Checkers:RH.LEAK

From current

The program hasn't released a previously acquired resource, and all descriptors related to this resource are lost at this point.

Vulnerability and risk

Related to resource management problems.

Example 1

1  #include <stdio.h>
2  
3  int my_open_r(const char *name, FILE **pf) {
4      FILE *f = fopen(name, "r");
5      if (!f) {
6          return -1;
7      }
8      *pf = f;
9      return 0;
10 }
11 
12 int test_file(const char *name) {
13     FILE *dummy;
14     if (my_open_r(name, &dummy) == -1) {
15         fprintf(stderr, "Problem with: %s\n", name);
16         return 0;
17     }
18     return 1;
19 }

Klocwork produces a resource leak issue report, indicating that a resource descriptor is acquired to the 'dummy' variable at line 14 through a call to the 'my_open_r' function, and may be lost at line 18 when the 'test_file' function returns.

Security Guidelines

• CWE-403:Exposure of File Descriptor to Unintended Control Sphere
• CWE-404:Improper Resource shutdown or release
• CWE-770: Allocation of Resources Without Limits or Throttling
• FIO42-C:Ensure files are properly closed when they are no longer needed