rcp: fix memleak in cpc_secondary_app_version()

MathisMARION · MathisMARION · commit 3a91f0138536 · 2025-09-03T17:11:42.000+02:00
gcc -fsanitize=leak reported: Direct leak of 7 byte(s) in 1 object(s) allocated from: #0 0x62c51c in __interceptor_calloc (/usr/local/bin/wsbrd+0x15051c) (BuildId: 118a136d933787dcd018225c9fbf39ff524a9995) #1 0x76de2570 in zalloc sl_cpc.c #2 0x76ded368 in cpc_get_secondary_app_version (/usr/local/lib/libcpc.so.3+0xc368) (BuildId: 2ccfb015683fef6696474d811e1962d05724f1cd) #3 0x9964e0 in cpc_secondary_app_version common/bus_cpc.c:66:11 #4 0x7961f4 in rcp_init common/rcp_api.c:696:28 #5 0x678a60 in wsbr_main app_wsbrd/app/wsbrd.c:594:5 #6 0x671c58 in main app_wsbrd/app/main.c:18:12 #7 0x76c223ec in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 Note that cpc_get_secondary_app_version() documents: On success, an owned copy of the string is returned. This copy can be freed using cpc_free_secondary_app_version(copy). However, cpc_free_secondary_app_version() takes a non-const char * as argument, which forces to cast away the const char * returned by cpc_get_secondary_app_version().
diff --git a/common/bus_cpc.c b/common/bus_cpc.c
@@ -65,9 +65,12 @@ uint32_t cpc_secondary_app_version(struct bus *bus)
 
     str = cpc_get_secondary_app_version(bus->cpc.handle);
     BUG_ON(!str);
-    if (!strcmp(str, "UNDEFINED"))
-        return VERSION(0, 0, 0);
-    ret = sscanf(str, "%hhu.%hu.%hhu", &major, &minor, &patch);
-    BUG_ON(ret == EOF);
+    if (!strcmp(str, "UNDEFINED")) {
+        major = minor = patch = 0;
+    } else {
+        ret = sscanf(str, "%hhu.%hu.%hhu", &major, &minor, &patch);
+        BUG_ON(ret == EOF);
+    }
+    cpc_free_secondary_app_version((char *)str);
     return VERSION(major, minor, patch);
 }
