The following can be a possible example of a case where the analyzer fails
to understand POSIX file-descriptor API.
- - -
#include <stdio.h>
#include <fcntl.h>
void test()
{
int fd;
fd = open("foo.txt", O_RDONLY | O_CREAT);
}
void test_2()
{
FILE *f;
f = fopen("demo.c", "r");
}
godbolt link: https://godbolt.org/z/vbTq6fTnd
- - -
You can see that unlike the "File *” pointer ( f ), analyzer is not
tracking integer file descriptor ( fd ) which is also leaking at the end of
function "test ()” and should ideally be reported with CWE-775
( https://cwe.mitre.org/data/definitions/775.html )
If you look at the exploded graph of the given program, the analyzer is not
able to identify the call to `open ()` and treating it as a "call to
unknown function”.
- Ankur
