From 6e98b3ce31e00f8d197bf57209f8ce2bab0d2ccc Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 22 Dec 2015 09:31:18 +1000
Subject: [PATCH] Fix a couple of coverity warnings

- Fix a potential race condition when checking uinput device's syspath
  (inactive in Fedora, we use the ioctl and never get here)
---
 ...y-may-be-used-uninitialized-warnings.patch | 41 ++++++++++++++++
 ...p-coverity-about-a-potential-close-1.patch | 38 ++++++++++++++
 ...ce-condition-in-uinput-syspath-check.patch | 49 +++++++++++++++++++
 libevdev.spec                                 | 14 +++++-
 4 files changed, 141 insertions(+), 1 deletion(-)
 create mode 100644 0001-tools-fix-coverty-may-be-used-uninitialized-warnings.patch
 create mode 100644 0002-tools-shut-up-coverity-about-a-potential-close-1.patch
 create mode 100644 0003-uinput-fix-race-condition-in-uinput-syspath-check.patch

diff --git a/0001-tools-fix-coverty-may-be-used-uninitialized-warnings.patch b/0001-tools-fix-coverty-may-be-used-uninitialized-warnings.patch
new file mode 100644
index 0000000..0d4d98a
--- /dev/null
+++ b/0001-tools-fix-coverty-may-be-used-uninitialized-warnings.patch
@@ -0,0 +1,41 @@
+From db455482a4a9f9a28ab1eee8798abe6e82c9c745 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 22 Dec 2015 08:48:41 +1000
+Subject: [PATCH libevdev 1/3] tools: fix coverty "may be used uninitialized"
+ warnings
+
+tools/libevdev-tweak-device.c:390: uninit_use_in_call: Using uninitialized
+value "changes" when calling "parse_options_abs".
+
+tools/libevdev-tweak-device.c:376: warning: 'led' may be used uninitialized in
+this function
+
+tools/libevdev-tweak-device.c:375: warning: 'axis' may be used uninitialized
+in this function
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ tools/libevdev-tweak-device.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tools/libevdev-tweak-device.c b/tools/libevdev-tweak-device.c
+index 6066db0..4be2d6f 100644
+--- a/tools/libevdev-tweak-device.c
++++ b/tools/libevdev-tweak-device.c
+@@ -372,10 +372,10 @@ main(int argc, char **argv)
+ 	enum mode mode;
+ 	const char *path;
+ 	struct input_absinfo absinfo;
+-	int axis;
+-	int led;
++	int axis = -1;
++	int led = -1;
+ 	int led_state = -1;
+-	unsigned int changes; /* bitmask of changes */
++	unsigned int changes = 0; /* bitmask of changes */
+ 	int xres, yres;
+ 
+ 	mode = parse_options_mode(argc, argv, &path);
+-- 
+2.5.0
+
diff --git a/0002-tools-shut-up-coverity-about-a-potential-close-1.patch b/0002-tools-shut-up-coverity-about-a-potential-close-1.patch
new file mode 100644
index 0000000..8c23e7c
--- /dev/null
+++ b/0002-tools-shut-up-coverity-about-a-potential-close-1.patch
@@ -0,0 +1,38 @@
+From 683e52fb7529e3ce077c6d495932d6d3c09fcc0f Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 22 Dec 2015 09:18:37 +1000
+Subject: [PATCH libevdev 2/3] tools: shut up coverity about a potential
+ close(-1)
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ tools/libevdev-tweak-device.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/tools/libevdev-tweak-device.c b/tools/libevdev-tweak-device.c
+index 4be2d6f..bdc16e6 100644
+--- a/tools/libevdev-tweak-device.c
++++ b/tools/libevdev-tweak-device.c
+@@ -376,7 +376,8 @@ main(int argc, char **argv)
+ 	int led = -1;
+ 	int led_state = -1;
+ 	unsigned int changes = 0; /* bitmask of changes */
+-	int xres, yres;
++	int xres = 0,
++	    yres =0;
+ 
+ 	mode = parse_options_mode(argc, argv, &path);
+ 	switch (mode) {
+@@ -434,7 +435,8 @@ main(int argc, char **argv)
+ 
+ out:
+ 	libevdev_free(dev);
+-	close(fd);
++	if (fd != -1)
++		close(fd);
+ 
+ 	return rc;
+ }
+-- 
+2.5.0
+
diff --git a/0003-uinput-fix-race-condition-in-uinput-syspath-check.patch b/0003-uinput-fix-race-condition-in-uinput-syspath-check.patch
new file mode 100644
index 0000000..6bb47fd
--- /dev/null
+++ b/0003-uinput-fix-race-condition-in-uinput-syspath-check.patch
@@ -0,0 +1,49 @@
+From 1c3a79543488399081a00f9405d5c64af62aa6c5 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 22 Dec 2015 09:02:46 +1000
+Subject: [PATCH libevdev 3/3] uinput: fix race condition in uinput syspath
+ check
+
+In theory, the device could change between stat() call and open(), resulting
+in us opening the new device. Change to open() first, then fstat() on the fd.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ libevdev/libevdev-uinput.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/libevdev/libevdev-uinput.c b/libevdev/libevdev-uinput.c
+index ba323ed..24e049f 100644
+--- a/libevdev/libevdev-uinput.c
++++ b/libevdev/libevdev-uinput.c
+@@ -225,19 +225,19 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
+ 			continue;
+ 		}
+ 
+-		if (stat(buf, &st) == -1)
+-			continue;
+-
+-		/* created before UI_DEV_CREATE, or after it finished */
+-		if (st.st_ctime < uinput_dev->ctime[0] ||
+-		    st.st_ctime > uinput_dev->ctime[1])
+-			continue;
+-
+ 		/* created within time frame */
+ 		fd = open(buf, O_RDONLY);
+ 		if (fd < 0)
+ 			continue;
+ 
++		/* created before UI_DEV_CREATE, or after it finished */
++		if (fstat(fd, &st) == -1 ||
++		    st.st_ctime < uinput_dev->ctime[0] ||
++		    st.st_ctime > uinput_dev->ctime[1]) {
++			close(fd);
++			continue;
++		}
++
+ 		len = read(fd, buf, sizeof(buf));
+ 		close(fd);
+ 		if (len <= 0)
+-- 
+2.5.0
+
diff --git a/libevdev.spec b/libevdev.spec
index cd7c4ae..ea98734 100644
--- a/libevdev.spec
+++ b/libevdev.spec
@@ -1,6 +1,6 @@
 Name:           libevdev
 Version:        1.4.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Kernel Evdev Device Wrapper Library
 
 Group:          System Environment/Libraries
@@ -8,6 +8,10 @@ License:        MIT
 URL:            http://www.freedesktop.org/wiki/Software/libevdev
 Source0:        http://www.freedesktop.org/software/%{name}/%{name}-%{version}.tar.xz
 
+Patch01: 0001-tools-fix-coverty-may-be-used-uninitialized-warnings.patch
+Patch02: 0002-tools-shut-up-coverity-about-a-potential-close-1.patch
+Patch03: 0003-uinput-fix-race-condition-in-uinput-syspath-check.patch
+
 BuildRequires:  automake libtool
 BuildRequires:  python
 
@@ -31,6 +35,9 @@ Utilities to handle and/or debug evdev devices.
 
 %prep
 %setup -q -n %{name}-%{version}
+%patch01 -p1
+%patch02 -p1
+%patch03 -p1
 
 %build
 autoreconf --force -v --install || exit 1
@@ -65,6 +72,11 @@ rm -f %{buildroot}%{_libdir}/*.la
 %{_bindir}/libevdev-tweak-device
 
 %changelog
+* Tue Dec 22 2015 Peter Hutterer <peter.hutterer@redhat.com> 1.4.5-2
+- Fix a couple of coverity warnings
+- Fix a potential race condition when checking uinput device's syspath
+  (inactive in Fedora, we use the ioctl and never get here)
+
 * Wed Nov 11 2015 Peter Hutterer <peter.hutterer@redhat.com> 1.4.5-1
 - libevdev 1.4.5