rpms/ding-libs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: rhbz#1938708 - review of important potential issues detected by static analyzers in ding-libs-0.6.1-47.el9

Browse Source
This commit is contained in:
Alexey Tikhonov 2021-08-10 14:32:16 +02:00
parent ca01f05d4d
commit 37a9f0f6a1
4 changed files with 133 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
0004-INI-fix-check-for-error-code.patch Normal file
View File

@ -0,0 +1,40 @@
From ec6817736968fb4683b9df0bd932c1a86dec0ba8 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 4 Aug 2021 19:22:19 +0200
Subject: [PATCH 4/6] INI: fix check for error code
In case of fail `asprintf()` returns -1, not 1.
Fixes following covscan issues:
```
Error: RESOURCE_LEAK (CWE-772): [#def1]
ding-libs-0.6.1/ini/ini_configmod.c:869: alloc_arg: "asprintf" allocates memory that is stored into "strval". [Note: The source code implementation of the function has been overridden by a builtin model.]
ding-libs-0.6.1/ini/ini_configmod.c:873: leaked_storage: Variable "strval" going out of scope leaks the storage it points to.
# 871| TRACE_ERROR_NUMBER("Asprintf failed.", ret);
# 872| /* The main reason is propbaly memory allocation */
# 873|-> return ENOMEM;
# 874| }
# 875|
```
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
---
ini/ini_configmod.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ini/ini_configmod.c b/ini/ini_configmod.c
index da4175c..88a7133 100644
--- a/ini/ini_configmod.c
+++ b/ini/ini_configmod.c
@@ -867,7 +867,7 @@ int ini_config_add_double_value(struct ini_cfgobj *ini_config,
TRACE_FLOW_ENTRY();
ret = asprintf(&strval, "%f", value);
- if (ret == 1) {
+ if (ret == -1) {
TRACE_ERROR_NUMBER("Asprintf failed.", ret);
/* The main reason is propbaly memory allocation */
return ENOMEM;
--
2.26.3

58
0005-PATH_UTILS-suppress-false-positive-warnings.patch Normal file
View File

@ -0,0 +1,58 @@
From 82ee1cff9d7401f4381cfa574f8b102625b06a31 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Thu, 5 Aug 2021 18:02:57 +0200
Subject: [PATCH 5/6] PATH_UTILS: suppress false positive warnings
Warnings are false positives: every such `strncpy` is followed
by an explicit check that result is NULL-terminated.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
---
path_utils/path_utils.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/path_utils/path_utils.c b/path_utils/path_utils.c
index 61605ab..5203cc9 100644
--- a/path_utils/path_utils.c
+++ b/path_utils/path_utils.c
@@ -116,6 +116,7 @@ int get_basename(char *base_name, size_t base_name_size, const char *path)
if (!path) return EINVAL;
if (!base_name || base_name_size < 1) return ENOBUFS;
+ /* coverity[buffer_size_warning : SUPPRESS] */ /* false positive warning */
strncpy(tmp_path, path, sizeof(tmp_path));
if (tmp_path[sizeof(tmp_path)-1] != '\0') return ENOBUFS;
strncpy(base_name, basename(tmp_path), base_name_size);
@@ -137,6 +138,7 @@ int get_dirname(char *dir_path, size_t dir_path_size, const char *path)
if (!path) return EINVAL;
if (!dir_path || dir_path_size < 1) return ENOBUFS;
+ /* coverity[buffer_size_warning : SUPPRESS] */ /* false positive warning */
strncpy(tmp_path, path, sizeof(tmp_path));
if (tmp_path[sizeof(tmp_path)-1] != '\0') return ENOBUFS;
strncpy(dir_path, dirname(tmp_path), dir_path_size);
@@ -161,11 +163,13 @@ int get_directory_and_base_name(char *dir_path, size_t dir_path_size,
if (!dir_path || dir_path_size < 1) return ENOBUFS;
if (!base_name || base_name_size < 1) return ENOBUFS;
+ /* coverity[buffer_size_warning : SUPPRESS] */ /* false positive warning */
strncpy(tmp_path, path, sizeof(tmp_path));
if (tmp_path[sizeof(tmp_path)-1] != '\0') return ENOBUFS;
strncpy(base_name, basename(tmp_path), base_name_size);
if (base_name[base_name_size-1] != '\0') return ENOBUFS;
+ /* coverity[buffer_size_warning : SUPPRESS] */ /* false positive warning */
strncpy(tmp_path, path, sizeof(tmp_path));
if (tmp_path[sizeof(tmp_path)-1] != '\0') return ENOBUFS;
strncpy(dir_path, dirname(tmp_path), dir_path_size);
@@ -528,6 +532,7 @@ int find_existing_directory_ancestor(char *ancestor, size_t ancestor_size, const
if (!ancestor || ancestor_size < 1) return ENOBUFS;
*ancestor = 0;
+ /* coverity[buffer_size_warning : SUPPRESS] */ /* false positive warning */
strncpy(dir_path, path, sizeof(dir_path));
if (dir_path[sizeof(dir_path)-1] != '\0') return ENOBUFS;
--
2.26.3

28
0006-INI-suppress-false-positive-coverity-warning.patch Normal file
View File

@ -0,0 +1,28 @@
From 584dc25f2c31f4d8e5cf7154e0362e4d2504779c Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Thu, 5 Aug 2021 18:48:23 +0200
Subject: [PATCH 6/6] INI: suppress false positive coverity warning
`get_str_cfg_array()` returns `char **array` that is composed of pointers
to slices of `copy` so `copy` can't be freed here.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
---
ini/ini_get_array.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ini/ini_get_array.c b/ini/ini_get_array.c
index 30ed423..95d0b05 100644
--- a/ini/ini_get_array.c
+++ b/ini/ini_get_array.c
@@ -164,6 +164,7 @@ static char **get_str_cfg_array(struct collection_item *item,
/* If count is 0 the copy needs to be freed */
if (count == 0) free(copy);
TRACE_FLOW_STRING("get_str_cfg_array", "Exit");
+ /* coverity[leaked_storage : SUPPRESS] */ /* false positive warning */
return array;
}
--
2.26.3

8
ding-libs.spec
View File

@ -1,6 +1,6 @@
Name: ding-libs Name: ding-libs
Version: 0.6.1 Version: 0.6.1
Release: 50%{?dist} Release: 51%{?dist}
Summary: "Ding is not GLib" assorted utility libraries Summary: "Ding is not GLib" assorted utility libraries
License: LGPLv3+ License: LGPLv3+
URL: https://pagure.io/SSSD/ding-libs URL: https://pagure.io/SSSD/ding-libs
@ -21,6 +21,9 @@ Patch0: INI-Silence-ini_augment-match-failures.patch
Patch1: INI-Remove-definiton-of-TRACE_LEVEL.patch Patch1: INI-Remove-definiton-of-TRACE_LEVEL.patch
Patch2: INI-Fix-detection-of-error-messages.patch Patch2: INI-Fix-detection-of-error-messages.patch
Patch3: TEST-validators_ut_check-Fix-fail-with-new-glibc.patch Patch3: TEST-validators_ut_check-Fix-fail-with-new-glibc.patch
Patch4: 0004-INI-fix-check-for-error-code.patch
Patch5: 0005-PATH_UTILS-suppress-false-positive-warnings.patch
Patch6: 0006-INI-suppress-false-positive-coverity-warning.patch
### Dependencies ### ### Dependencies ###
# ding-libs is a meta-package that will pull in all of its own # ding-libs is a meta-package that will pull in all of its own
@ -330,6 +333,9 @@ rm -f \
rm -f */doc/html/installdox rm -f */doc/html/installdox
%changelog %changelog
* Tue Aug 10 2021 Alexey Tikhonov <atikhono@redhat.com> - 0.6.1-51
- Resolves: rhbz#1938708 - review of important potential issues detected by static analyzers in ding-libs-0.6.1-47.el9
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-50 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-50
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688