Trivial - P5 Found with this CodeQL query (which checks for function returns where variables that are assigned a result of a bson_malloc* have no associated bson_free statement):
import cpp from FunctionCall alloc, LocalScopeVariable v, ReturnStmt return where ( alloc.getTarget().getQualifiedName() = "bson_malloc" or alloc.getTarget().getQualifiedName() = "bson_malloc0" or alloc.getTarget().getQualifiedName() = "bson_realloc" or alloc.getTarget().getQualifiedName() = "bson_calloc" ) and v.getAnAssignedValue() = alloc and alloc.getASuccessor+() = return and not alloc.getEnclosingFunction().getQualifiedName().matches("%new%") and not alloc.getEnclosingFunction().getQualifiedName().matches("%dup%") and not alloc.getEnclosingFunction().getQualifiedName().matches("%clone%") and not alloc.getEnclosingFunction().getQualifiedName().matches("%init%") and not return.getExpr() = v.getAnAccess() and not exists (FunctionCall free | free.getTarget().getQualifiedName() = "bson_free" and free.getAnArgument() = v.getAnAccess() and free.getASuccessor+() = return and free.getAPredecessor+() = alloc ) select return, "leaks", v, "in ", alloc.getEnclosingFunction().getQualifiedName()
- is related to
-
CDRIVER-3388 SRV record lookup fails if DNS response exceeds 1024 characters
-
- Closed
-