MLK.RET.MIGHT

Memory leak possible

The MLK.RET.MIGHT issue is reported when memory may be allocated and returned from a function, depending on certain conditions, but is not assigned to any variable. The allocated memory is lost at this point.

Vulnerability and risk

Memory leaks cause the application to consume additional memory. This reduces the amount of memory available to other applications and eventually causes the operating system to start paging, slowing the system down. In critical cases, the application will reach overall memory limits, which may result in application crashes.

Example 1

1
2
3
4
5
6
7
8
9
10
11
12
13
  void* alloc_data(void* pool)
  {
    if (pool) {
       return pool_alloc(pool, 10);
    } else {
       return malloc(10);
    }
  }

  void foo(void* pool)
  {
    alloc_data(pool);
  }

Klocwork produces a memory leak report indicating that dynamic memory which might be allocated through function 'alloc_data' is lost at line 12.

External guidance

• CWE-400: Uncontrolled Resource Consumption
• CWE-401: Missing Release of Memory after Effective Lifetime
• CERT ERR57-CPP: Do not leak resources when handling exceptions
• CERT MEM00-C: Allocate and free memory in the same module, at the same level of abstraction
• CERT MEM12-C: Consider using a goto chain when leaving a function on error when using and releasing resources