diff --git a/fstrm-0.6.1-Fix-CLANG_WARNING.patch b/fstrm-0.6.1-Fix-CLANG_WARNING.patch new file mode 100644 index 0000000..d85cef9 --- /dev/null +++ b/fstrm-0.6.1-Fix-CLANG_WARNING.patch @@ -0,0 +1,90 @@ +From abefc739f769a8c9bd89db78b9a3e9dd9e366064 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Mon, 11 Jan 2021 12:25:27 +0100 +Subject: [PATCH] Fix CLANG_WARNING + +libmy/argv.c:1352:7: warning[core.uninitialized.Assign]: The expression is an uninitialized value. The computed value will also be garbage + (*(int *)var)++; + ^~~~~~~~~~~~~ +libmy/argv.c:1207:29: note: Assuming field 'at_value' is not equal to 0 + for (type_p = argv_types; type_p->at_value != 0; type_p++) { + ^~~~~~~~~~~~~~~~~~~~~ +libmy/argv.c:1207:3: note: Loop condition is true. Entering loop body + for (type_p = argv_types; type_p->at_value != 0; type_p++) { + ^ +libmy/argv.c:1208:9: note: Assuming 'val_type' is equal to field 'at_value' + if (type_p->at_value == val_type) { + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ +libmy/argv.c:1208:5: note: Taking true branch + if (type_p->at_value == val_type) { + ^ +libmy/argv.c:1210:7: note: Execution continues on line 1214 + break; + ^ +libmy/argv.c:1214:15: note: Field 'at_value' is not equal to 0 + if (type_p->at_value == 0) { + ^ +libmy/argv.c:1214:3: note: Taking false branch + if (type_p->at_value == 0) { + ^ +libmy/argv.c:1222:7: note: Assuming the condition is true + if (type & ARGV_FLAG_ARRAY) { + ^~~~~~~~~~~~~~~~~~~~~~ +libmy/argv.c:1222:3: note: Taking true branch + if (type & ARGV_FLAG_ARRAY) { + ^ +libmy/argv.c:1225:9: note: Assuming field 'aa_entry_n' is equal to 0 + if (arr_p->aa_entry_n == 0) { + ^~~~~~~~~~~~~~~~~~~~~~ +libmy/argv.c:1225:5: note: Taking true branch + if (arr_p->aa_entry_n == 0) { + ^ +libmy/argv.c:1226:35: note: Storing uninitialized value + arr_p->aa_entries = (char *)malloc(ARRAY_INCR *size); + ^~~~~~~~~~~~~~~~~~~~~~~~ +libmy/argv.c:1234:9: note: Assuming field 'aa_entries' is not equal to NULL + if (arr_p->aa_entries == NULL) { + ^~~~~~~~~~~~~~~~~~~~~~~~~ +libmy/argv.c:1234:5: note: Taking false branch + if (arr_p->aa_entries == NULL) { + ^ +libmy/argv.c:1251:3: note: Control jumps to 'case 17:' at line 1349 + switch (val_type) { + ^ +libmy/argv.c:1351:9: note: Assuming 'arg' is equal to NULL + if (arg == NULL) { + ^~~~~~~~~~~ +libmy/argv.c:1351:5: note: Taking true branch + if (arg == NULL) { + ^ +libmy/argv.c:1352:7: note: The expression is an uninitialized value. The computed value will also be garbage + (*(int *)var)++; + ^~~~~~~~~~~~~ +--- + libmy/argv.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libmy/argv.c b/libmy/argv.c +index 0b28026..547065c 100644 +--- a/libmy/argv.c ++++ b/libmy/argv.c +@@ -1223,12 +1223,15 @@ static int string_to_value(const char *arg, ARGV_PNT var, + arr_p = (argv_array_t *)var; + + if (arr_p->aa_entry_n == 0) { +- arr_p->aa_entries = (char *)malloc(ARRAY_INCR *size); ++ arr_p->aa_entries = (char *)calloc(ARRAY_INCR, size); + } + else if (arr_p->aa_entry_n % ARRAY_INCR == 0) { + arr_p->aa_entries = + (char *)realloc(arr_p->aa_entries, (arr_p->aa_entry_n + ARRAY_INCR) * + size); ++ if (arr_p->aa_entries != NULL) ++ memset((char *)(arr_p->aa_entries) + arr_p->aa_entry_n * size, 0, ++ ARRAY_INCR*size); + } + + if (arr_p->aa_entries == NULL) { +-- +2.26.3 + diff --git a/fstrm-0.6.1-Fix-deadcode-and-check-return-code.patch b/fstrm-0.6.1-Fix-deadcode-and-check-return-code.patch new file mode 100644 index 0000000..f6e0634 --- /dev/null +++ b/fstrm-0.6.1-Fix-deadcode-and-check-return-code.patch @@ -0,0 +1,43 @@ +From 600db5413294701bdfda8ce19fa804bcbc866d2e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 8 Jan 2021 13:23:17 +0100 +Subject: [PATCH 2/3] Fix deadcode and check return code + +1. fstrm-0.6.0/libmy/argv.c:1782: addr_non_null: The address of an object "argv_types" is never null. +2. fstrm-0.6.0/libmy/argv.c:1782: assignment: Assigning: "type_p" = "argv_types". +3. fstrm-0.6.0/libmy/argv.c:1809: notnull: At condition "type_p == NULL", the value of "type_p" cannot be "NULL". +4. fstrm-0.6.0/libmy/argv.c:1809: dead_error_condition: The condition "type_p == NULL" cannot be true. +5. fstrm-0.6.0/libmy/argv.c:1810: dead_error_begin: Execution cannot reach this statement: "(void)fprintf(argv_error_st...". + +40. fstrm-0.6.0/libmy/argv.c:2724: check_return: Calling "string_to_value" without checking return value (as is done elsewhere 6 out of 7 times). +--- + libmy/argv.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libmy/argv.c b/libmy/argv.c +index c3aadfe..16dca73 100644 +--- a/libmy/argv.c ++++ b/libmy/argv.c +@@ -1806,7 +1806,7 @@ static void display_variables(const argv_t *args) + int entry_c, size = 0; + + /* find the type and the size for array */ +- if (type_p == NULL) { ++ if (type_p->at_value == 0) { + (void)fprintf(argv_error_stream, "%s: illegal variable type %d\n", + __FILE__, val_type); + continue; +@@ -2721,7 +2721,9 @@ static void do_list(argv_t *grid, const int arg_c, char **argv, + case ARGV_LONG: + case ARGV_FLOAT: + case ARGV_DOUBLE: +- string_to_value(*arg_p, match_p->ar_variable, match_p->ar_type); ++ if (string_to_value(*arg_p, match_p->ar_variable, match_p->ar_type) != NOERROR) { ++ *okay_bp = ARGV_FALSE; ++ } + char_c = len; + /* we actually used it so we advance the queue tail position */ + (*queue_tail_p)++; +-- +2.26.3 + diff --git a/fstrm-0.6.1-Invalid-dereference.patch b/fstrm-0.6.1-Invalid-dereference.patch new file mode 100644 index 0000000..2a1364a --- /dev/null +++ b/fstrm-0.6.1-Invalid-dereference.patch @@ -0,0 +1,83 @@ +From d6149aaad2a72a8f000283015f6e381bb2821ee2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Thu, 7 Jan 2021 16:08:40 +0100 +Subject: [PATCH 1/3] Invalid dereference + +libmy/argv.c:3212: var_deref_model: Passing null pointer "queue_list" to "do_list", which dereferences it +libmy/argv.c:3204: var_deref_model: Passing null pointer "queue_list" to "do_list", which dereferences it. + +Workaround to possibility no arguments is received + +Usually at least one arg is always passed in argv - program name. Do not +dereference null queue_list in unlikely case no parameter in argv. +--- + libmy/argv.c | 45 +++++++++++++++++++++++---------------------- + 1 file changed, 23 insertions(+), 22 deletions(-) + +diff --git a/libmy/argv.c b/libmy/argv.c +index 6c64906..c3aadfe 100644 +--- a/libmy/argv.c ++++ b/libmy/argv.c +@@ -3197,28 +3197,29 @@ int argv_process_no_env(argv_t *args, const int arg_n, char **argv) + } + queue_head = 0; + queue_tail = 0; +- } +- +- /* do the env args before? */ +- if (argv_process_env_b && (! argv_env_after_b) && env_vect_p != NULL) { +- do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail, +- &okay_b); +- free(env_vect_p); +- free(environ_p); +- env_vect_p = NULL; +- } +- +- /* do the external args */ +- do_list(args, arg_n - 1, argv + 1, queue_list, &queue_head, &queue_tail, +- &okay_b); ++ ++ /* do the env args before? */ ++ if (argv_process_env_b && (! argv_env_after_b) && env_vect_p != NULL) { ++ do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail, ++ &okay_b); ++ free(env_vect_p); ++ free(environ_p); ++ env_vect_p = NULL; ++ } ++ ++ /* do the external args */ ++ if (arg_n > 0) ++ do_list(args, arg_n - 1, argv + 1, queue_list, &queue_head, &queue_tail, ++ &okay_b); + +- /* DO the env args after? */ +- if (argv_process_env_b && argv_env_after_b && env_vect_p != NULL) { +- do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail, +- &okay_b); +- free(env_vect_p); +- free(environ_p); +- env_vect_p = NULL; ++ /* DO the env args after? */ ++ if (argv_process_env_b && argv_env_after_b && env_vect_p != NULL) { ++ do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail, ++ &okay_b); ++ free(env_vect_p); ++ free(environ_p); ++ env_vect_p = NULL; ++ } + } + + /* make sure the XOR and MAND args and argument-options are okay */ +@@ -3233,7 +3234,7 @@ int argv_process_no_env(argv_t *args, const int arg_n, char **argv) + } + + /* if we allocated the space then free it */ +- if (arg_n > 0) { ++ if (queue_list) { + free(queue_list); + } + +-- +2.26.3 + diff --git a/fstrm-0.6.1-Possible-resource-leak-fix.patch b/fstrm-0.6.1-Possible-resource-leak-fix.patch new file mode 100644 index 0000000..bde2fca --- /dev/null +++ b/fstrm-0.6.1-Possible-resource-leak-fix.patch @@ -0,0 +1,40 @@ +From 1499d3e2715bad67588b5c0b6c02865eeb65aa16 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 8 Jan 2021 17:43:03 +0100 +Subject: [PATCH 3/3] Possible resource leak fix + +34. fstrm-0.6.0/libmy/argv.c:2238: alloc_fn: Storage is returned from allocation function "realloc". +35. fstrm-0.6.0/libmy/argv.c:2238: var_assign: Assigning: "argv" = storage returned from "realloc(argv, 8UL * max)". +37. fstrm-0.6.0/libmy/argv.c:2254: var_assign: Assigning: "argv_p" = "argv". +47. fstrm-0.6.0/libmy/argv.c:2229: leaked_storage: Variable "argv_p" going out of scope leaks the storage it points to. +48. fstrm-0.6.0/libmy/argv.c:2229: leaked_storage: Variable "argv" going out of scope leaks the storage it points to. +--- + libmy/argv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libmy/argv.c b/libmy/argv.c +index 16dca73..0b28026 100644 +--- a/libmy/argv.c ++++ b/libmy/argv.c +@@ -2226,7 +2226,7 @@ static void file_args(const char *path, argv_t *grid, + *argv_p = string_copy(line); + if (*argv_p == NULL) { + *okay_bp = ARGV_FALSE; +- return; ++ goto cleanup; + } + + argv_p++; +@@ -2257,7 +2257,8 @@ static void file_args(const char *path, argv_t *grid, + + /* now do the list */ + do_list(grid, arg_c, argv, queue_list, queue_head_p, queue_tail_p, okay_bp); +- ++ ++cleanup: + /* now free up the list */ + for (argv_p = argv; argv_p < argv + arg_c; argv_p++) { + free(*argv_p); +-- +2.26.3 + diff --git a/fstrm.spec b/fstrm.spec index d5a8e3b..2ea8aa5 100644 --- a/fstrm.spec +++ b/fstrm.spec @@ -4,10 +4,16 @@ Name: fstrm Summary: Frame Streams implementation in C Version: 0.6.1 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT URL: https://github.com/farsightsec/fstrm Source0: https://dl.farsightsecurity.com/dist/%{name}/%{name}-%{version}.tar.gz +# Patches to libmy library +# https://github.com/farsightsec/libmy/pull/4 +Patch1: fstrm-0.6.1-Fix-deadcode-and-check-return-code.patch +Patch2: fstrm-0.6.1-Invalid-dereference.patch +Patch3: fstrm-0.6.1-Possible-resource-leak-fix.patch +Patch4: fstrm-0.6.1-Fix-CLANG_WARNING.patch BuildRequires: autoconf automake libtool BuildRequires: libevent-devel # Upstream repository without a single release @@ -57,7 +63,7 @@ The fstrm-doc package contains Doxygen generated API documentation for fstrm library. %prep -%setup -q +%autosetup -p1 # regenerated build scripts to: # - remove RPATHs # - allow dynamic linking and execution of 'make check' @@ -65,12 +71,12 @@ autoreconf -fi %build %configure --disable-static -make %{?_smp_mflags} +%make_build make html %install # install the library -make install DESTDIR=%{buildroot} +%make_install rm %{buildroot}%{_libdir}/libfstrm.la # install documentation @@ -109,6 +115,9 @@ make check %doc %{_pkgdocdir}/html %changelog +* Fri Apr 09 2021 Petr Menšík - 0.6.1-2 +- Apply coverity fixes also to bundled libmy + * Thu Apr 08 2021 Petr Menšík - 0.6.1-1 - Update to 0.6.1 (#1946415)