Merge pull request #1410 from giuseppe/fix-leaks

src: fix some leaks found by static analysis
containers · Feb 8, 2024 · 666b3ba · 666b3ba · packit-as-a-service · Feb 8, 2024
2 parents 9d01392 + fdb41c3
commit 666b3ba
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/src/libcrun/cgroup-setup.c b/src/libcrun/cgroup-setup.c
@@ -42,6 +42,8 @@
 static int
 initialize_cpuset_subsystem_rec (char *path, size_t path_len, char *cpus, char *mems, runtime_spec_schema_config_linux_resources *resources, libcrun_error_t *err)
 {
+  cleanup_free char *allocated_cpus = NULL;
+  cleanup_free char *allocated_mems = NULL;
   cleanup_close int dirfd = -1;
   cleanup_close int mems_fd = -1;
   cleanup_close int cpus_fd = -1;
@@ -118,9 +120,9 @@ initialize_cpuset_subsystem_rec (char *path, size_t path_len, char *cpus, char *
   if (resources && resources->cpu)
     {
       if (resources->cpu->cpus && ! has_cpus)
-        cpus = xstrdup (resources->cpu->cpus);
+        cpus = allocated_cpus = xstrdup (resources->cpu->cpus);
       if (resources->cpu->mems && ! has_mems)
-        mems = xstrdup (resources->cpu->mems);
+        mems = allocated_mems = xstrdup (resources->cpu->mems);
     }
 
   /* Finally, if we have a fd to populate, write the value chosen. If we have a value from the resources struct to base it off of,

diff --git a/src/libcrun/cgroup-systemd.c b/src/libcrun/cgroup-systemd.c
@@ -206,7 +206,6 @@ static int
 setup_missing_cpu_options_for_systemd (runtime_spec_schema_config_linux_resources *resources, bool cgroup2, const char *path, libcrun_error_t *err)
 {
   cleanup_free char *cgroup_path = NULL;
-  cleanup_close int dirfd = -1;
   int parent;
   int ret;
 
@@ -218,6 +217,8 @@ setup_missing_cpu_options_for_systemd (runtime_spec_schema_config_linux_resource
 
   for (parent = 0; parent < 2; parent++)
     {
+      cleanup_close int dirfd = -1;
+
       if (cgroup2)
         ret = append_paths (&cgroup_path, err, CGROUP_ROOT, path ? path : "", (parent ? ".." : NULL), NULL);
       else

diff --git a/src/libcrun/container.c b/src/libcrun/container.c
@@ -3913,7 +3913,7 @@ populate_capabilities (struct features_info_s *info, char ***capabilities, size_
 static void
 retrieve_mount_options (struct features_info_s **info)
 {
-  const struct propagation_flags_s *mount_options_list;
+  cleanup_free const struct propagation_flags_s *mount_options_list = NULL;
   size_t num_mount_options = 0;
 
   // Retrieve mount options from wordlist
@@ -3940,8 +3940,8 @@ libcrun_container_get_features (libcrun_context_t *context, struct features_info
   size_t num_actions = sizeof (actions) / sizeof (actions[0]);
   size_t num_hooks = sizeof (hooks) / sizeof (hooks[0]);
   size_t num_archs = sizeof (archs) / sizeof (archs[0]);
+  cleanup_free char **capabilities = NULL;
   size_t num_capabilities = 0;
-  char **capabilities = NULL;
 
   *info = xmalloc0 (sizeof (struct features_info_s));
 
@@ -4000,7 +4000,7 @@ libcrun_container_get_features (libcrun_context_t *context, struct features_info
     int size = snprintf (NULL, 0, "%u.%u.%u", version->major, version->minor, version->micro) + 1;
     char *version_string = xmalloc0 (size);
     snprintf (version_string, size, "%u.%u.%u", version->major, version->minor, version->micro);
-    (*info)->annotations.io_github_seccomp_libseccomp_version = xstrdup (version_string);
+    (*info)->annotations.io_github_seccomp_libseccomp_version = version_string;
   }
 #endif
 

diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c
@@ -4020,7 +4020,7 @@ maybe_get_idmapped_mount (runtime_spec_schema_config_schema *def, runtime_spec_s
   cleanup_close int fd = -1;
   const char *idmap_option;
   bool recursive = false;
-  const char *options;
+  const char *options = NULL;
   char proc_path[64];
   bool has_mappings;
   int ret;