fix programming mistakes detected by static analysis

2018-11-07 16:42:45 +01:00 · 2018-11-07 16:42:45 +01:00 · 8c77a633f5
commit 8c77a633f5
parent 7c77e0be6a
2 changed files with 204 additions and 1 deletions
--- a/elinks-0.12pre6-static-analysis.patch
+++ b/elinks-0.12pre6-static-analysis.patch
@ -0,0 +1,197 @@
 From 0bfe44b6e0041210859c91e1589d5dc45c3991de Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Tue, 6 Nov 2018 18:35:19 +0100
 Subject: [PATCH] elinks: fix programming mistakes detected by static analysis
 ---
 src/bfu/menu.c                |  1 +
 src/bfu/msgbox.c              |  1 +
 src/config/conf.c             |  5 ++++-
 src/dialogs/options.c         |  3 ++-
 src/intl/gettext/loadmsgcat.c | 14 ++++++++++++--
 src/protocol/ftp/ftp.c        |  8 +++++++-
 src/scripting/lua/core.c      |  8 ++++++--
 src/terminal/event.c          |  2 +-
 src/util/string.c             |  2 +-
 9 files changed, 35 insertions(+), 9 deletions(-)
 diff --git a/src/bfu/menu.c b/src/bfu/menu.c
 index 74b60d7..07285b7 100644
 --- a/src/bfu/menu.c
 +++ b/src/bfu/menu.c
@@ -125,6 +125,7 @@ do_menu_selected(struct terminal *term, struct menu_item *items,
 		refresh_hotkeys(term, menu);
 		add_window(term, menu_handler, menu);
 	} else {
 +		/* FIXME: This will cause BAD_FREE when called from do_setup_menu() */
 		free_menu_items(items);
 	}
 }
 diff --git a/src/bfu/msgbox.c b/src/bfu/msgbox.c
 index d7af62b..f272459 100644
 --- a/src/bfu/msgbox.c
 +++ b/src/bfu/msgbox.c
@@ -103,6 +103,7 @@ msg_text_do(unsigned char *format, va_list ap)
 	VA_COPY(ap2, ap);
 	infolen = vsnprintf(NULL, 0, format, ap2);
 +	va_end(ap2);
 	info = mem_alloc(infolen + 1);
 	if (!info) return NULL;
 diff --git a/src/config/conf.c b/src/config/conf.c
 index 12bba7c..e879ea5 100644
 --- a/src/config/conf.c
 +++ b/src/config/conf.c
@@ -702,7 +702,10 @@ read_config_file(unsigned char *name)
 	if (fd < 0) return NULL;
 	set_bin(fd);
 -	if (!init_string(&string)) return NULL;
 +	if (!init_string(&string)) {
 +		close(fd);
 +		return NULL;
 +	}
 	while ((r = safe_read(fd, cfg_buffer, FILE_BUF)) > 0) {
 		int i;
 diff --git a/src/dialogs/options.c b/src/dialogs/options.c
 index f40d07d..a3a0a8b 100644
 --- a/src/dialogs/options.c
 +++ b/src/dialogs/options.c
@@ -125,8 +125,9 @@ push_ok_button(struct dialog_data *dlg_data, struct widget_data *button)
 static widget_handler_status_T
 push_save_button(struct dialog_data *dlg_data, struct widget_data *button)
 {
 +	struct terminal *term = dlg_data->win->term;
 	push_ok_button(dlg_data, button);
 -	write_config(dlg_data->win->term);
 +	write_config(term);
 	return EVENT_PROCESSED;
 }
 diff --git a/src/intl/gettext/loadmsgcat.c b/src/intl/gettext/loadmsgcat.c
 index 0eac283..1be7b2b 100644
 --- a/src/intl/gettext/loadmsgcat.c
 +++ b/src/intl/gettext/loadmsgcat.c
@@ -312,8 +312,10 @@ source_success:
 		unsigned char *read_ptr;
 		data = (struct mo_file_header *) malloc(size);
 -		if (data == NULL)
 +		if (data == NULL) {
 +			close(fd);
 			return;
 +		}
 		to_read = size;
 		read_ptr = (unsigned char *) data;
@@ -321,6 +323,7 @@ source_success:
 			ssize_t nb = safe_read(fd, read_ptr, to_read);
 			if (nb <= 0) {
 +				free(data);
 				close(fd);
 				return;
 			}
@@ -345,8 +348,15 @@ source_success:
 	}
 	domain = (struct loaded_domain *) malloc(sizeof(struct loaded_domain));
 -	if (domain == NULL)
 +	if (domain == NULL) {
 +#ifdef LOADMSGCAT_USE_MMAP
 +		if (use_mmap)
 +			munmap((void *) data, size);
 +		else
 +#endif
 +			free(data);
 		return;
 +	}
 	domain_file->data = domain;
 	domain->data = (unsigned char *) data;
 diff --git a/src/protocol/ftp/ftp.c b/src/protocol/ftp/ftp.c
 index 10c9e28..fe3b7f0 100644
 --- a/src/protocol/ftp/ftp.c
 +++ b/src/protocol/ftp/ftp.c
@@ -926,11 +926,17 @@ ftp_data_connect(struct connection *conn, int pf, struct sockaddr_storage *sa,
 	}
 	fd = socket(pf, SOCK_STREAM, 0);
 -	if (fd < 0 || set_nonblocking_fd(fd) < 0) {
 +	if (fd < 0) {
 		abort_connection(conn, connection_state(S_FTP_ERROR));
 		return -1;
 	}
 +	if (set_nonblocking_fd(fd) < 0) {
 +		abort_connection(conn, connection_state(S_FTP_ERROR));
 +		close(fd);
 +		return -1;
 +	}
 +
 	set_ip_tos_throughput(fd);
 	conn->data_socket->fd = fd;
 diff --git a/src/scripting/lua/core.c b/src/scripting/lua/core.c
 index 1c4dbbc..f86bf0d 100644
 --- a/src/scripting/lua/core.c
 +++ b/src/scripting/lua/core.c
@@ -207,12 +207,16 @@ l_pipe_read(LS)
 		if (l > 0) {
 			unsigned char *news = mem_realloc(s, len + l);
 -			if (!news) goto lua_error;
 +			if (!news) {
 +				pclose(fp);
 +				goto lua_error;
 +			}
 			s = news;
 			memcpy(s + len, buf, l);
 			len += l;
 -		} else if (l < 0) {
 +		} else {
 +			pclose(fp);
 			goto lua_error;
 		}
 	}
 diff --git a/src/terminal/event.c b/src/terminal/event.c
 index 9ad90df..d0de6f0 100644
 --- a/src/terminal/event.c
 +++ b/src/terminal/event.c
@@ -251,13 +251,13 @@ handle_interlink_event(struct terminal *term, struct interlink_event *ilev)
 		/* Either the initialization of the first session failed or we
 		 * are doing a remote session so quit.*/
 		if (!decode_session_info(term, info)) {
 -			destroy_terminal(term);
 			/* Make sure the user is notified if the initialization
 			 * of the first session fails. */
 			if (program.terminate) {
 				usrerror(_("Failed to create session.", term));
 				program.retval = RET_FATAL;
 			}
 +			destroy_terminal(term);
 			return 0;
 		}
 diff --git a/src/util/string.c b/src/util/string.c
 index 604a00d..833fb9b 100644
 --- a/src/util/string.c
 +++ b/src/util/string.c
@@ -417,10 +417,10 @@ add_file_to_string(struct string *string, const unsigned char *filename)
 	string->length += fread(string->source + string->length, 1,
 	                        (size_t) filelen, file);
 	string->source[string->length] = 0;
 -	fclose(file);
 	if (string->length != newlength) goto err;
 +	fclose(file);
 	return string;
 err:
 -- 
 2.17.2
--- a/elinks.spec
+++ b/elinks.spec
@ -3,7 +3,7 @@
 Name:      elinks
 Summary:   A text-mode Web browser
 Version:   0.12
-Release:   0.58.%{prerel}%{?dist}
+Release:   0.59.%{prerel}%{?dist}
 License:   GPLv2
 URL:       http://elinks.or.cz
 Group:     Applications/Internet
@ -76,6 +76,9 @@ Patch18: elinks-0.12pre6-recent-gcc-versions.patch
 # drop disablement of TLS1.0 on second attempt to connect
 Patch19: elinks-0.12pre6-openssl11.patch
 # fix programming mistakes detected by static analysis
 Patch20: elinks-0.12pre6-static-analysis.patch
 %description
 Elinks is a text-based Web browser. Elinks does not display any images,
 but it does support frames, tables and most other HTML tags. Elinks'
@ -156,6 +159,9 @@ exit 0
 %{_mandir}/man5/*
 %changelog
 * Wed Nov 07 2018 Kamil Dudka <kdudka@redhat.com> - 0.12-0.59.pre6
 - fix programming mistakes detected by static analysis
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-0.58.pre6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild