Apply coverity fixes also to bundled libmy
Include changes from yet uncommited library: https://github.com/farsightsec/libmy/pull/4/commits Changes spec to use autopatch for simpler patch application
This commit is contained in:
		
							parent
							
								
									446a785b34
								
							
						
					
					
						commit
						f1bd23b51f
					
				
							
								
								
									
										90
									
								
								fstrm-0.6.1-Fix-CLANG_WARNING.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										90
									
								
								fstrm-0.6.1-Fix-CLANG_WARNING.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,90 @@ | ||||
| From abefc739f769a8c9bd89db78b9a3e9dd9e366064 Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||||
| Date: Mon, 11 Jan 2021 12:25:27 +0100 | ||||
| Subject: [PATCH] Fix CLANG_WARNING | ||||
| 
 | ||||
| libmy/argv.c:1352:7: warning[core.uninitialized.Assign]: The expression is an uninitialized value. The computed value will also be garbage | ||||
|       (*(int *)var)++; | ||||
|       ^~~~~~~~~~~~~ | ||||
| libmy/argv.c:1207:29: note: Assuming field 'at_value' is not equal to 0 | ||||
|   for (type_p = argv_types; type_p->at_value != 0; type_p++) { | ||||
|                             ^~~~~~~~~~~~~~~~~~~~~ | ||||
| libmy/argv.c:1207:3: note: Loop condition is true.  Entering loop body | ||||
|   for (type_p = argv_types; type_p->at_value != 0; type_p++) { | ||||
|   ^ | ||||
| libmy/argv.c:1208:9: note: Assuming 'val_type' is equal to field 'at_value' | ||||
|     if (type_p->at_value == val_type) { | ||||
|         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| libmy/argv.c:1208:5: note: Taking true branch | ||||
|     if (type_p->at_value == val_type) { | ||||
|     ^ | ||||
| libmy/argv.c:1210:7: note:  Execution continues on line 1214 | ||||
|       break; | ||||
|       ^ | ||||
| libmy/argv.c:1214:15: note: Field 'at_value' is not equal to 0 | ||||
|   if (type_p->at_value == 0) { | ||||
|               ^ | ||||
| libmy/argv.c:1214:3: note: Taking false branch | ||||
|   if (type_p->at_value == 0) { | ||||
|   ^ | ||||
| libmy/argv.c:1222:7: note: Assuming the condition is true | ||||
|   if (type & ARGV_FLAG_ARRAY) { | ||||
|       ^~~~~~~~~~~~~~~~~~~~~~ | ||||
| libmy/argv.c:1222:3: note: Taking true branch | ||||
|   if (type & ARGV_FLAG_ARRAY) { | ||||
|   ^ | ||||
| libmy/argv.c:1225:9: note: Assuming field 'aa_entry_n' is equal to 0 | ||||
|     if (arr_p->aa_entry_n == 0) { | ||||
|         ^~~~~~~~~~~~~~~~~~~~~~ | ||||
| libmy/argv.c:1225:5: note: Taking true branch | ||||
|     if (arr_p->aa_entry_n == 0) { | ||||
|     ^ | ||||
| libmy/argv.c:1226:35: note: Storing uninitialized value | ||||
|       arr_p->aa_entries = (char *)malloc(ARRAY_INCR *size); | ||||
|                                   ^~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| libmy/argv.c:1234:9: note: Assuming field 'aa_entries' is not equal to NULL | ||||
|     if (arr_p->aa_entries == NULL) { | ||||
|         ^~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| libmy/argv.c:1234:5: note: Taking false branch | ||||
|     if (arr_p->aa_entries == NULL) { | ||||
|     ^ | ||||
| libmy/argv.c:1251:3: note: Control jumps to 'case 17:'  at line 1349 | ||||
|   switch (val_type) { | ||||
|   ^ | ||||
| libmy/argv.c:1351:9: note: Assuming 'arg' is equal to NULL | ||||
|     if (arg == NULL) { | ||||
|         ^~~~~~~~~~~ | ||||
| libmy/argv.c:1351:5: note: Taking true branch | ||||
|     if (arg == NULL) { | ||||
|     ^ | ||||
| libmy/argv.c:1352:7: note: The expression is an uninitialized value. The computed value will also be garbage | ||||
|       (*(int *)var)++; | ||||
|       ^~~~~~~~~~~~~ | ||||
| ---
 | ||||
|  libmy/argv.c | 5 ++++- | ||||
|  1 file changed, 4 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/libmy/argv.c b/libmy/argv.c
 | ||||
| index 0b28026..547065c 100644
 | ||||
| --- a/libmy/argv.c
 | ||||
| +++ b/libmy/argv.c
 | ||||
| @@ -1223,12 +1223,15 @@ static	int	string_to_value(const char *arg, ARGV_PNT var,
 | ||||
|      arr_p = (argv_array_t *)var; | ||||
|       | ||||
|      if (arr_p->aa_entry_n == 0) { | ||||
| -      arr_p->aa_entries = (char *)malloc(ARRAY_INCR *size);
 | ||||
| +      arr_p->aa_entries = (char *)calloc(ARRAY_INCR, size);
 | ||||
|      } | ||||
|      else if (arr_p->aa_entry_n % ARRAY_INCR == 0) { | ||||
|        arr_p->aa_entries = | ||||
|  	(char *)realloc(arr_p->aa_entries, (arr_p->aa_entry_n + ARRAY_INCR) * | ||||
|  			size); | ||||
| +      if (arr_p->aa_entries != NULL)
 | ||||
| +	memset((char *)(arr_p->aa_entries) + arr_p->aa_entry_n * size, 0,
 | ||||
| +	       ARRAY_INCR*size);
 | ||||
|      } | ||||
|       | ||||
|      if (arr_p->aa_entries == NULL) { | ||||
| -- 
 | ||||
| 2.26.3 | ||||
| 
 | ||||
							
								
								
									
										43
									
								
								fstrm-0.6.1-Fix-deadcode-and-check-return-code.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								fstrm-0.6.1-Fix-deadcode-and-check-return-code.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,43 @@ | ||||
| From 600db5413294701bdfda8ce19fa804bcbc866d2e Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||||
| Date: Fri, 8 Jan 2021 13:23:17 +0100 | ||||
| Subject: [PATCH 2/3] Fix deadcode and check return code | ||||
| 
 | ||||
| 1. fstrm-0.6.0/libmy/argv.c:1782: addr_non_null: The address of an object "argv_types" is never null. | ||||
| 2. fstrm-0.6.0/libmy/argv.c:1782: assignment: Assigning: "type_p" = "argv_types". | ||||
| 3. fstrm-0.6.0/libmy/argv.c:1809: notnull: At condition "type_p == NULL", the value of "type_p" cannot be "NULL". | ||||
| 4. fstrm-0.6.0/libmy/argv.c:1809: dead_error_condition: The condition "type_p == NULL" cannot be true. | ||||
| 5. fstrm-0.6.0/libmy/argv.c:1810: dead_error_begin: Execution cannot reach this statement: "(void)fprintf(argv_error_st...". | ||||
| 
 | ||||
| 40. fstrm-0.6.0/libmy/argv.c:2724: check_return: Calling "string_to_value" without checking return value (as is done elsewhere 6 out of 7 times). | ||||
| ---
 | ||||
|  libmy/argv.c | 6 ++++-- | ||||
|  1 file changed, 4 insertions(+), 2 deletions(-) | ||||
| 
 | ||||
| diff --git a/libmy/argv.c b/libmy/argv.c
 | ||||
| index c3aadfe..16dca73 100644
 | ||||
| --- a/libmy/argv.c
 | ||||
| +++ b/libmy/argv.c
 | ||||
| @@ -1806,7 +1806,7 @@ static	void	display_variables(const argv_t *args)
 | ||||
|        int		entry_c, size = 0; | ||||
|         | ||||
|        /* find the type and the size for array */ | ||||
| -      if (type_p == NULL) {
 | ||||
| +      if (type_p->at_value == 0) {
 | ||||
|  	(void)fprintf(argv_error_stream, "%s: illegal variable type %d\n", | ||||
|  		      __FILE__, val_type); | ||||
|  	continue; | ||||
| @@ -2721,7 +2721,9 @@ static	void	do_list(argv_t *grid, const int arg_c, char **argv,
 | ||||
|  	    case ARGV_LONG: | ||||
|  	    case ARGV_FLOAT: | ||||
|  	    case ARGV_DOUBLE: | ||||
| -              string_to_value(*arg_p, match_p->ar_variable, match_p->ar_type);
 | ||||
| +              if (string_to_value(*arg_p, match_p->ar_variable, match_p->ar_type) != NOERROR) {
 | ||||
| +		*okay_bp = ARGV_FALSE;
 | ||||
| +	      }
 | ||||
|  	      char_c = len; | ||||
|  	      /* we actually used it so we advance the queue tail position */ | ||||
|  	      (*queue_tail_p)++; | ||||
| -- 
 | ||||
| 2.26.3 | ||||
| 
 | ||||
							
								
								
									
										83
									
								
								fstrm-0.6.1-Invalid-dereference.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										83
									
								
								fstrm-0.6.1-Invalid-dereference.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,83 @@ | ||||
| From d6149aaad2a72a8f000283015f6e381bb2821ee2 Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||||
| Date: Thu, 7 Jan 2021 16:08:40 +0100 | ||||
| Subject: [PATCH 1/3] Invalid dereference | ||||
| 
 | ||||
| libmy/argv.c:3212: var_deref_model: Passing null pointer "queue_list" to "do_list", which dereferences it | ||||
| libmy/argv.c:3204: var_deref_model: Passing null pointer "queue_list" to "do_list", which dereferences it. | ||||
| 
 | ||||
| Workaround to possibility no arguments is received | ||||
| 
 | ||||
| Usually at least one arg is always passed in argv - program name. Do not | ||||
| dereference null queue_list in unlikely case no parameter in argv. | ||||
| ---
 | ||||
|  libmy/argv.c | 45 +++++++++++++++++++++++---------------------- | ||||
|  1 file changed, 23 insertions(+), 22 deletions(-) | ||||
| 
 | ||||
| diff --git a/libmy/argv.c b/libmy/argv.c
 | ||||
| index 6c64906..c3aadfe 100644
 | ||||
| --- a/libmy/argv.c
 | ||||
| +++ b/libmy/argv.c
 | ||||
| @@ -3197,28 +3197,29 @@ int	argv_process_no_env(argv_t *args, const int arg_n, char **argv)
 | ||||
|      } | ||||
|      queue_head = 0; | ||||
|      queue_tail = 0; | ||||
| -  }
 | ||||
| -  
 | ||||
| -  /* do the env args before? */
 | ||||
| -  if (argv_process_env_b && (! argv_env_after_b) && env_vect_p != NULL) {
 | ||||
| -    do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail,
 | ||||
| -	    &okay_b);
 | ||||
| -    free(env_vect_p);
 | ||||
| -    free(environ_p);
 | ||||
| -    env_vect_p = NULL;
 | ||||
| -  }
 | ||||
| -  
 | ||||
| -  /* do the external args */
 | ||||
| -  do_list(args, arg_n - 1, argv + 1, queue_list, &queue_head, &queue_tail,
 | ||||
| -	  &okay_b);
 | ||||
| +
 | ||||
| +    /* do the env args before? */
 | ||||
| +    if (argv_process_env_b && (! argv_env_after_b) && env_vect_p != NULL) {
 | ||||
| +      do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail,
 | ||||
| +	      &okay_b);
 | ||||
| +      free(env_vect_p);
 | ||||
| +      free(environ_p);
 | ||||
| +      env_vect_p = NULL;
 | ||||
| +    }
 | ||||
| +
 | ||||
| +    /* do the external args */
 | ||||
| +    if (arg_n > 0)
 | ||||
| +      do_list(args, arg_n - 1, argv + 1, queue_list, &queue_head, &queue_tail,
 | ||||
| +	      &okay_b);
 | ||||
|     | ||||
| -  /* DO the env args after? */
 | ||||
| -  if (argv_process_env_b && argv_env_after_b && env_vect_p != NULL) {
 | ||||
| -    do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail,
 | ||||
| -	    &okay_b);
 | ||||
| -    free(env_vect_p);
 | ||||
| -    free(environ_p);
 | ||||
| -    env_vect_p = NULL;
 | ||||
| +    /* DO the env args after? */
 | ||||
| +    if (argv_process_env_b && argv_env_after_b && env_vect_p != NULL) {
 | ||||
| +      do_list(args, env_n, env_vect_p, queue_list, &queue_head, &queue_tail,
 | ||||
| +	      &okay_b);
 | ||||
| +      free(env_vect_p);
 | ||||
| +      free(environ_p);
 | ||||
| +      env_vect_p = NULL;
 | ||||
| +    }
 | ||||
|    } | ||||
|     | ||||
|    /* make sure the XOR and MAND args and argument-options are okay */ | ||||
| @@ -3233,7 +3234,7 @@ int	argv_process_no_env(argv_t *args, const int arg_n, char **argv)
 | ||||
|    } | ||||
|     | ||||
|    /* if we allocated the space then free it */ | ||||
| -  if (arg_n > 0) {
 | ||||
| +  if (queue_list) {
 | ||||
|      free(queue_list); | ||||
|    } | ||||
|     | ||||
| -- 
 | ||||
| 2.26.3 | ||||
| 
 | ||||
							
								
								
									
										40
									
								
								fstrm-0.6.1-Possible-resource-leak-fix.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								fstrm-0.6.1-Possible-resource-leak-fix.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,40 @@ | ||||
| From 1499d3e2715bad67588b5c0b6c02865eeb65aa16 Mon Sep 17 00:00:00 2001 | ||||
| From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||||
| Date: Fri, 8 Jan 2021 17:43:03 +0100 | ||||
| Subject: [PATCH 3/3] Possible resource leak fix | ||||
| 
 | ||||
| 34. fstrm-0.6.0/libmy/argv.c:2238: alloc_fn: Storage is returned from allocation function "realloc". | ||||
| 35. fstrm-0.6.0/libmy/argv.c:2238: var_assign: Assigning: "argv" = storage returned from "realloc(argv, 8UL * max)". | ||||
| 37. fstrm-0.6.0/libmy/argv.c:2254: var_assign: Assigning: "argv_p" = "argv". | ||||
| 47. fstrm-0.6.0/libmy/argv.c:2229: leaked_storage: Variable "argv_p" going out of scope leaks the storage it points to. | ||||
| 48. fstrm-0.6.0/libmy/argv.c:2229: leaked_storage: Variable "argv" going out of scope leaks the storage it points to. | ||||
| ---
 | ||||
|  libmy/argv.c | 5 +++-- | ||||
|  1 file changed, 3 insertions(+), 2 deletions(-) | ||||
| 
 | ||||
| diff --git a/libmy/argv.c b/libmy/argv.c
 | ||||
| index 16dca73..0b28026 100644
 | ||||
| --- a/libmy/argv.c
 | ||||
| +++ b/libmy/argv.c
 | ||||
| @@ -2226,7 +2226,7 @@ static	void	file_args(const char *path, argv_t *grid,
 | ||||
|      *argv_p = string_copy(line); | ||||
|      if (*argv_p == NULL) { | ||||
|        *okay_bp = ARGV_FALSE; | ||||
| -      return;
 | ||||
| +      goto cleanup;
 | ||||
|      } | ||||
|       | ||||
|      argv_p++; | ||||
| @@ -2257,7 +2257,8 @@ static	void	file_args(const char *path, argv_t *grid,
 | ||||
|     | ||||
|    /* now do the list */ | ||||
|    do_list(grid, arg_c, argv, queue_list, queue_head_p, queue_tail_p, okay_bp); | ||||
| -  
 | ||||
| +
 | ||||
| +cleanup:
 | ||||
|    /* now free up the list */ | ||||
|    for (argv_p = argv; argv_p < argv + arg_c; argv_p++) { | ||||
|      free(*argv_p); | ||||
| -- 
 | ||||
| 2.26.3 | ||||
| 
 | ||||
							
								
								
									
										17
									
								
								fstrm.spec
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								fstrm.spec
									
									
									
									
									
								
							| @ -4,10 +4,16 @@ | ||||
| Name: fstrm | ||||
| Summary: Frame Streams implementation in C | ||||
| Version: 0.6.1 | ||||
| Release: 1%{?dist} | ||||
| Release: 2%{?dist} | ||||
| License: MIT | ||||
| URL: https://github.com/farsightsec/fstrm | ||||
| Source0: https://dl.farsightsecurity.com/dist/%{name}/%{name}-%{version}.tar.gz | ||||
| # Patches to libmy library | ||||
| # https://github.com/farsightsec/libmy/pull/4 | ||||
| Patch1: fstrm-0.6.1-Fix-deadcode-and-check-return-code.patch | ||||
| Patch2: fstrm-0.6.1-Invalid-dereference.patch | ||||
| Patch3: fstrm-0.6.1-Possible-resource-leak-fix.patch | ||||
| Patch4: fstrm-0.6.1-Fix-CLANG_WARNING.patch | ||||
| BuildRequires: autoconf automake libtool | ||||
| BuildRequires: libevent-devel | ||||
| # Upstream repository without a single release | ||||
| @ -57,7 +63,7 @@ The fstrm-doc package contains Doxygen generated API documentation for | ||||
| fstrm library. | ||||
| 
 | ||||
| %prep | ||||
| %setup -q | ||||
| %autosetup -p1 | ||||
| # regenerated build scripts to: | ||||
| # - remove RPATHs | ||||
| # - allow dynamic linking and execution of 'make check' | ||||
| @ -65,12 +71,12 @@ autoreconf -fi | ||||
| 
 | ||||
| %build | ||||
| %configure --disable-static | ||||
| make %{?_smp_mflags} | ||||
| %make_build | ||||
| make html | ||||
| 
 | ||||
| %install | ||||
| # install the library | ||||
| make install DESTDIR=%{buildroot} | ||||
| %make_install | ||||
| rm %{buildroot}%{_libdir}/libfstrm.la | ||||
| 
 | ||||
| # install documentation | ||||
| @ -109,6 +115,9 @@ make check | ||||
| %doc %{_pkgdocdir}/html | ||||
| 
 | ||||
| %changelog | ||||
| * Fri Apr 09 2021 Petr Menšík <pemensik@redhat.com> - 0.6.1-2 | ||||
| - Apply coverity fixes also to bundled libmy | ||||
| 
 | ||||
| * Thu Apr 08 2021 Petr Menšík <pemensik@redhat.com> - 0.6.1-1 | ||||
| - Update to 0.6.1 (#1946415) | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user