The MLK.RET.MUST issue is reported when allocated memory is returned from a function, but is not assigned to any variable. The allocated memory is lost at this point.
Vulnerability and risk
Memory leaks cause the application to consume additional memory. This reduces the amount of memory available to other applications and eventually causes the operating system to start paging, slowing the system down. In critical cases, the application will reach overall memory limits, which may result in application crashes.
Vulnerable code example
Klocwork produces a memory leak report indicating that dynamic memory allocated through function 'alloc_data' is lost at line 8.
Fixed code example
void* ptr = alloc_data();
- CWE-400: Uncontrolled Resource Consumption
- CWE-401: Missing Release of Memory after Effective Lifetime
- CERT ERR57-CPP: Do not leak resources when handling exceptions
- CERT MEM00-C: Allocate and free memory in the same module, at the same level of abstraction
- CERT MEM12-C: Consider using a goto chain when leaving a function on error when using and releasing resources