This query looks at functions that return file or socket descriptors, but may return an error value before actually closing the resource. This can occur when an operation performed on the open descriptor fails, and the function returns with an error before it closes the open resource. An improperly handled error could cause the function to leak resource descriptors. Failing to close resources in the function that opened them also makes it more difficult to detect leaks.
This check is an approximation, so some results may not be actual defects in the program. It is not possible in general to compute the actual branch taken in conditional statements such as "if" without running the program with all possible input data. This means that it is not possible to determine if a particular statement is going to be executed.
When an error occurs, ensure that the function frees all the resources it holds open.
In the example below, the
sockfd socket may remain open if an error is triggered.
The code should be updated to ensure that the socket is always closed when when the function ends.
- SEI CERT C++ Coding Standard: ERR57-CPP. Do not leak resources when handling exceptions.
- Common Weakness Enumeration: CWE-775.