[jboss-jira] [JBoss JIRA] (ELY-841) Coverity static analysis: Resource leaks in ProviderLoaderService (Elytron subsystem)

Ilia Vassilev (JIRA) issues at jboss.org
Wed Dec 21 10:44:00 EST 2016 

    [ https://issues.jboss.org/browse/ELY-841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13341310#comment-13341310 ] 

Ilia Vassilev commented on ELY-841:
-----------------------------------

[~jcacek] Next time, can you please open the Elytron Subsystem issues under the WildFly project? The Elytron issues still need to be under WildFly Elytron project. I'll move all current Elytron Subsystem issues to WildFly. Also, please open first the upstream issues and then clone from the JBEAP issue. Thanks!

> Coverity static analysis: Resource leaks in ProviderLoaderService (Elytron subsystem)
> -------------------------------------------------------------------------------------
>
>                 Key: ELY-841
>                 URL: https://issues.jboss.org/browse/ELY-841
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Josef Cacek
>            Assignee: Ilia Vassilev
>            Priority: Critical
>              Labels: static_analysis
>
> Coverity static-analysis scan found 2 resource leaks in {{ProviderLoaderService}} class.
> 1)
> https://scan7.coverity.com/reports.htm#v16159/p12663/fileInstanceId=6892104&defectInstanceId=1794528&mergedDefectId=1388484
> Following code is used in `load` method:
> {code:java}
> if (provider == null) {
>     provider = providerClazz.newInstance();
>     if (configurationStreamSupplier != null) {
>         try (InputStream is = configurationStreamSupplier.get()) {
>             provider.load(configurationStreamSupplier.get());
>         }
>     }
> }
> {code}
> The load method should use `is` instance instead of calling the supplier again.
> 2)
> https://scan7.coverity.com/reports.htm#v16159/p12663/fileInstanceId=6892104&defectInstanceId=1794527&mergedDefectId=1388483
> Following code is used in `toInputStream` method:
> {code:java}
> SecurityActions.doPrivileged((PrivilegedExceptionAction<InputStream>) () -> new FileInputStream(file) );
> return new FileInputStream(file);
> {code}
> There should be probably just:
> {code:java}
> return SecurityActions.doPrivileged((PrivilegedExceptionAction<InputStream>) () -> new FileInputStream(file) );
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list