From 6ef06c19bb4e0a410f523bdae8c675229408ad17 Mon Sep 17 00:00:00 2001 From: Coiby Xu Date: Fri, 11 Jun 2021 11:00:27 +0800 Subject: [PATCH 1/8] fix RESOURCE_LEAK errors detected by covscan in src/xmlpythonizer.c Fix the following errors found by covscan, Error: RESOURCE_LEAK (CWE-772): [#def6] python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:853: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:857: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 855| PyADD_DICT_VALUE(retdata, key, value); # 856| } else { # 857|-> PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)", # 858| map_p->rootpath, elmtid, map_p->key); # 859| } Error: RESOURCE_LEAK (CWE-772): [#def7] python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:879: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:921: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 919| xmlXPathFreeObject(xpo); # 920| } else { # 921|-> PyReturnError(PyExc_ValueError, "Could not get key value: " # 922| "%s [%i] (Defining key: %s)", # 923| map_p->rootpath, elmtid, map_p->key); Error: RESOURCE_LEAK (CWE-772): [#def8] python-dmidecode-3.12.2/src/xmlpythonizer.c:877: alloc_fn: Storage is returned from allocation function "_get_xpath_values". python-dmidecode-3.12.2/src/xmlpythonizer.c:877: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->value)". python-dmidecode-3.12.2/src/xmlpythonizer.c:921: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to. # 919| xmlXPathFreeObject(xpo); # 920| } else { # 921|-> PyReturnError(PyExc_ValueError, "Could not get key value: " # 922| "%s [%i] (Defining key: %s)", # 923| map_p->rootpath, elmtid, map_p->key); Error: RESOURCE_LEAK (CWE-772): [#def9] python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:933: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:934: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 932| } # 933| if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { # 934|-> PyReturnError(PyExc_ValueError, # 935| "Could not get key value: %s [%i] (Defining key: %s)", # 936| map_p->rootpath, elmtid, map_p->key); Error: RESOURCE_LEAK (CWE-772): [#def10] python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:948: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 946| } # 947| if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { # 948|-> PyReturnError(PyExc_ValueError, # 949| "Could not get key value: %s [%i] (Defining key: %s)", # 950| map_p->rootpath, elmtid, map_p->key); Error: RESOURCE_LEAK (CWE-772): [#def11] python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:947: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:959: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 957| xmlXPathFreeObject(xpo); # 958| } # 959|-> PyReturnError(PyExc_ValueError, # 960| "Could not get key value: %s [%i] (Defining key: %s)", # 961| map_p->rootpath, elmtid, map_p->key); Error: RESOURCE_LEAK (CWE-772): [#def12] python-dmidecode-3.12.2/src/xmlpythonizer.c:847: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:847: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:947: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. python-dmidecode-3.12.2/src/xmlpythonizer.c:947: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:995: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 993| } else { # 994| // If NULL, something is wrong - exception is already set. # 995|-> return NULL; # 996| } # 997| } Error: RESOURCE_LEAK (CWE-772): [#def13] python-dmidecode-3.12.2/src/xmlpythonizer.c:954: alloc_fn: Storage is returned from allocation function "_get_xpath_values". python-dmidecode-3.12.2/src/xmlpythonizer.c:954: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->value)". python-dmidecode-3.12.2/src/xmlpythonizer.c:995: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to. # 993| } else { # 994| // If NULL, something is wrong - exception is already set. # 995|-> return NULL; # 996| } # 997| } Error: RESOURCE_LEAK (CWE-772): [#def14] python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:1050: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 1048| xpctx = xmlXPathNewContext(xpdoc); # 1049| if( xpctx == NULL ) { # 1050|-> PyReturnError(PyExc_MemoryError, "Could not setup new XPath context"); # 1051| } # 1052| xpctx->node = data_n; Error: RESOURCE_LEAK (CWE-772): [#def15] python-dmidecode-3.12.2/src/xmlpythonizer.c:1054: alloc_fn: Storage is returned from allocation function "_get_xpath_values". python-dmidecode-3.12.2/src/xmlpythonizer.c:1054: var_assign: Assigning: "xpo" = storage returned from "_get_xpath_values(xpctx, map_p->rootpath)". python-dmidecode-3.12.2/src/xmlpythonizer.c:1065: leaked_storage: Variable "xpo" going out of scope leaks the storage it points to. # 1063| // Exit if we get NULL - something is wrong # 1064| //and exception is set # 1065|-> return NULL; # 1066| } # 1067| } Error: RESOURCE_LEAK (CWE-772): [#def16] python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: alloc_fn: Storage is returned from allocation function "malloc". python-dmidecode-3.12.2/src/xmlpythonizer.c:1031: var_assign: Assigning: "key" = storage returned from "malloc(258UL)". python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: identity_transfer: Passing "key" as argument 2 to function "_get_key_value", which returns that argument. python-dmidecode-3.12.2/src/xmlpythonizer.c:1059: noescape: Resource "key" is not freed or pointed-to in "_get_key_value". python-dmidecode-3.12.2/src/xmlpythonizer.c:1087: leaked_storage: Variable "key" going out of scope leaks the storage it points to. # 1085| // Exit if we get NULL - something is wrong # 1086| //and exception is set # 1087|-> return NULL; # 1088| } # 1089| } Signed-off-by: Coiby Xu --- src/xmlpythonizer.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/xmlpythonizer.c b/src/xmlpythonizer.c index e9c9242..ce2d067 100644 --- a/src/xmlpythonizer.c +++ b/src/xmlpythonizer.c @@ -854,6 +854,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, value = PyBytes_FromString(map_p->value); PyADD_DICT_VALUE(retdata, key, value); } else { + xmlXPathFreeContext(xpctx); + xmlFreeDoc(xpdoc); + free(key); PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)", map_p->rootpath, elmtid, map_p->key); } @@ -918,6 +921,10 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, PyADD_DICT_VALUE(retdata, key, value); xmlXPathFreeObject(xpo); } else { + xmlXPathFreeObject(xpo); + xmlXPathFreeContext(xpctx); + xmlFreeDoc(xpdoc); + free(key); PyReturnError(PyExc_ValueError, "Could not get key value: " "%s [%i] (Defining key: %s)", map_p->rootpath, elmtid, map_p->key); @@ -931,6 +938,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, break; } if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { + xmlXPathFreeContext(xpctx); + xmlFreeDoc(xpdoc); + free(key); PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)", map_p->rootpath, elmtid, map_p->key); @@ -945,6 +955,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, break; } if( _get_key_value(logp, key, 256, map_p, xpctx, 0) == NULL ) { + xmlXPathFreeContext(xpctx); + xmlFreeDoc(xpdoc); + free(key); PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)", map_p->rootpath, elmtid, map_p->key); @@ -956,6 +969,9 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, if( xpo != NULL ) { xmlXPathFreeObject(xpo); } + xmlXPathFreeContext(xpctx); + xmlFreeDoc(xpdoc); + free(key); PyReturnError(PyExc_ValueError, "Could not get key value: %s [%i] (Defining key: %s)", map_p->rootpath, elmtid, map_p->key); @@ -991,6 +1007,10 @@ PyObject *_deep_pythonize(Log_t *logp, PyObject *retdata, PyList_Append(value, dataset); } } else { + xmlXPathFreeObject(xpo); + xmlXPathFreeContext(xpctx); + xmlFreeDoc(xpdoc); + free(key); // If NULL, something is wrong - exception is already set. return NULL; } @@ -1047,6 +1067,8 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) { xpctx = xmlXPathNewContext(xpdoc); if( xpctx == NULL ) { + xmlFreeDoc(xpdoc); + free(key); PyReturnError(PyExc_MemoryError, "Could not setup new XPath context"); } xpctx->node = data_n; @@ -1062,6 +1084,10 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) { if( res == NULL ) { // Exit if we get NULL - something is wrong //and exception is set + xmlXPathFreeObject(xpo); + xmlXPathFreeContext(xpctx); + xmlFreeDoc(xpdoc); + free(key); return NULL; } } @@ -1084,6 +1110,7 @@ PyObject *pythonizeXMLnode(Log_t *logp, ptzMAP *in_map, xmlNode *data_n) { if( res == NULL ) { // Exit if we get NULL - something is wrong //and exception is set + free(key); return NULL; } } -- 2.31.1