False positive on EncoderParameter?

microsoft / infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.

MIT License

735 stars 29 forks source link

False positive on EncoderParameter? #217

Open kiwiant opened 1 year ago

kiwiant commented 1 year ago

InferSharp reports PULSE_RESOURCE_LEAK "Resource dynamically allocated by constructor System.Drawing.Imaging.EncoderParameter()" for the following code snippet. Dispose methods on both EncoderParameter and EncoderParameters appear to free the resources.

var encoderParameters = new EncoderParameters(1);
encoderParameters.Param[0] = new EncoderParameter(Encoder.Quality, quality);  //PULSE_RESOURCE_LEAK
return encoderParameters;

matjin commented 1 year ago

This is a false positive. It happens because Infer# probably doesn't have access to the implementation of EncoderParameters's get_Param() instance method -- the analysis isn't aware that the EncoderParameter object is still reachable from the encoderParameters object. This is an artifact of the not having access to the complete program space.