Pclose double freed not been catched

deron.chen · July 22, 2021, 3:20am

SonarQube Version 8.9

Hi all,
I compiled an image with ASAN(AddressSanitizer) for our arm machine, the source code with structure showed below passed compiling and has no error in SonarQube analysis.
But, in fact, the code caused issues when executing on the arm machine,
pclose will not set a FILE pointer to null, thus this code pclose a FILE pointer twice and caused a double freed issues on the machine, and caught by ASAN.
Shouldn’t this kind of error be caught by SonarQube?

void function()
{
    FILE *fd;
    fd = popen(MY_PATH, "r");
    if (fgets(SOME_CHAR_ARRAY, 256, fd) == NULL)
        goto end;
    pclose(fd);
end:
    if (fd) pclose(fd);
    return;

Wonder if I misunderstand the issue or it’s a bug in SonarQube.

Amelie · July 22, 2021, 2:55pm

Hello @deron.chen ,

We do not raise any issue in your case because we do not support the POSIX function pclose. The rule you’re mentioning (RSPEC-3588) only supports fclose.
I created this ticket to handle that.

Thank you

deron.chen · July 23, 2021, 7:58am

Hi Amelie,

Thanks for replying and help, appreciate that.

Best Regards,
Deron.Chen

system · July 30, 2021, 7:59am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
False Positive on sonar qube with C language SonarQube Server / Community Build sonarqube , scanner , cfamily , sonarqube-ide	8	89	January 20, 2025
Sonar missed catching null pointer accesses Report False-positive / False-negative... sonarqube , cfamily	3	352	February 29, 2024
FP in SonarQube Server but not SonarQube for IDE? Report False-positive / False-negative...	2	11	February 13, 2025
Need help following rule logic with secondary locations SonarQube Server / Community Build cfamily	1	756	July 30, 2020
Possible false positive (cpp:S4962) Report False-positive / False-negative... sonarqube , cfamily , sonarqube-ide	3	306	October 26, 2022

Pclose double freed not been catched

Related topics