rpms/libeconf
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix static analyzer detected issues

Browse Source 
Resolves: RHEL-35252

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2024-06-18 11:56:55 +02:00
parent ed1500bcdb
commit 86641af14d
2 changed files with 109 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
0001-Fix-static-analyzer-detected-issues.patch Normal file
View File

@ -0,0 +1,103 @@
From 6f8c673a181762931d5997bc5e7bea9c69d0b7cb Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Wed, 15 May 2024 09:02:53 +0200
Subject: [PATCH] Fix static analyzer detected issues (#202)
Error: UNINIT (CWE-457):
libeconf-0.6.2/lib/helpers.c:217:3: var_decl: Declaring variable "copied_fe" without initializer.
libeconf-0.6.2/lib/helpers.c:233:3: uninit_use: Using uninitialized value "copied_fe". Field "copied_fe.quotes" is uninitialized.
231| copied_fe.comment_after_value = NULL;
232| copied_fe.line_number = fe.line_number;
233|-> return copied_fe;
234| }
Error: UNINIT (CWE-457):
libeconf-0.6.2/lib/readconfig.c:30:3: var_decl: Declaring variable "suffix" without initializer.
libeconf-0.6.2/lib/readconfig.c:201:5: uninit_use_in_call: Using uninitialized value "suffix" when calling "traverse_conf_dirs".
199| while (default_dirs[i]) {
200| char *project_path = combine_strings(default_dirs[i], config_name, '/');
201|-> error = traverse_conf_dirs(key_files, configure_dirs, size, project_path,
202| suffix, delim, comment, callback, callback_data);
203| free(project_path);
Error: UNINIT (CWE-457):
libeconf-0.6.2/lib/readconfig.c:30:3: var_decl: Declaring variable "suffix" without initializer.
libeconf-0.6.2/lib/readconfig.c:172:5: uninit_use_in_call: Using uninitialized value "suffix" when calling "strlen".
170| if (conf_count == 0)
171| {
172|-> char *suffix_d = malloc (strlen(suffix) + 4); /* + strlen(".d/") */
173| if (suffix_d == NULL) {
174| free(*key_files);
Error: RESOURCE_LEAK (CWE-772):
libeconf-0.6.2/lib/readconfig.c:162:3: alloc_fn: Storage is returned from allocation function "malloc".
libeconf-0.6.2/lib/readconfig.c:162:3: var_assign: Assigning: "configure_dirs" = storage returned from "malloc(8UL * (conf_count + 2))".
libeconf-0.6.2/lib/readconfig.c:176:7: leaked_storage: Variable "configure_dirs" going out of scope leaks the storage it points to.
174| free(*key_files);
175| *key_files = NULL;
176|-> return ECONF_NOMEM;
177| }
178| cp = stpcpy(suffix_d, suffix);
Error: CPPCHECK_WARNING (CWE-401):
libeconf-0.6.2/lib/readconfig.c:176: error[memleak]: Memory leak: configure_dirs
174| free(*key_files);
175| *key_files = NULL;
176|-> return ECONF_NOMEM;
177| }
178| cp = stpcpy(suffix_d, suffix);
```
Resolves: https://issues.redhat.com/browse/RHEL-35252
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
lib/helpers.c | 1 +
lib/readconfig.c | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/lib/helpers.c b/lib/helpers.c
index 3e1541a..8c82510 100644
--- a/lib/helpers.c
+++ b/lib/helpers.c
@@ -230,5 +230,6 @@ struct file_entry cpy_file_entry(struct file_entry fe) {
else
copied_fe.comment_after_value = NULL;
copied_fe.line_number = fe.line_number;
+ copied_fe.quotes = false;
return copied_fe;
}
diff --git a/lib/readconfig.c b/lib/readconfig.c
index 419e0f3..9948e6a 100644
--- a/lib/readconfig.c
+++ b/lib/readconfig.c
@@ -27,7 +27,8 @@ econf_err readConfigHistoryWithCallback(econf_file ***key_files,
bool (*callback)(const char *filename, const void *data),
const void *callback_data)
{
- const char *suffix, *default_dirs[4] = {NULL, NULL, NULL, NULL};
+ const char *suffix = "";
+ const char *default_dirs[4] = {NULL, NULL, NULL, NULL};
char *distfile, *runfile, *etcfile, *cp;
econf_file *key_file = NULL;
econf_err error;
@@ -52,8 +53,6 @@ econf_err readConfigHistoryWithCallback(econf_file ***key_files,
strcpy(cp+1, config_suffix);
suffix = cp;
}
- } else {
- suffix = "";
}
/* create file names for etc, run and distribution config */
@@ -173,6 +172,7 @@ econf_err readConfigHistoryWithCallback(econf_file ***key_files,
if (suffix_d == NULL) {
free(*key_files);
*key_files = NULL;
+ econf_freeArray(configure_dirs);
return ECONF_NOMEM;
}
cp = stpcpy(suffix_d, suffix);
--
2.45.2

7
libeconf.spec
View File

@ -5,7 +5,7 @@
Name: libeconf Name: libeconf
Version: 0.6.2 Version: 0.6.2
Release: 1%{?dist} Release: 2%{?dist}
Summary: Enhanced config file parser library Summary: Enhanced config file parser library
License: MIT License: MIT
@ -16,6 +16,8 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
# This should be a temporary workaround. I don't have enough time to check what's happening, but since we aren't shipping the html documentation it's fine to stop installing it # This should be a temporary workaround. I don't have enough time to check what's happening, but since we aren't shipping the html documentation it's fine to stop installing it
Patch0101: 0001-cmake-no-install-html.patch Patch0101: 0001-cmake-no-install-html.patch
# https://github.com/openSUSE/libeconf/commit/6f8c673a181762931d5997bc5e7bea9c69d0b7cb
Patch0001: 0001-Fix-static-analyzer-detected-issues.patch
BuildRequires: cmake >= 3.12 BuildRequires: cmake >= 3.12
BuildRequires: gcc BuildRequires: gcc
@ -80,6 +82,9 @@ configuration files from applications that use %{name}.
%{_mandir}/man8/econftool.8* %{_mandir}/man8/econftool.8*
%changelog %changelog
* Tue Jun 18 2024 Iker Pedrosa <ipedrosa@redhat.com> - 0.6.2-2
- Fix static analyzer detected issues. Resolves: RHEL-35252
* Wed Mar 6 2024 Iker Pedrosa <ipedrosa@redhat.com> - 0.6.2-1 * Wed Mar 6 2024 Iker Pedrosa <ipedrosa@redhat.com> - 0.6.2-1
- Rebase to 0.6.2 - Rebase to 0.6.2