From 5c9d695205bd66dd228ce3a29663638d9e2729ed Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Mon, 13 Feb 2023 09:30:25 +0100 Subject: [PATCH] Coverity fixes 6 --- cupsfilters/bannertopdf.c | 18 +++++++++++++++--- cupsfilters/catalog.c | 9 +++++++-- cupsfilters/filter.c | 8 +++++++- cupsfilters/ghostscript.c | 6 +++--- cupsfilters/image-zoom.c | 1 + cupsfilters/image.c | 28 +++++++++++++++++++++------- cupsfilters/imagetoraster.c | 25 +++++++++++++++---------- cupsfilters/pclmtoraster.cxx | 13 +++++++------ cupsfilters/pdftoraster.cxx | 19 +++++++++++-------- cupsfilters/texttopdf.c | 16 +++++++++++----- cupsfilters/texttotext.c | 11 +++++++++-- 11 files changed, 107 insertions(+), 47 deletions(-) diff --git a/cupsfilters/bannertopdf.c b/cupsfilters/bannertopdf.c index 59f22937..9510f3eb 100644 --- a/cupsfilters/bannertopdf.c +++ b/cupsfilters/bannertopdf.c @@ -879,8 +879,8 @@ cfFilterBannerToPDF(int inputfd, // I - File descriptor input stream banner_t *banner; int num_options = 0; int ret; - FILE *inputfp; - FILE *outputfp; + FILE *inputfp = NULL; + FILE *outputfp = NULL; int tempfd; cups_option_t *options = NULL; char tempfile[1024], buffer[1024]; @@ -919,6 +919,8 @@ cfFilterBannerToPDF(int inputfd, // I - File descriptor input stream if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterBannerToPDF: Unable to copy input file: %s", strerror(errno)); + if (inputfp) + fclose(inputfp); return (1); } @@ -932,6 +934,7 @@ cfFilterBannerToPDF(int inputfd, // I - File descriptor input stream if (inputfd) { fclose(inputfp); + inputfp = NULL; close(inputfd); } close(tempfd); @@ -949,7 +952,9 @@ cfFilterBannerToPDF(int inputfd, // I - File descriptor input stream "cfFilterBannerToPDF: Unable to open output data stream."); } - fclose(inputfp); + if (inputfp) + fclose(inputfp); + return (1); } @@ -964,6 +969,13 @@ cfFilterBannerToPDF(int inputfd, // I - File descriptor input stream { if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterBannerToPDF: Could not read banner file"); + + if (inputfp) + fclose(inputfp); + + if (outputfp) + fclose(outputfp); + return (1); } diff --git a/cupsfilters/catalog.c b/cupsfilters/catalog.c index f26f4b4e..c0797dc2 100644 --- a/cupsfilters/catalog.c +++ b/cupsfilters/catalog.c @@ -178,6 +178,8 @@ cfCatalogSearchDir(const char *dirname, const char *preferredlocale) { // Check first for an exact match catalog = cfCatalogSearchDirLocale(dirname, preferredlocale); + if (catalog != NULL) + return (catalog); // Check for language match, with any region // Cover both cases, whether locale has region suffix or not @@ -540,6 +542,8 @@ cfCatalogLoad(const char *location, int digit; int found_in_catalog = 0; + memset(tmpfile, 0, 1024); + if (location == NULL || (strncasecmp(location, "http:", 5) && strncasecmp(location, "https:", 6))) { @@ -769,6 +773,7 @@ cfCatalogLoad(const char *location, free(opt_name); if (filename == tmpfile) unlink(filename); - if (found_in_catalog) - free((char *)filename); + else + if (found_in_catalog) + free((char *)filename); } diff --git a/cupsfilters/filter.c b/cupsfilters/filter.c index 477bec72..ed5bdbbf 100644 --- a/cupsfilters/filter.c +++ b/cupsfilters/filter.c @@ -959,7 +959,7 @@ cfFilterExternal(int inputfd, // I - File descriptor input stream *msg, // Filter log message *filter_name; // Filter name for logging char filter_path[1024]; // Full path of the filter - char **argv, // Command line args for filter + char **argv = NULL, // Command line args for filter **envp = NULL; // Environment variables for filter int num_all_options = 0; cups_option_t *all_options = NULL; @@ -1216,6 +1216,12 @@ cfFilterExternal(int inputfd, // I - File descriptor input stream if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterExternal (%s): Could not create pipe for stderr: %s", filter_name, strerror(errno)); + + if (argv[0]) + free(argv[0]); + if (argv) + free(argv); + return (1); } diff --git a/cupsfilters/ghostscript.c b/cupsfilters/ghostscript.c index 4a49611b..9f16290a 100644 --- a/cupsfilters/ghostscript.c +++ b/cupsfilters/ghostscript.c @@ -988,7 +988,7 @@ cfFilterGhostscript(int inputfd, // I - File descriptor input if (outformat == CF_FILTER_OUT_FORMAT_CUPS_RASTER || outformat == CF_FILTER_OUT_FORMAT_PWG_RASTER || outformat == CF_FILTER_OUT_FORMAT_APPLE_RASTER) - if (write(outputfd, "RaS2", 4)); + bytes = write(outputfd, "RaS2", 4); goto out; } if (doc_type == GS_DOC_TYPE_UNKNOWN) @@ -1010,7 +1010,7 @@ cfFilterGhostscript(int inputfd, // I - File descriptor input if (outformat == CF_FILTER_OUT_FORMAT_CUPS_RASTER || outformat == CF_FILTER_OUT_FORMAT_PWG_RASTER || outformat == CF_FILTER_OUT_FORMAT_APPLE_RASTER) - if (write(outputfd, "RaS2", 4)); + bytes = write(outputfd, "RaS2", 4); goto out; } if (pages < 0) @@ -1055,7 +1055,7 @@ cfFilterGhostscript(int inputfd, // I - File descriptor input if (outformat == CF_FILTER_OUT_FORMAT_CUPS_RASTER || outformat == CF_FILTER_OUT_FORMAT_PWG_RASTER || outformat == CF_FILTER_OUT_FORMAT_APPLE_RASTER) - if (write(outputfd, "RaS2", 4)); + bytes = write(outputfd, "RaS2", 4); goto out; } if (pagecount < 0) diff --git a/cupsfilters/image-zoom.c b/cupsfilters/image-zoom.c index ca1b6823..04b28319 100644 --- a/cupsfilters/image-zoom.c +++ b/cupsfilters/image-zoom.c @@ -42,6 +42,7 @@ _cfImageZoomDelete(cf_izoom_t *z) // I - Zoom record to free free(z->rows[0]); free(z->rows[1]); free(z->in); + cfImageClose(z->img); free(z); } diff --git a/cupsfilters/image.c b/cupsfilters/image.c index 76d1d8ca..a424a616 100644 --- a/cupsfilters/image.c +++ b/cupsfilters/image.c @@ -365,7 +365,7 @@ cfImageOpenFP( // Allocate memory... // - img = calloc(sizeof(cf_image_t), 1); + img = calloc(1, sizeof(cf_image_t)); if (img == NULL) { @@ -409,7 +409,7 @@ cfImageOpenFP( if (status) { - free(img); + cfImageClose(img); return (NULL); } else @@ -634,7 +634,7 @@ cfImageCrop(cf_image_t* img, int height) { int image_width = cfImageGetWidth(img); - cf_image_t* temp = calloc(sizeof(cf_image_t), 1); + cf_image_t* temp = calloc(1, sizeof(cf_image_t)); cf_ib_t *pixels = (cf_ib_t*)malloc(img->xsize * cfImageGetDepth(img)); temp->cachefile = -1; @@ -748,12 +748,22 @@ get_tile(cf_image_t *img, // I - Image xtiles = (img->xsize + CF_TILE_SIZE - 1) / CF_TILE_SIZE; ytiles = (img->ysize + CF_TILE_SIZE - 1) / CF_TILE_SIZE; + /* + * We check the image validity (f.e. whether xsize and ysize are + * greater than 0) during opening the file, but it happens several + * functions before and reader can miss it. Add the check for stressing + * out such cases are not accepted, which adds readability and fixes + * false positives of coverity programs. + */ + if (xtiles <= 0 || ytiles <= 0) + return (NULL); + DEBUG_printf(("Creating tile array (%dx%d)\n", xtiles, ytiles)); - if ((img->tiles = calloc(sizeof(cf_itile_t *), ytiles)) == NULL) + if ((img->tiles = calloc(ytiles, sizeof(cf_itile_t *))) == NULL) return (NULL); - if ((tile = calloc(xtiles * sizeof(cf_itile_t), ytiles)) == NULL) + if ((tile = calloc(ytiles, xtiles * sizeof(cf_itile_t))) == NULL) return (NULL); for (tiley = 0; tiley < ytiles; tiley ++) @@ -775,8 +785,8 @@ get_tile(cf_image_t *img, // I - Image { if (img->num_ics < img->max_ics) { - if ((ic = calloc(sizeof(cf_ic_t) + - bpp * CF_TILE_SIZE * CF_TILE_SIZE, 1)) == NULL) + if ((ic = calloc(1, sizeof(cf_ic_t) + + bpp * CF_TILE_SIZE * CF_TILE_SIZE)) == NULL) { if (img->num_ics == 0) return (NULL); @@ -940,6 +950,8 @@ _cfImageReadEXIF(cf_image_t *img, if (buf == NULL || bufSize <= 0 || (ed = exif_data_new_from_data(buf, bufSize)) == NULL) { + if (buf) + free(buf); DEBUG_printf(("DEBUG: No EXIF data found")); return (2); } @@ -954,6 +966,8 @@ _cfImageReadEXIF(cf_image_t *img, if (entryX == NULL || entryY == NULL) { + if (buf) + free(buf); DEBUG_printf(("DEBUG: No EXIF data found")); return (2); } diff --git a/cupsfilters/imagetoraster.c b/cupsfilters/imagetoraster.c index 7c4e5be8..3a29e8d5 100644 --- a/cupsfilters/imagetoraster.c +++ b/cupsfilters/imagetoraster.c @@ -235,7 +235,7 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream int plane, // Current color plane num_planes; // Number of color planes char tempfile[1024]; // Name of temporary file - FILE *fp; // Input file + FILE *fp = NULL; // Input file int fd; // File descriptor for temp file char buf[BUFSIZ]; int bytes; @@ -705,11 +705,13 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream case CUPS_CSPACE_DEVICED : case CUPS_CSPACE_DEVICEE : case CUPS_CSPACE_DEVICEF : - if (log) log(ld, CF_LOGLEVEL_DEBUG, - "cfFilterImageToRaster: Colorspace %d not supported.", - header.cupsColorSpace); + if (log) + log(ld, CF_LOGLEVEL_DEBUG, "cfFilterImageToRaster: Colorspace %d not supported.", + header.cupsColorSpace); if (!inputseekable) unlink(tempfile); + if (fp) + fclose(fp); return(1); break; } @@ -1645,7 +1647,7 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream xtemp = header.HWResolution[0] * xprint; ytemp = header.HWResolution[1] * yprint; - } + } cupsRasterWriteHeader2(ras, &header); @@ -1655,10 +1657,10 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream // Initialize the image "zoom" engine... // - if (doc.Flip) + if (doc.Flip) z = _cfImageZoomNew(img, xc0, yc0, xc1, yc1, -xtemp, ytemp, doc.Orientation & 1, zoom_type); - else + else z = _cfImageZoomNew(img, xc0, yc0, xc1, yc1, xtemp, ytemp, doc.Orientation & 1, zoom_type); @@ -1666,7 +1668,7 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream // Write leading blank space as needed... // - if (header.cupsHeight > z->ysize && doc.YPosition <= 0) + if (header.cupsHeight > z->ysize && doc.YPosition <= 0) { blank_line(&header, row); @@ -1683,8 +1685,9 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream if (cupsRasterWritePixels(ras, row, header.cupsBytesPerLine) < header.cupsBytesPerLine) { - if (log) log(ld, CF_LOGLEVEL_ERROR, - "cfFilterImageToRaster: Unable to send raster data."); + if (log) + log(ld, CF_LOGLEVEL_ERROR, "cfFilterImageToRaster: Unable to send raster data."); + _cfImageZoomDelete(z); cfImageClose(img); return (1); } @@ -1785,6 +1788,7 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream if (log) log(ld, CF_LOGLEVEL_DEBUG, "cfFilterImageToRaster: Unable to send raster data."); cfImageClose(img); + _cfImageZoomDelete(z); return (1); } @@ -1827,6 +1831,7 @@ cfFilterImageToRaster(int inputfd, // I - File descriptor input stream if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterImageToRaster: Unable to send raster data."); cfImageClose(img); + _cfImageZoomDelete(z); return (1); } } diff --git a/cupsfilters/pclmtoraster.cxx b/cupsfilters/pclmtoraster.cxx index 446dfc45..a4510846 100644 --- a/cupsfilters/pclmtoraster.cxx +++ b/cupsfilters/pclmtoraster.cxx @@ -63,11 +63,11 @@ typedef unsigned char *(*convert_line_func)(unsigned char *src, pclmtoraster_data_t *data, convert_cspace_func convertcspace); -typedef struct conversion_function_s +typedef struct pclm_conversion_function_s { convert_cspace_func convertcspace;// Function for conversion of colorspaces convert_line_func convertline; // Function tom modify raster data of a line -} conversion_function_t; +} pclm_conversion_function_t; static int @@ -164,7 +164,8 @@ parse_opts(cf_filter_data_t *data, !strncasecmp(val, "bi-level", 8)) pclmtoraster_data->bi_level = 1; - strncpy(pclmtoraster_data->pageSizeRequested, header->cupsPageSizeName, 64); + strncpy(pclmtoraster_data->pageSizeRequested, header->cupsPageSizeName, 63); + pclmtoraster_data->pageSizeRequested[63] = '\0'; if (log) log(ld, CF_LOGLEVEL_DEBUG, "cfFilterPCLmToRaster: Page size requested: %s.", header->cupsPageSizeName); @@ -687,7 +688,7 @@ select_convert_func(int pgno, // I - Page number // function pclmtoraster_data_t *data, // I - pclmtoraster filter // data - conversion_function_t *convert)// I - Conversion function + pclm_conversion_function_t *convert)// I - Conversion function { // Set rowsize and numcolors based on colorspace of raster data cups_page_header2_t header = data->header; @@ -791,7 +792,7 @@ out_page(cups_raster_t* raster, // I - Raster stream void* ld, // I - Aux. data for log function pclmtoraster_data_t *data, // I - pclmtoraster filter data cf_filter_data_t *filter_data, // I - filter data - conversion_function_t *convert)// I - Conversion functions + pclm_conversion_function_t *convert)// I - Conversion functions { int i; long long rotate = 0, @@ -1076,7 +1077,7 @@ cfFilterPCLmToRaster(int inputfd, // I - File descriptor input stream QPDF *pdf = new QPDF(); cups_raster_t *raster; pclmtoraster_data_t pclmtoraster_data; - conversion_function_t convert; + pclm_conversion_function_t convert; cf_logfunc_t log = data->logfunc; void *ld = data->logdata; cf_filter_iscanceledfunc_t iscanceled = data->iscanceledfunc; diff --git a/cupsfilters/pdftoraster.cxx b/cupsfilters/pdftoraster.cxx index a2ad7a5e..5738e62f 100644 --- a/cupsfilters/pdftoraster.cxx +++ b/cupsfilters/pdftoraster.cxx @@ -133,13 +133,13 @@ typedef unsigned char *(*convert_line_func)(unsigned char *src, pdftoraster_doc_t* doc, convert_cspace_func convertCSpace); -typedef struct conversion_function_s +typedef struct pdf_conversion_function_s { convert_cspace_func convertCSpace; // Function for conversion of colorspaces convert_line_func convertLineOdd; // Function tom modify raster data of a // line convert_line_func convertLineEven; -} conversion_function_t; +} pdf_conversion_function_t; static cmsCIExyY adobergb_wp() @@ -1081,7 +1081,7 @@ convert_line_plane_swap(unsigned char *src, // Handle special cases which appear in the Gutenprint driver static bool select_special_case(pdftoraster_doc_t* doc, - conversion_function_t* convert) + pdf_conversion_function_t* convert) { int i; @@ -1172,7 +1172,7 @@ get_cms_color_space_type(cmsColorSpaceSignature cs) static int select_convert_func(cups_raster_t *raster, pdftoraster_doc_t* doc, - conversion_function_t *convert, + pdf_conversion_function_t *convert, cf_logfunc_t log, void* ld) { @@ -1401,7 +1401,7 @@ static void write_page_image(cups_raster_t *raster, pdftoraster_doc_t *doc, int pageNo, - conversion_function_t* convert, + pdf_conversion_function_t* convert, float overspray_factor, cf_filter_iscanceledfunc_t iscanceled, void *icd) @@ -1459,6 +1459,8 @@ write_page_image(cups_raster_t *raster, doc->bytesPerLine * im.height()); one_bit_pixel(graydata, onebitdata, im.width(), im.height(), doc); colordata = onebitdata; + free(newdata); + free(graydata); rowsize = doc->bytesPerLine; } else @@ -1476,6 +1478,7 @@ write_page_image(cups_raster_t *raster, cfImageRGBToWhite(newdata, graydata, pixel_count); colordata = graydata; rowsize = doc->header.cupsWidth; + free(newdata); } break; @@ -1551,7 +1554,7 @@ out_page(pdftoraster_doc_t *doc, int pageNo, cf_filter_data_t *data, cups_raster_t *raster, - conversion_function_t *convert, + pdf_conversion_function_t *convert, cf_logfunc_t log, void* ld, cf_filter_iscanceledfunc_t iscanceled, @@ -1911,7 +1914,7 @@ cfFilterPDFToRaster(int inputfd, // I - File descriptor input stream #ifdef HAVE_POPPLER int deviceCopies = 1; bool deviceCollate = false; - conversion_function_t convert; + pdf_conversion_function_t convert; cf_filter_iscanceledfunc_t iscanceled = data->iscanceledfunc; void *icd = data->iscanceleddata; int ret = 0; @@ -2146,7 +2149,7 @@ cfFilterPDFToRaster(int inputfd, // I - File descriptor input stream ret = 1; goto out; } - memset(&convert, 0, sizeof(conversion_function_t)); + memset(&convert, 0, sizeof(pdf_conversion_function_t)); if (select_convert_func(raster, &doc, &convert, log, ld) == 1) { if (log) log(ld, CF_LOGLEVEL_ERROR, diff --git a/cupsfilters/texttopdf.c b/cupsfilters/texttopdf.c index 2c4ebab1..91e1d5e7 100644 --- a/cupsfilters/texttopdf.c +++ b/cupsfilters/texttopdf.c @@ -739,7 +739,8 @@ cfFilterTextToPDF(int inputfd, // I - File descriptor input stream // The page size name in te header corresponds to the actual size of // the media, so find the size dimensions pwg_media_t *size_found = NULL; - strncpy(keyword, doc.h.cupsPageSizeName, sizeof(keyword)); + strncpy(keyword, doc.h.cupsPageSizeName, sizeof(keyword) - 1); + keyword[sizeof(keyword) - 1] = '\0'; if ((keyptr = strchr(keyword, '.')) != NULL) *keyptr = '\0'; if ((size_found = pwgMediaForPPD(keyword)) != NULL || @@ -864,7 +865,7 @@ cfFilterTextToPDF(int inputfd, // I - File descriptor input stream goto out; } - doc.Page = calloc(sizeof(lchar_t *), doc.SizeLines); + doc.Page = calloc(doc.SizeLines, sizeof(lchar_t *)); if (!doc.Page) { if (log) log(ld, CF_LOGLEVEL_ERROR, @@ -873,10 +874,9 @@ cfFilterTextToPDF(int inputfd, // I - File descriptor input stream goto out; } - doc.Page[0] = calloc(sizeof(lchar_t), doc.SizeColumns * doc.SizeLines); + doc.Page[0] = calloc(doc.SizeColumns * doc.SizeLines, sizeof(lchar_t)); if (!doc.Page[0]) { - free(doc.Page); if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterTextToPDF: cannot allocate memory for page"); ret = 1; @@ -1433,7 +1433,8 @@ cfFilterTextToPDF(int inputfd, // I - File descriptor input stream if (doc.Page) { - free(doc.Page[0]); + if (doc.Page[0]) + free(doc.Page[0]); free(doc.Page); } @@ -1962,6 +1963,7 @@ write_prolog(const char *title, // I - Title of job if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterTextToPDF: Bad font description line: %s", valptr); + fclose(fp); return (1); } @@ -1975,6 +1977,7 @@ write_prolog(const char *title, // I - Title of job { if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterTextToPDF: Bad text direction %s", valptr); + fclose(fp); return (1); } @@ -1998,6 +2001,7 @@ write_prolog(const char *title, // I - Title of job if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterTextToPDF: Bad font description line: %s", valptr); + fclose(fp); return (1); } @@ -2011,6 +2015,7 @@ write_prolog(const char *title, // I - Title of job { if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterTextToPDF: Bad text width %s", valptr); + fclose(fp); return (1); } @@ -2089,6 +2094,7 @@ write_prolog(const char *title, // I - Title of job { if (log) log(ld, CF_LOGLEVEL_ERROR, "cfFilterTextToPDF: Bad charset type %s", lineptr); + fclose(fp); return (1); } // }}} } // }}} diff --git a/cupsfilters/texttotext.c b/cupsfilters/texttotext.c index feea20f1..022a277f 100644 --- a/cupsfilters/texttotext.c +++ b/cupsfilters/texttotext.c @@ -1098,8 +1098,12 @@ cfFilterTextToText(int inputfd, // I - File descriptor input stream close(fd); if (iconv_close (cd) != 0) - if (log) log(ld, CF_LOGLEVEL_DEBUG, - "cfFilterTextToText: Error closing iconv encoding conversion session"); + { + if (log) + log(ld, CF_LOGLEVEL_DEBUG, "cfFilterTextToText: Error closing iconv encoding conversion session"); + } + else + cd = (iconv_t) -1; // Error out on an illegal UTF-8 sequence in the input file if (result < 0) @@ -1142,6 +1146,9 @@ cfFilterTextToText(int inputfd, // I - File descriptor input stream free(page_ranges); free(out_page); + if (cd != (iconv_t) -1) + iconv_close(cd); + return (exit_status); } -- 2.39.1