Fix some issues identified by coverity

Resolves: #1637018
2018-10-08 15:23:15 +02:00 · 2018-10-08 15:23:15 +02:00 · 72a88bedfa
commit 72a88bedfa
parent 21427f3e40
2 changed files with 210 additions and 1 deletions
--- a/bash-4.4-coverity.patch
+++ b/bash-4.4-coverity.patch
@ -0,0 +1,203 @@
+diff --git a/builtins/fc.def b/builtins/fc.def
+index fe16471..98c53db 100644
+--- a/builtins/fc.def
+++ b/builtins/fc.def
+@@ -423,6 +423,7 @@ fc_builtin (list)
+     {
+       sh_wrerror ();
+       fclose (stream);
+      FREE (fn);
+       return (EXECUTION_FAILURE);
+     }
+   fclose (stream);
+diff --git a/execute_cmd.c b/execute_cmd.c
+index 63a332a..15b5e19 100644
+--- a/execute_cmd.c
+++ b/execute_cmd.c
+@@ -2196,8 +2196,10 @@ coproc_setvars (cp)
+   if (v == 0)
+     {
+       v = find_variable_nameref_for_create (cp->c_name, 1);
+-      if (v == INVALID_NAMEREF_VALUE)
+-	return;
+      if (v == INVALID_NAMEREF_VALUE) {
+        free (namevar);
+        return;
+      }
+       if (v && nameref_p (v))
+ 	{
+ 	  free (cp->c_name);
+@@ -2210,6 +2212,7 @@ coproc_setvars (cp)
+     {
+       if (readonly_p (v))
+ 	err_readonly (cp->c_name);
+      free (namevar);
+       return;
+     }
+   if (v == 0)
+@@ -5528,7 +5531,6 @@ shell_execve (command, args, env)
+ 	      char *interp;
+ 	      int ilen;
+ 
+-              close (fd);
+ 	      interp = getinterp (sample, sample_len, (int *)NULL);
+ 	      ilen = strlen (interp);
+ 	      errno = i;
+diff --git a/expr.c b/expr.c
+index 172964a..5dc57c0 100644
+--- a/expr.c
+++ b/expr.c
+@@ -207,7 +207,8 @@ static intmax_t exp5 __P((void));
+ static intmax_t exp4 __P((void));
+ static intmax_t expshift __P((void));
+ static intmax_t exp3 __P((void));
+-static intmax_t exp2 __P((void));
+/* Avoid name clash with standard exp2 */
+static intmax_t bash_exp2 __P((void));
+ static intmax_t	exppower __P((void));
+ static intmax_t exp1 __P((void));
+ static intmax_t exp0 __P((void));
+@@ -809,14 +810,14 @@ exp3 ()
+ {
+   register intmax_t val1, val2;
+ 
+-  val1 = exp2 ();
+  val1 = bash_exp2 ();
+ 
+   while ((curtok == PLUS) || (curtok == MINUS))
+     {
+       int op = curtok;
+ 
+       readtok ();
+-      val2 = exp2 ();
+      val2 = bash_exp2 ();
+ 
+       if (op == PLUS)
+ 	val1 += val2;
+@@ -828,7 +829,7 @@ exp3 ()
+ }
+ 
+ static intmax_t
+-exp2 ()
+bash_exp2 ()
+ {
+   register intmax_t val1, val2;
+ #if defined (HAVE_IMAXDIV)
+diff --git a/lib/glob/glob.c b/lib/glob/glob.c
+index 7f6eafe..c018e29 100644
+--- a/lib/glob/glob.c
+++ b/lib/glob/glob.c
+@@ -576,7 +576,7 @@ glob_vector (pat, dir, flags)
+   register char *nextname, *npat, *subdir;
+   unsigned int count;
+   int lose, skip, ndirs, isdir, sdlen, add_current, patlen;
+-  register char **name_vector;
+  register char **name_vector = NULL;
+   register unsigned int i;
+   int mflags;		/* Flags passed to strmatch (). */
+   int pflags;		/* flags passed to sh_makepath () */
+@@ -894,7 +894,7 @@ glob_vector (pat, dir, flags)
+ 	}
+ 
+       /* Don't call QUIT; here; let higher layers deal with it. */
+-
+      FREE (name_vector);
+       return ((char **)NULL);
+     }
+ 
+diff --git a/lib/sh/pathcanon.c b/lib/sh/pathcanon.c
+index f19bd55..2a565d6 100644
+--- a/lib/sh/pathcanon.c
+++ b/lib/sh/pathcanon.c
+@@ -227,7 +227,7 @@ sh_canonpath (path, flags)
+       if (result[2] == '\0')	/* short-circuit for bare `//' */
+ 	result[1] = '\0';
+       else
+-	strcpy (result, result + 1);
+	memmove(result, result + 1, strlen(result + 1) + 1);
+     }
+ 
+   return (result);
+diff --git a/lib/sh/pathphys.c b/lib/sh/pathphys.c
+index 26016b7..b64c4cd 100644
+--- a/lib/sh/pathphys.c
+++ b/lib/sh/pathphys.c
+@@ -245,7 +245,7 @@ error:
+       if (result[2] == '\0')	/* short-circuit for bare `//' */
+ 	result[1] = '\0';
+       else
+-	strcpy (result, result + 1);
+	memmove(result, result + 1, strlen(result + 1) + 1);
+     }
+ 
+   return (result);
+diff --git a/shell.c b/shell.c
+index b43de50..4aae182 100644
+--- a/shell.c
+++ b/shell.c
+@@ -1948,8 +1948,10 @@ show_shell_usage (fp, extra)
+   fputs (_("\t-ilrsD or -c command or -O shopt_option\t\t(invocation only)\n"), fp);
+ 
+   for (i = 0, set_opts = 0; shell_builtins[i].name; i++)
+-    if (STREQ (shell_builtins[i].name, "set"))
+    if (STREQ (shell_builtins[i].name, "set")) {
+       set_opts = savestring (shell_builtins[i].short_doc);
+      break;
+    }
+   if (set_opts)
+     {
+       s = strchr (set_opts, '[');
+diff --git a/subst.c b/subst.c
+index 5f3e41e..7574617 100644
+--- a/subst.c
+++ b/subst.c
+@@ -5182,8 +5182,11 @@ parameter_list_transform (xc, itype, quoted)
+   list = list_rest_of_args ();
+   if (list == 0)
+     return ((char *)NULL);
+-  if (xc == 'A')
+-    return (pos_params_assignment (list, itype, quoted));
+  if (xc == 'A') {
+      ret = pos_params_assignment (list, itype, quoted);
+      dispose_words (list);
+      return (ret);
+  }
+   ret = list_transform (xc, (SHELL_VAR *)0, list, itype, quoted);
+   dispose_words (list);
+   return (ret);
+@@ -6813,6 +6816,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, pflags, qdollaratp, hasdolla
+ 	{
+ 	  report_error (_("%s: invalid indirect expansion"), name);
+ 	  free (vname);
+      free (t1);
+ 	  dispose_word (w);
+ 	  return &expand_wdesc_error;
+ 	}
+@@ -6820,6 +6824,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, pflags, qdollaratp, hasdolla
+ 	{
+ 	  report_error (_("%s: invalid variable name"), vname);
+ 	  free (vname);
+      free (t1);
+ 	  dispose_word (w);
+ 	  return &expand_wdesc_error;
+ 	}
+diff --git a/support/man2html.c b/support/man2html.c
+index 6ba5061..1d9e376 100644
+--- a/support/man2html.c
+++ b/support/man2html.c
+@@ -522,6 +522,7 @@ read_man_page(char *filename)
+ 			man_buf[buf_size] = '\n';
+ 			man_buf[buf_size + 1] = man_buf[buf_size + 2] = '\0';
+ 		} else {
+            free (man_buf);
+ 			man_buf = NULL;
+ 		}
+ 		fclose(man_stream);
+@@ -2562,7 +2563,6 @@ scan_request(char *c)
+ 					h = name;
+ 				if (stat(h, &stbuf) != -1)
+ 					l = stbuf.st_size;
+-				buf = stralloc(l + 4);
+ #if NOCGI
+ 				if (!out_length) {
+ 					char   *t, *s;
--- a/bash.spec
+++ b/bash.spec
@ -7,7 +7,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@ -93,6 +93,9 @@ Patch130: bash-4.5-test-modification-time.patch
 # This should be dropped while rebasing to bash-4.5
 Patch131: bash-4.4-case-in-command-subst.patch

+# 1637018
+Patch132: bash-4.4-coverity.patch
+
 BuildRequires:  gcc
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
@ -317,6 +320,9 @@ end
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Mon Oct 08 2018 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.23-5
+- Fix some issues identified by coverity
+
 * Mon Sep 10 2018 Siteshwar Vashisht <svashisht@redhat.com> - 4.4.23-4
 - Set custom PATH in non-login shells
  Resolves: #1615131