#208 Possible leaks in autogen 5.18.16

[Tomáš Korbař]

Hi,
I'm maintainer of xterm in Fedora and RHEL. From time to time we scan packages with static analysis tool which shows us some possible issues in code. The following problem are those where i am not sure whether the tool is right or not and i would like to consult them with you. Could you please tell me your opinion on these resource leaks? Let me know whether i can help in any way.
Thanks for any response.

Error: RESOURCE_LEAK (CWE-772):
autogen-5.18.16/agen5/expOutput.c:244: alloc_fn: Storage is returned from allocation function "ao_malloc".
autogen-5.18.16/agen5/expOutput.c:244: var_assign: Assigning: "pz" = storage returned from "ao_malloc((size_t)sz + 1UL)".
autogen-5.18.16/agen5/expOutput.c:245: noescape: Resource "pz" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
autogen-5.18.16/agen5/expOutput.c:249: noescape: Assuming resource "pz" is not freed or pointed-to as ellipsis argument to "snv_fprintf".
autogen-5.18.16/agen5/expOutput.c:252: noescape: Resource "pz" is not freed or pointed-to in "strcmp".
autogen-5.18.16/agen5/expOutput.c:269: leaked_storage: Variable "pz" going out of scope leaks the storage it points to.
267| }
268|
269|-> return SCM_UNDEFINED;
270| }
271|

Error: RESOURCE_LEAK (CWE-772):
autogen-5.18.16/autoopts/load.c:210: alloc_fn: Storage is returned from allocation function "option_pathfind".
autogen-5.18.16/autoopts/load.c:210: var_assign: Assigning: "path" = storage returned from "option_pathfind(getenv("PATH"), (char )prg_path, "rx")".
autogen-5.18.16/autoopts/load.c:216: noescape: Resource "path" is not freed or pointed-to in "strrchr".
autogen-5.18.16/autoopts/load.c:223: leaked_storage: Variable "path" going out of scope leaks the storage it points to.
221| /
222| if (pz == NULL)
223|-> return false;
224|
225| fname += skip;

Error: RESOURCE_LEAK (CWE-772):
autogen-5.18.16/autoopts/load.c:210: alloc_fn: Storage is returned from allocation function "option_pathfind".
autogen-5.18.16/autoopts/load.c:210: var_assign: Assigning: "path" = storage returned from "option_pathfind(getenv("PATH"), (char )prg_path, "rx")".
autogen-5.18.16/autoopts/load.c:216: identity_transfer: Passing "path" as argument 1 to function "strrchr", which returns an offset off that argument.
autogen-5.18.16/autoopts/load.c:216: noescape: Resource "path" is not freed or pointed-to in "strrchr".
autogen-5.18.16/autoopts/load.c:216: var_assign: Assigning: "pz" = storage returned from "strrchr(path, 47)".
autogen-5.18.16/autoopts/load.c:234: leaked_storage: Variable "pz" going out of scope leaks the storage it points to.
autogen-5.18.16/autoopts/load.c:234: leaked_storage: Variable "path" going out of scope leaks the storage it points to.
232| /
233| if (dir_len + fname_len > (unsigned)b_sz)
234|-> return false;
235|
236| memcpy(buf, path, dir_len);

Error: RESOURCE_LEAK (CWE-772):
autogen-5.18.16/columns/columns.c:132: alloc_arg: "pad_indentation" allocates memory that is stored into "pzFirstPfx".
autogen-5.18.16/columns/columns.c:151: noescape: Resource "pzFirstPfx" is not freed or pointed-to in "snprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
autogen-5.18.16/columns/columns.c:152: overwrite_var: Overwriting "pzFirstPfx" in "pzFirstPfx = res" leaks the storage that "pzFirstPfx" points to.
150| res = malloc_or_die(len);
151| snprintf(res, len, pfx_buf, pzFirstPfx);
152|-> pzFirstPfx = res;
153|
154| if (firstSize > indentSize) {