From 72a88bedfaf11eac0b4db088a6c366e3273480a3 Mon Sep 17 00:00:00 2001 From: Siteshwar Vashisht Date: Mon, 8 Oct 2018 15:23:15 +0200 Subject: [PATCH] Fix some issues identified by coverity Resolves: #1637018 --- bash-4.4-coverity.patch | 203 ++++++++++++++++++++++++++++++++++++++++ bash.spec | 8 +- 2 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 bash-4.4-coverity.patch diff --git a/bash-4.4-coverity.patch b/bash-4.4-coverity.patch new file mode 100644 index 0000000..c1fc747 --- /dev/null +++ b/bash-4.4-coverity.patch @@ -0,0 +1,203 @@ +diff --git a/builtins/fc.def b/builtins/fc.def +index fe16471..98c53db 100644 +--- a/builtins/fc.def ++++ b/builtins/fc.def +@@ -423,6 +423,7 @@ fc_builtin (list) + { + sh_wrerror (); + fclose (stream); ++ FREE (fn); + return (EXECUTION_FAILURE); + } + fclose (stream); +diff --git a/execute_cmd.c b/execute_cmd.c +index 63a332a..15b5e19 100644 +--- a/execute_cmd.c ++++ b/execute_cmd.c +@@ -2196,8 +2196,10 @@ coproc_setvars (cp) + if (v == 0) + { + v = find_variable_nameref_for_create (cp->c_name, 1); +- if (v == INVALID_NAMEREF_VALUE) +- return; ++ if (v == INVALID_NAMEREF_VALUE) { ++ free (namevar); ++ return; ++ } + if (v && nameref_p (v)) + { + free (cp->c_name); +@@ -2210,6 +2212,7 @@ coproc_setvars (cp) + { + if (readonly_p (v)) + err_readonly (cp->c_name); ++ free (namevar); + return; + } + if (v == 0) +@@ -5528,7 +5531,6 @@ shell_execve (command, args, env) + char *interp; + int ilen; + +- close (fd); + interp = getinterp (sample, sample_len, (int *)NULL); + ilen = strlen (interp); + errno = i; +diff --git a/expr.c b/expr.c +index 172964a..5dc57c0 100644 +--- a/expr.c ++++ b/expr.c +@@ -207,7 +207,8 @@ static intmax_t exp5 __P((void)); + static intmax_t exp4 __P((void)); + static intmax_t expshift __P((void)); + static intmax_t exp3 __P((void)); +-static intmax_t exp2 __P((void)); ++/* Avoid name clash with standard exp2 */ ++static intmax_t bash_exp2 __P((void)); + static intmax_t exppower __P((void)); + static intmax_t exp1 __P((void)); + static intmax_t exp0 __P((void)); +@@ -809,14 +810,14 @@ exp3 () + { + register intmax_t val1, val2; + +- val1 = exp2 (); ++ val1 = bash_exp2 (); + + while ((curtok == PLUS) || (curtok == MINUS)) + { + int op = curtok; + + readtok (); +- val2 = exp2 (); ++ val2 = bash_exp2 (); + + if (op == PLUS) + val1 += val2; +@@ -828,7 +829,7 @@ exp3 () + } + + static intmax_t +-exp2 () ++bash_exp2 () + { + register intmax_t val1, val2; + #if defined (HAVE_IMAXDIV) +diff --git a/lib/glob/glob.c b/lib/glob/glob.c +index 7f6eafe..c018e29 100644 +--- a/lib/glob/glob.c ++++ b/lib/glob/glob.c +@@ -576,7 +576,7 @@ glob_vector (pat, dir, flags) + register char *nextname, *npat, *subdir; + unsigned int count; + int lose, skip, ndirs, isdir, sdlen, add_current, patlen; +- register char **name_vector; ++ register char **name_vector = NULL; + register unsigned int i; + int mflags; /* Flags passed to strmatch (). */ + int pflags; /* flags passed to sh_makepath () */ +@@ -894,7 +894,7 @@ glob_vector (pat, dir, flags) + } + + /* Don't call QUIT; here; let higher layers deal with it. */ +- ++ FREE (name_vector); + return ((char **)NULL); + } + +diff --git a/lib/sh/pathcanon.c b/lib/sh/pathcanon.c +index f19bd55..2a565d6 100644 +--- a/lib/sh/pathcanon.c ++++ b/lib/sh/pathcanon.c +@@ -227,7 +227,7 @@ sh_canonpath (path, flags) + if (result[2] == '\0') /* short-circuit for bare `//' */ + result[1] = '\0'; + else +- strcpy (result, result + 1); ++ memmove(result, result + 1, strlen(result + 1) + 1); + } + + return (result); +diff --git a/lib/sh/pathphys.c b/lib/sh/pathphys.c +index 26016b7..b64c4cd 100644 +--- a/lib/sh/pathphys.c ++++ b/lib/sh/pathphys.c +@@ -245,7 +245,7 @@ error: + if (result[2] == '\0') /* short-circuit for bare `//' */ + result[1] = '\0'; + else +- strcpy (result, result + 1); ++ memmove(result, result + 1, strlen(result + 1) + 1); + } + + return (result); +diff --git a/shell.c b/shell.c +index b43de50..4aae182 100644 +--- a/shell.c ++++ b/shell.c +@@ -1948,8 +1948,10 @@ show_shell_usage (fp, extra) + fputs (_("\t-ilrsD or -c command or -O shopt_option\t\t(invocation only)\n"), fp); + + for (i = 0, set_opts = 0; shell_builtins[i].name; i++) +- if (STREQ (shell_builtins[i].name, "set")) ++ if (STREQ (shell_builtins[i].name, "set")) { + set_opts = savestring (shell_builtins[i].short_doc); ++ break; ++ } + if (set_opts) + { + s = strchr (set_opts, '['); +diff --git a/subst.c b/subst.c +index 5f3e41e..7574617 100644 +--- a/subst.c ++++ b/subst.c +@@ -5182,8 +5182,11 @@ parameter_list_transform (xc, itype, quoted) + list = list_rest_of_args (); + if (list == 0) + return ((char *)NULL); +- if (xc == 'A') +- return (pos_params_assignment (list, itype, quoted)); ++ if (xc == 'A') { ++ ret = pos_params_assignment (list, itype, quoted); ++ dispose_words (list); ++ return (ret); ++ } + ret = list_transform (xc, (SHELL_VAR *)0, list, itype, quoted); + dispose_words (list); + return (ret); +@@ -6813,6 +6816,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, pflags, qdollaratp, hasdolla + { + report_error (_("%s: invalid indirect expansion"), name); + free (vname); ++ free (t1); + dispose_word (w); + return &expand_wdesc_error; + } +@@ -6820,6 +6824,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, pflags, qdollaratp, hasdolla + { + report_error (_("%s: invalid variable name"), vname); + free (vname); ++ free (t1); + dispose_word (w); + return &expand_wdesc_error; + } +diff --git a/support/man2html.c b/support/man2html.c +index 6ba5061..1d9e376 100644 +--- a/support/man2html.c ++++ b/support/man2html.c +@@ -522,6 +522,7 @@ read_man_page(char *filename) + man_buf[buf_size] = '\n'; + man_buf[buf_size + 1] = man_buf[buf_size + 2] = '\0'; + } else { ++ free (man_buf); + man_buf = NULL; + } + fclose(man_stream); +@@ -2562,7 +2563,6 @@ scan_request(char *c) + h = name; + if (stat(h, &stbuf) != -1) + l = stbuf.st_size; +- buf = stralloc(l + 4); + #if NOCGI + if (!out_length) { + char *t, *s; diff --git a/bash.spec b/bash.spec index 7d4974b..c5d226d 100644 --- a/bash.spec +++ b/bash.spec @@ -7,7 +7,7 @@ Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv3+ Url: https://www.gnu.org/software/bash Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz @@ -93,6 +93,9 @@ Patch130: bash-4.5-test-modification-time.patch # This should be dropped while rebasing to bash-4.5 Patch131: bash-4.4-case-in-command-subst.patch +# 1637018 +Patch132: bash-4.4-coverity.patch + BuildRequires: gcc BuildRequires: texinfo bison BuildRequires: ncurses-devel @@ -317,6 +320,9 @@ end %{_libdir}/pkgconfig/%{name}.pc %changelog +* Mon Oct 08 2018 Siteshwar Vashisht - 4.4.23-5 +- Fix some issues identified by coverity + * Mon Sep 10 2018 Siteshwar Vashisht - 4.4.23-4 - Set custom PATH in non-login shells Resolves: #1615131