Hi, I got to Coverity static analysis scan report for postfix. Most of the errors were false positives, but two minor errors seems suspicious, that it could cause leaks, so sharing them for review. Unfortunately, it's result for postfix-3.2.5, but the same code is in the latest postfix - just the lines from the report have slight offset, sorry about that, but hopefully it will be also useful.
Error: RESOURCE_LEAK (CWE-772): [#def16] postfix-3.2.5/src/posttls-finger/posttls-finger.c:1412: alloc_fn: Storage is returned from allocation function "connect_unix". postfix-3.2.5/src/posttls-finger/posttls-finger.c:941:5: alloc_fn: Storage is returned from allocation function "connect_sock". postfix-3.2.5/src/posttls-finger/posttls-finger.c:870:5: alloc_fn: Storage is returned from allocation function "vstream_fdopen". postfix-3.2.5/src/util/vstream.c:1214:5: alloc_fn: Storage is returned from allocation function "mymalloc". postfix-3.2.5/src/util/mymalloc.c:160:5: alloc_fn: Storage is returned from allocation function "malloc". postfix-3.2.5/src/util/mymalloc.c:160:5: var_assign: Assigning: "real_ptr" = "malloc(16UL + len)". postfix-3.2.5/src/util/mymalloc.c:163:5: var_assign: Assigning: "ptr" = "real_ptr". postfix-3.2.5/src/util/mymalloc.c:164:5: noescape: Resource "ptr" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] postfix-3.2.5/src/util/mymalloc.c:165:5: return_alloc: Returning allocated memory "ptr". postfix-3.2.5/src/util/vstream.c:1214:5: var_assign: Assigning: "stream" = "mymalloc(320L)". postfix-3.2.5/src/util/vstream.c:1229:5: return_alloc: Returning allocated memory "stream". postfix-3.2.5/src/posttls-finger/posttls-finger.c:870:5: var_assign: Assigning: "stream" = "vstream_fdopen(sock, 2)". postfix-3.2.5/src/posttls-finger/posttls-finger.c:890:2: noescape: Resource "stream" is not freed or pointed-to in function "vstream_tweak_tcp". postfix-3.2.5/src/util/vstream_tweak.c:86:36: noescape: "vstream_tweak_tcp(VSTREAM *)" does not free or save its parameter "fp". postfix-3.2.5/src/posttls-finger/posttls-finger.c:892:5: return_alloc: Returning allocated memory "stream". postfix-3.2.5/src/posttls-finger/posttls-finger.c:941:5: return_alloc_fn: Directly returning storage allocated by "connect_sock". postfix-3.2.5/src/posttls-finger/posttls-finger.c:1412: leaked_storage: Ignoring storage allocated by "connect_unix(state, dest + 5)" leaks it. # 1410| if (state->smtp == 0) { # 1411| if (strncmp(dest, "unix:", 5) == 0) { # 1412|-> connect_unix(state, dest + 5); # 1413| if (!state->stream) # 1414| msg_info("Failed to establish session to %s: %s", Error: RESOURCE_LEAK (CWE-772): [#def18] postfix-3.2.5/src/util/dict_random.c:108: alloc_fn: Storage is returned from allocation function "argv_splitq". postfix-3.2.5/src/util/argv_splitq.c:69:19: alloc_fn: Storage is returned from allocation function "argv_alloc". postfix-3.2.5/src/util/argv.c:157:5: alloc_fn: Storage is returned from allocation function "mymalloc". postfix-3.2.5/src/util/mymalloc.c:160:5: alloc_fn: Storage is returned from allocation function "malloc". postfix-3.2.5/src/util/mymalloc.c:160:5: var_assign: Assigning: "real_ptr" = "malloc(16UL + len)". postfix-3.2.5/src/util/mymalloc.c:163:5: var_assign: Assigning: "ptr" = "real_ptr". postfix-3.2.5/src/util/mymalloc.c:164:5: noescape: Resource "ptr" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.] postfix-3.2.5/src/util/mymalloc.c:165:5: return_alloc: Returning allocated memory "ptr". postfix-3.2.5/src/util/argv.c:157:5: var_assign: Assigning: "argvp" = "mymalloc(24L)". postfix-3.2.5/src/util/argv.c:164:5: return_alloc: Returning allocated memory "argvp". postfix-3.2.5/src/util/argv_splitq.c:69:19: var_assign: Assigning: "argvp" = "argv_alloc(1L)". postfix-3.2.5/src/util/argv_splitq.c:76:5: noescape: Resource "argvp" is not freed or pointed-to in function "argv_terminate". postfix-3.2.5/src/util/argv.c:242:30: noescape: "argv_terminate(ARGV *)" does not free or save its parameter "argvp". postfix-3.2.5/src/util/argv_splitq.c:78:5: return_alloc: Returning allocated memory "argvp". postfix-3.2.5/src/util/dict_random.c:108: var_assign: Assigning: "argv" = storage returned from "argv_splitq(saved_name, ", \t\r\n", "{}")". postfix-3.2.5/src/util/dict_random.c:112: leaked_storage: Variable "argv" going out of scope leaks the storage it points to. # 110| || ((argv = argv_splitq(saved_name, CHARS_COMMA_SP, CHARS_BRACE)), # 111| (argv->argc == 0))) # 112|-> DICT_RANDOM_RETURN(dict_surrogate(DICT_TYPE_RANDOM, name, # 113| open_flags, dict_flags, # 114| "bad syntax: \"%s:%s\"; " thanks & regards Jaroslav