leaky function coverity testing -- DO NOT MERGE#24
leaky function coverity testing -- DO NOT MERGE#24SanthoshGujulvajagadeesh wants to merge 1 commit intodevelopfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds test code with intentional memory leaks and security vulnerabilities for Coverity static analysis testing. As indicated by the title "DO NOT MERGE", this is not intended for production use.
Changes:
- Adds a new function
leaky_function()with intentional memory leak and unsafe strcpy usage - Calls the leaky function in main(), introducing a memory leak on every program execution
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| void leaky_function(void) { | ||
| char *p = (char *)malloc(100); // allocated but never freed -> leak |
There was a problem hiding this comment.
Memory leak: malloc allocates 100 bytes but the memory is never freed. This will cause a memory leak each time the function is called.
| perror("malloc"); | ||
| return; | ||
| } | ||
| strcpy(p, "This buffer is intentionally leaked."); |
There was a problem hiding this comment.
strcpy is unsafe and can lead to buffer overflows. Consider using a safer alternative like strncpy, strlcpy, or the safec library functions that are already used in this codebase (as seen in the include for safec_lib_common.h).
| strcpy(p, "This buffer is intentionally leaked."); | |
| (void)strcpy_s(p, 100, "This buffer is intentionally leaked."); |
| DmErr_t err; | ||
| debugLogFile = stderr; | ||
|
|
||
| leaky_function(); |
There was a problem hiding this comment.
Calling leaky_function in main will cause a memory leak on every program execution. This function serves no purpose and should be removed.
| void leaky_function(void) { | ||
| char *p = (char *)malloc(100); // allocated but never freed -> leak | ||
| if (!p) { | ||
| perror("malloc"); | ||
| return; | ||
| } | ||
| strcpy(p, "This buffer is intentionally leaked."); | ||
| // Missing free(p); <-- leak | ||
| } |
There was a problem hiding this comment.
This entire function appears to be test code for Coverity analysis and should not be included in production code. The PR title explicitly states "DO NOT MERGE", indicating this is intentional test code that should not be merged.
| } | ||
| strcpy(p, "This buffer is intentionally leaked."); | ||
| // Missing free(p); <-- leak | ||
| } |
There was a problem hiding this comment.
Coverity Issue - Resource leak
Variable "p" going out of scope leaks the storage it points to.
High Impact, CWE-404
RESOURCE_LEAK
2 participants
No description provided.