Fix issues discovered by static analysis
Apply a patch that fixes a reported issue: - v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string" * 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch: New file. * kmod.spec (Release): Bump to 8. (Patch2): New patch. (%changelog): New record. Resolves: RHEL-44931 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
		
							parent
							
								
									33ce2e73d6
								
							
						
					
					
						commit
						0a4563dfa8
					
				| @ -0,0 +1,44 @@ | |||||||
|  | From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Eugene Syromiatnikov <esyr@redhat.com> | ||||||
|  | Date: Tue, 13 Aug 2024 16:17:27 +0200 | ||||||
|  | Subject: [PATCH] libkmod: avoid undefined behaviour in | ||||||
|  |  libkmod-builtin.c:get_string | ||||||
|  | 
 | ||||||
|  | Static analysis has reported a potential UB: | ||||||
|  | 
 | ||||||
|  |     kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf". | ||||||
|  |     #  123|   	size_t linesz = 0; | ||||||
|  |     #  124| | ||||||
|  |     #  125|-> 	while (!nullp) { | ||||||
|  |     #  126|   		char buf[BUFSIZ]; | ||||||
|  |     #  127|   		ssize_t sz; | ||||||
|  | 
 | ||||||
|  | It seems to be indeed an UB, as nullp is getting assined an address | ||||||
|  | inside object buf, which has a lifetime of the while loop body, | ||||||
|  | and is not available outside of it (specifically, in the while | ||||||
|  | condition, where nullp is checked for NULL).  Fix it by putting | ||||||
|  | buf definition in the outer block. | ||||||
|  | ---
 | ||||||
|  |  libkmod/libkmod-builtin.c | 2 +- | ||||||
|  |  1 file changed, 1 insertion(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
 | ||||||
|  | index fd0f549..40a7d61 100644
 | ||||||
|  | --- a/libkmod/libkmod-builtin.c
 | ||||||
|  | +++ b/libkmod/libkmod-builtin.c
 | ||||||
|  | @@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
 | ||||||
|  |  			char **line, size_t *size) | ||||||
|  |  { | ||||||
|  |  	int sv_errno; | ||||||
|  | +	char buf[BUFSIZ];
 | ||||||
|  |  	char *nullp = NULL; | ||||||
|  |  	size_t linesz = 0; | ||||||
|  |   | ||||||
|  |  	while (!nullp) { | ||||||
|  | -		char buf[BUFSIZ];
 | ||||||
|  |  		ssize_t sz; | ||||||
|  |  		size_t partsz; | ||||||
|  |   | ||||||
|  | -- 
 | ||||||
|  | 2.13.6 | ||||||
|  | 
 | ||||||
| @ -16,7 +16,7 @@ | |||||||
| 
 | 
 | ||||||
| Name:		kmod | Name:		kmod | ||||||
| Version:	31 | Version:	31 | ||||||
| Release:	7%{?dist} | Release:	8%{?dist} | ||||||
| Summary:	Linux kernel module management utilities | Summary:	Linux kernel module management utilities | ||||||
| 
 | 
 | ||||||
| # https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis | # https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis | ||||||
| @ -68,6 +68,9 @@ Source0:	https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.t | |||||||
| Source1:	weak-modules | Source1:	weak-modules | ||||||
| Source2:	depmod.conf.dist | Source2:	depmod.conf.dist | ||||||
| Patch1:		kmod-tip.patch | Patch1:		kmod-tip.patch | ||||||
|  | # v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string" | ||||||
|  | Patch2:		0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch | ||||||
|  | 
 | ||||||
| Exclusiveos:	Linux | Exclusiveos:	Linux | ||||||
| 
 | 
 | ||||||
| BuildRequires:  gcc | BuildRequires:  gcc | ||||||
| @ -193,6 +196,10 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf | |||||||
| %{_libdir}/libkmod.so | %{_libdir}/libkmod.so | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 31-8 | ||||||
|  | - Fix issues discovered by static analysis | ||||||
|  | - Resolves: RHEL-44931 | ||||||
|  | 
 | ||||||
| * Mon Aug 12 2024 Eugene Syromiatnikov <esyr@redhat.com> - 31-7 | * Mon Aug 12 2024 Eugene Syromiatnikov <esyr@redhat.com> - 31-7 | ||||||
| - weak-modules: use either zcat or xzcat based on symvers file extension | - weak-modules: use either zcat or xzcat based on symvers file extension | ||||||
| - Resolves: RHEL-39388 | - Resolves: RHEL-39388 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user