Memory leaks reported by Scan Coverity
edsiper opened this issue · 0 comments
edsiper commented
In our project, Fluent Bit, we use libonigmo for regex parsing. The static analysis system Coverity reported some possible memory leaks. Would you please validate the 3 reported issues ?:
CID 156544: (RESOURCE_LEAK)
/lib/onigmo/regcomp.c: 3680 in expand_case_fold_string()
/lib/onigmo/regcomp.c: 3599 in expand_case_fold_string()
/lib/onigmo/regcomp.c: 3630 in expand_case_fold_string()
/lib/onigmo/regcomp.c: 3599 in expand_case_fold_string()
*** CID 156544: (RESOURCE_LEAK)
/lib/onigmo/regcomp.c: 3680 in expand_case_fold_string()
3674 Node *srem;
3675
3676 r = expand_case_fold_make_rem_string(&srem, p, end, reg);
3677 if (r != 0) goto mem_err;
3678
3679 if (IS_NOT_NULL(prev_node) && IS_NULL(root)) {
>>> CID 156544: (RESOURCE_LEAK)
>>> Overwriting "top_root" in "top_root = root = onig_node_list_add(NULL, prev_node)" leaks the storage that "top_root" points to.
3680 top_root = root = onig_node_list_add(NULL_NODE, prev_node);
3681 if (IS_NULL(root)) {
3682 onig_node_free(srem);
3683 onig_node_free(prev_node);
3684 goto mem_err;
3685 }
/lib/onigmo/regcomp.c: 3599 in expand_case_fold_string()
3593 len = enclen(reg->enc, p, end);
3594
3595 varlen = is_case_fold_variable_len(n, items, len);
3596 if (n == 0 || varlen == 0) {
3597 if (IS_NULL(snode)) {
3598 if (IS_NULL(root) && IS_NOT_NULL(prev_node)) {
>>> CID 156544: (RESOURCE_LEAK)
>>> Overwriting "top_root" in "top_root = root = onig_node_list_add(NULL, prev_node)" leaks the storage that "top_root" points to.
3599 top_root = root = onig_node_list_add(NULL_NODE, prev_node);
3600 if (IS_NULL(root)) {
3601 onig_node_free(prev_node);
3602 goto mem_err;
3603 }
3604 }
/lib/onigmo/regcomp.c: 3630 in expand_case_fold_string()
3624 r = update_string_node_case_fold(reg, snode);
3625 if (r == 0) {
3626 NSTRING_SET_AMBIG(snode);
3627 }
3628 }
3629 if (IS_NULL(root) && IS_NOT_NULL(prev_node)) {
>>> CID 156544: (RESOURCE_LEAK)
>>> Overwriting "top_root" in "top_root = root = onig_node_list_add(NULL, prev_node)" leaks the storage that "top_root" points to.
3630 top_root = root = onig_node_list_add(NULL_NODE, prev_node);
3631 if (IS_NULL(root)) {
3632 onig_node_free(prev_node);
3633 goto mem_err;
3634 }
3635 }
/lib/onigmo/regcomp.c: 3599 in expand_case_fold_string()
3593 len = enclen(reg->enc, p, end);
3594
3595 varlen = is_case_fold_variable_len(n, items, len);
3596 if (n == 0 || varlen == 0) {
3597 if (IS_NULL(snode)) {
3598 if (IS_NULL(root) && IS_NOT_NULL(prev_node)) {
>>> CID 156544: (RESOURCE_LEAK)
>>> Overwriting "top_root" in "top_root = root = onig_node_list_add(NULL, prev_node)" leaks the storage that "top_root" points to.
3599 top_root = root = onig_node_list_add(NULL_NODE, prev_node);
3600 if (IS_NULL(root)) {
3601 onig_node_free(prev_node);
3602 goto mem_err;
3603 }
3604 }
CID 156532: Null pointer dereferences (FORWARD_NULL)
/lib/onigmo/regcomp.c: 1271 in compile_length_enclose_node()
1265 len = SIZE_OP_PUSH_STOP_BT + tlen + SIZE_OP_POP_STOP_BT;
1266 }
1267 break;
1268
1269 case ENCLOSE_CONDITION:
1270 len = SIZE_OP_CONDITION;
>>> CID 156532: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "node->target".
1271 if (NTYPE(node->target) == NT_ALT) {
1272 Node* x = node->target;
1273
1274 tlen = compile_length_tree(NCAR(x), reg); /* yes-node */
1275 if (tlen < 0) return tlen;
1276 len += tlen + SIZE_OP_JUMP;
CID 93270: Null pointer dereferences (FORWARD_NULL)
/lib/onigmo/regcomp.c: 1258 in compile_length_enclose_node()
1252 }
1253 break;
1254
1255 case ENCLOSE_STOP_BACKTRACK:
1256 if (IS_ENCLOSE_STOP_BT_SIMPLE_REPEAT(node)) {
1257 QtfrNode* qn = NQTFR(node->target);
>>> CID 93270: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "qn".
1258 tlen = compile_length_tree(qn->target, reg);
1259 if (tlen < 0) return tlen;
1260
1261 len = tlen * qn->lower
1262 + SIZE_OP_PUSH + tlen + SIZE_OP_POP + SIZE_OP_JUMP;
1263 }