Description
Found with this CodeQL query (which checks for function returns where variables that are assigned a result of a bson_malloc* have no associated bson_free statement):
import cpp
|
|
|
from FunctionCall alloc, LocalScopeVariable v, ReturnStmt return
|
where
|
(
|
alloc.getTarget().getQualifiedName() = "bson_malloc" or
|
alloc.getTarget().getQualifiedName() = "bson_malloc0" or
|
alloc.getTarget().getQualifiedName() = "bson_realloc" or
|
alloc.getTarget().getQualifiedName() = "bson_calloc"
|
) and
|
v.getAnAssignedValue() = alloc and
|
alloc.getASuccessor+() = return and
|
not alloc.getEnclosingFunction().getQualifiedName().matches("%new%") and
|
not alloc.getEnclosingFunction().getQualifiedName().matches("%dup%") and
|
not alloc.getEnclosingFunction().getQualifiedName().matches("%clone%") and
|
not alloc.getEnclosingFunction().getQualifiedName().matches("%init%") and
|
not return.getExpr() = v.getAnAccess() and
|
not exists (FunctionCall free |
|
free.getTarget().getQualifiedName() = "bson_free" and
|
free.getAnArgument() = v.getAnAccess() and
|
free.getASuccessor+() = return and
|
free.getAPredecessor+() = alloc
|
)
|
|
|
select return, "leaks", v, "in ", alloc.getEnclosingFunction().getQualifiedName()
|
Attachments
Issue Links
- is related to
-
CDRIVER-3388 SRV record lookup fails if DNS response exceeds 1024 characters
-
- Closed
-