Skip to content

Fix resource leaks: file descriptors and pipes not closed on error paths #9535

New issue
New issue
Closed
Bug
#9536
Closed
Fix resource leaks: file descriptors and pipes not closed on error paths#9535
Bug
#9536
Assignees
knqyf263
Labels
kind/bugCategorizes issue or PR as related to a bug.
Milestone
v0.67.0
@knqyf263

Description

@knqyf263
knqyf263
opened on Sep 26, 2025

Problem

1. File descriptor leak in pkg/fanal/artifact/vm/file.go

In the newFile() function (line 39), a file is opened:

f, err := os.Open(filePath)

When errors occur on lines 46, 52, or 60, the function returns without closing the file descriptor, causing a resource leak.

2. Pipe resource leak in pkg/flag/options.go

In the outputPluginWriter() function (line 585), pipes are created:

pr, pw := io.Pipe()

When an error occurs on line 591, the function returns without closing these pipe resources.

Impact

Resources are not properly closed on error paths, leading to potential resource leaks.

Solution

Implement proper cleanup using defer statements with named error returns to ensure resources are closed on all error paths.

References

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.

Type

Bug

Projects

Trivy Roadmap

Status

No status

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions