From c045cdded4e3850724d8bb3a655852948e62c0df Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Thu, 2 Aug 2018 13:49:52 +0200 Subject: [PATCH] * src/utils.c (open_stat): Fix RESOURCE LEAK found by Coverity Error: RESOURCE_LEAK (CWE-772): wget-1.19.5/src/utils.c:914: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] wget-1.19.5/src/utils.c:914: var_assign: Assigning: "fd" = handle returned from "open(fname, flags, mode)". wget-1.19.5/src/utils.c:921: noescape: Resource "fd" is not freed or pointed-to in "fstat". [Note: The source code implementation of the function has been overridden by a builtin model.] wget-1.19.5/src/utils.c:924: leaked_handle: Handle variable "fd" going out of scope leaks the handle. \# 922| { \# 923| logprintf (LOG_NOTQUIET, _("Failed to stat file %s, error: %s\n"), fname, strerror(errno)); \# 924|-> return -1; \# 925| } \# 926| #if !(defined(WINDOWS) || defined(__VMS)) This seems to be a real issue, since the opened file descriptor in "fd" would leak. There is also additional check below the "fstat" call, which closes the opened "fd". Signed-off-by: Tomas Hozza --- src/utils.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/utils.c b/src/utils.c index 0cb905ad..c6258083 100644 --- a/src/utils.c +++ b/src/utils.c @@ -924,6 +924,7 @@ open_stat(const char *fname, int flags, mode_t mode, file_stats_t *fstats) if (fstat (fd, &fdstats) == -1) { logprintf (LOG_NOTQUIET, _("Failed to stat file %s, error: %s\n"), fname, strerror(errno)); + close (fd); return -1; } #if !(defined(WINDOWS) || defined(__VMS))