Bug Summary

File:builds/wireshark/wireshark/epan/tvbuff_zstd.c
Warning:line 87, column 21
Potential leak of memory pointed to by 'uncompr'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name tvbuff_zstd.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-18/lib/clang/18 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /builds/wireshark/wireshark/epan -isystem /builds/wireshark/wireshark/build/epan -isystem /usr/include/libxml2 -isystem /usr/include/lua5.4 -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -D epan_EXPORTS -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -I /builds/wireshark/wireshark/wiretap -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-truncation -Wno-format-nonliteral -Wno-pointer-sign -std=gnu11 -ferror-limit 19 -fvisibility=hidden -fwrapv -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -dwarf-debug-flags /usr/lib/llvm-18/bin/clang -### --analyze -x c -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -D epan_EXPORTS -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -I /builds/wireshark/wireshark/wiretap -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /builds/wireshark/wireshark/epan -isystem /builds/wireshark/wireshark/build/epan -isystem /usr/include/libxml2 -isystem /usr/include/lua5.4 -fvisibility=hidden -fexcess-precision=fast -fstrict-flex-arrays=3 -fstack-clash-protection -fcf-protection=full -D _GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing -fexceptions -Wno-format-truncation -Wno-format-nonliteral -fdiagnostics-color=always -Wno-pointer-sign -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -std=gnu11 -fPIC /builds/wireshark/wireshark/epan/tvbuff_zstd.c -o /builds/wireshark/wireshark/sbout/2024-11-20-100252-3912-1 -Xclang -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2024-11-20-100252-3912-1 -x c /builds/wireshark/wireshark/epan/tvbuff_zstd.c
1/* tvbuff_zstd.c
2 * Copyright 2022, Kevin Albertson <kevin.eric.albertson [AT] gmail.com>
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <[email protected]>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11/*
12 * Decompress ZSTD: http://facebook.github.io/zstd/
13 */
14
15#include "config.h"
16
17#ifdef HAVE_ZSTD1
18#include <zstd.h>
19#endif
20
21#include "proto.h" // DISSECTOR_ASSERT_HINT
22#include "tvbuff.h"
23
24#include "tvbuff-int.h" // tvb_add_to_chain
25
26#define MAX_LOOP_ITERATIONS100 100
27
28tvbuff_t *tvb_uncompress_zstd(tvbuff_t *tvb, const int offset, int comprlen)
29{
30#ifndef HAVE_ZSTD1
31 // Cast to void to silence unused warnings.
32 (void)tvb;
33 (void)offset;
34 (void)comprlen;
35 return NULL((void*)0);
36#else
37 ZSTD_inBuffer input = {tvb_memdup(NULL((void*)0), tvb, offset, comprlen), comprlen, 0};
38 ZSTD_DStream *zds = ZSTD_createDStream();
39 size_t rc = 0;
40 uint8_t *uncompr = NULL((void*)0);
41 size_t uncompr_len = 0;
42 bool_Bool ok = false0;
43 int count = 0;
44
45 // ZSTD does not consume the last byte of the frame until it has flushed all of the decompressed data of the frame.
46 // Therefore, loop while there is more input.
47 ZSTD_outBuffer output = {g_malloc(ZSTD_DStreamOutSize()), ZSTD_DStreamOutSize(), 0};
48 while (input.pos < input.size && count < MAX_LOOP_ITERATIONS100)
2
Assuming field 'pos' is < field 'size'
3
Loop condition is true. Entering loop body
11
Assuming field 'pos' is < field 'size'
12
Loop condition is true. Entering loop body
20
Assuming field 'pos' is >= field 'size'
49 {
50 rc = ZSTD_decompressStream(zds, &output, &input);
51 if (ZSTD_isError(rc))
4
Assuming the condition is false
5
Taking false branch
13
Assuming the condition is false
14
Taking false branch
52 {
53 goto end;
54 }
55
56 if (output.pos > 0)
6
Assuming field 'pos' is > 0
7
Taking true branch
15
Assuming field 'pos' is > 0
16
Taking true branch
57 {
58 if (!uncompr
7.1
'uncompr' is null
16.1
'uncompr' is non-null
)
17
Taking false branch
59 {
60 DISSECTOR_ASSERT (uncompr_len == 0)((void) ((uncompr_len == 0) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\"", "epan/tvbuff_zstd.c", 60, "uncompr_len == 0"
))))
;
8
Taking true branch
9
'?' condition is true
61 uncompr = g_malloc(output.pos);
62 } else {
63 uncompr = g_realloc(uncompr, uncompr_len + output.pos);
18
Memory is allocated
64 }
65 memcpy (uncompr + uncompr_len, output.dst, output.pos);
66 uncompr_len += output.pos;
67 // Reset the output buffer.
68 output.pos = 0;
69 }
70 count++;
71 DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, "MAX_LOOP_ITERATIONS exceeded")((void) ((count < 100) ? (void)0 : (proto_report_dissector_bug
("%s:%u: failed assertion \"%s\" (%s)", "epan/tvbuff_zstd.c",
71, "count < 100", "MAX_LOOP_ITERATIONS exceeded"))))
;
10
'?' condition is true
19
'?' condition is true
72 }
73 if (rc > 0)
21
Assuming 'rc' is <= 0
22
Taking false branch
74 {
75 // There is extra data that was not decompressed.
76 goto end;
77 }
78
79 ok = true1;
80end:
81 g_free((void *)output.dst);
82 wmem_free(NULL((void*)0), (void *)input.src);
83 ZSTD_freeDStream(zds);
84 if (ok
22.1
'ok' is true
)
23
Taking true branch
85 {
86 tvbuff_t *uncompr_tvb;
87 uncompr_tvb = tvb_new_real_data (uncompr, (unsigned)uncompr_len, (unsigned)uncompr_len);
24
Potential leak of memory pointed to by 'uncompr'
88 tvb_set_free_cb (uncompr_tvb, g_free);
89 return uncompr_tvb;
90 }
91
92 if (uncompr)
93 {
94 g_free (uncompr);
95 }
96
97 return NULL((void*)0);
98#endif /* HAVE_ZSTD */
99}
100
101tvbuff_t *tvb_child_uncompress_zstd(tvbuff_t *parent, tvbuff_t *tvb, const int offset, int comprlen)
102{
103 tvbuff_t *uncompressed = tvb_uncompress_zstd(tvb, offset, comprlen);
1
Calling 'tvb_uncompress_zstd'
104 if (!uncompressed)
105 {
106 return uncompressed;
107 }
108 tvb_add_to_chain(parent, uncompressed);
109 return uncompressed;
110}