|-> }
# 125|
# 126| static void usage(void)
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/l2cap-tester.c:1703: open_fn: Returning handle opened by "accept".
bluez-5.64/tools/l2cap-tester.c:1703: var_assign: Assigning: "new_sk" = handle returned from "accept(sk, NULL, NULL)".
bluez-5.64/tools/l2cap-tester.c:1710: noescape: Resource "new_sk" is not freed or pointed-to in "check_mtu".
bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable "new_sk" going out of scope leaks the handle.
# 1710| if (!check_mtu(data, new_sk)) {
# 1711| tester_test_failed();
# 1712|-> return FALSE;
# 1713| }
# 1714|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/mesh-cfgclient.c:1515: alloc_fn: Storage is returned from allocation function "l_util_from_hexstring".
bluez-5.64/tools/mesh-cfgclient.c:1515: var_assign: Assigning: "uuid" = storage returned from "l_util_from_hexstring(str, &sz)".
bluez-5.64/tools/mesh-cfgclient.c:1518: leaked_storage: Variable "uuid" going out of scope leaks the storage it points to.
# 1516| if (!uuid || sz != 16 || !l_uuid_is_valid(uuid)) {
# 1517| l_error("Failed to generate UUID array from %s", str);
# 1518|-> return;
# 1519| }
# 1520|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees "in_str".
bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free" frees pointer "in_str" which has already been freed.
# 865| done:
# 866|
# 867|-> g_free(in_str);
# 868|
# 869| if(jmain)
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/mesh/mesh-db.c:2370: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
bluez-5.64/tools/mesh/mesh-db.c:2370: var_assign: Assigning: "fd" = handle returned from "open(fname, 0)".
bluez-5.64/tools/mesh/mesh-db.c:2374: noescape: Resource "fd" is not freed or pointed-to in "fstat".
bluez-5.64/tools/mesh/mesh-db.c:2385: noescape: Resource "fd" is not freed or pointed-to in "read". [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
# 2386| if (sz != st.st_size) {
# 2387| l_error("Failed to read configuration file %s", fname);
# 2388|-> return false;
# 2389| }
# 2390|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/mesh/mesh-db.c:2379: alloc_fn: Storage is returned from allocation function "l_malloc".
bluez-5.64/tools/mesh/mesh-db.c:2379: var_assign: Assigning: "__p" = storage returned from "l_malloc(__n * __s)".
bluez-5.64/tools/mesh/mesh-db.c:2379: noescape: Resource "__p" is not freed or pointed-to in "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.64/tools/mesh/mesh-db.c:2379: leaked_storage: Variable "__p" going out of scope leaks the storage it points to.
bluez-5.64/tools/mesh/mesh-db.c:2379: var_assign: Assigning: "str" = "({...; __p;})".
bluez-5.64/tools/mesh/mesh-db.c:2385: noescape: Resource "str" is not freed or pointed-to in "read". [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
# 2386| if (sz != st.st_size) {
# 2387| l_error("Failed to read configuration file %s", fname);
# 2388|-> return false;
# 2389| }
# 2390|
Error: USE_AFTER_FREE (CWE-416):
bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir".
bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees pointer "mesh_dir" which has already been freed.
# 2016| fail:
# 2017| bt_shell_cleanup();
# 2018|-> g_free(mesh_dir);
# 2019|
# 2020| return EXIT_FAILURE;
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/obex-client-tool.c:304: open_fn: Returning handle opened by "socket".
bluez-5.64/tools/obex-client-tool.c:304: var_assign: Assigning: "sk" = handle returned from "socket(1, sock_type, 0)".
bluez-5.64/tools/obex-client-tool.c:312: noescape: Resource "sk" is not freed or pointed-to in "connect".
bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable "sk" going out of scope leaks the handle.
# 313| err = errno;
# 314| g_printerr("connect: %s (%d)\n", strerror(err), err);
# 315|-> return NULL;
# 316| }
# 317|
Error: USE_AFTER_FREE (CWE-672):
bluez-5.64/tools/rctest.c:358: closed_arg: "close(int)" closes "sk".
bluez-5.64/tools/rctest.c:371: pass_closed_arg: Passing closed handle "sk" as an argument to "setsockopt".
# 369| }
# 370|
# 371|-> if (priority > 0 && setsockopt(sk, SOL_SOCKET, SO_PRIORITY,
# 372| &priority, sizeof(priority)) < 0) {
# 373| syslog(LOG_ERR, "Can't set socket priority: %s (%d)",
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/sco-tester.c:534: open_fn: Returning handle opened by "socket".
bluez-5.64/tools/sco-tester.c:534: var_assign: Assigning: "sk" = handle returned from "socket(31, 2053, 2)".
bluez-5.64/tools/sco-tester.c:546: leaked_handle: Handle variable "sk" going out of scope leaks the handle.
# 544| if (!central_bdaddr) {
# 545| tester_warn("No central bdaddr");
# 546|-> return -ENODEV;
# 547| }
# 548|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/test-runner.c:678: open_fn: Returning handle opened by "attach_proto".
bluez-5.64/tools/test-runner.c:678: var_assign: Assigning: "serial_fd" = handle returned from "attach_proto(node, 0U, basic_flags, extra_flags)".
bluez-5.64/tools/test-runner.c:706: leaked_handle: Handle variable "serial_fd" going out of scope leaks the handle.
# 704| if (chdir(home + 5) < 0) {
# 705| perror("Failed to change home test directory");
# 706|-> return;
# 707| }
# 708|
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/test-runner.c:678: open_fn: Returning handle opened by "attach_proto".
bluez-5.64/tools/test-runner.c:678: var_assign: Assigning: "serial_fd" = handle returned from "attach_proto(node, 0U, basic_flags, extra_flags)".
bluez-5.64/tools/test-runner.c:713: leaked_handle: Handle variable "serial_fd" going out of scope leaks the handle.
# 711|
# 712| if (!test_table[idx])
# 713|-> return;
# 714|
# 715| if (!stat(test_table[idx], &st))
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/tools/test-runner.c:678: open_fn: Returning handle opened by "attach_proto".
bluez-5.64/tools/test-runner.c:678: var_assign: Assigning: "serial_fd" = handle returned from "attach_proto(node, 0U, basic_flags, extra_flags)".
bluez-5.64/tools/test-runner.c:738: leaked_handle: Handle variable "serial_fd" going out of scope leaks the handle.
# 736| if (pid < 0) {
# 737| perror("Failed to fork new process");
# 738|-> return;
# 739| }
# 740|
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-19 7:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-19 7:29 [BlueZ] Coverity scan results for bluez-5.64 Gopal Tiwari
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.