Fix coverity issues

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2019-06-03 10:22:23 +02:00 · 2019-06-03 10:22:23 +02:00 · 7c941dbcde
commit 7c941dbcde
parent eb61fb62dc
4 changed files with 213 additions and 1 deletions
--- a/0001-db-Avoid-dereference-of-null-pointer.patch
+++ b/0001-db-Avoid-dereference-of-null-pointer.patch
@ -0,0 +1,62 @@
 From cb509ad153a35053e1e003d73fd0ece53bd2c3d8 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
 Date: Tue, 21 May 2019 13:01:26 +0200
 Subject: [PATCH 1/3] db: Avoid dereference of null pointer
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 As any consumer of libosinfo API may pass NULL as the @matched argument
 of compare_tree(), the current code could be dereferencing a NULL
 pointer when calling `osinfo_tree_set_os()`.
 In order to avoid doing so, let's set the os to the OsinfoTree at the
 moment the @matched argument is set.
 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 Reviewed-by: Cole Robinson <crobinso@redhat.com>
 (cherry picked from commit 949ad5e05480470ba1a5913fbec538314807dfc2)
 ---
 osinfo/osinfo_db.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
 diff --git a/osinfo/osinfo_db.c b/osinfo/osinfo_db.c
 index b7da2b7..c4cd1e4 100644
 --- a/osinfo/osinfo_db.c
 +++ b/osinfo/osinfo_db.c
@@ -790,6 +790,7 @@ static gboolean compare_tree(OsinfoTree *tree,
         OsinfoTreeList *tree_list = osinfo_os_get_tree_list(os);
         GList *trees = osinfo_list_get_elements(OSINFO_LIST(tree_list));
         GList *tree_iter;
 +        gboolean found = FALSE;
         for (tree_iter = trees; tree_iter; tree_iter = tree_iter->next) {
             OsinfoTree *os_tree = OSINFO_TREE(tree_iter->data);
@@ -820,8 +821,11 @@ static gboolean compare_tree(OsinfoTree *tree,
                 match_regex(os_treeinfo_version, treeinfo_version) &&
                 match_regex(os_treeinfo_arch, treeinfo_arch)) {
                 *ret_os = os;
 -                if (matched != NULL)
 +                if (matched != NULL) {
                     *matched = os_tree;
 +                    osinfo_tree_set_os(*matched, *ret_os);
 +                    found = TRUE;
 +                }
                 break;
             }
         }
@@ -829,10 +833,8 @@ static gboolean compare_tree(OsinfoTree *tree,
         g_list_free(trees);
         g_object_unref(tree_list);
 -        if (*ret_os != NULL) {
 -            osinfo_tree_set_os(*matched, *ret_os);
 +        if (found)
             return TRUE;
 -        }
     }
     return FALSE;
 -- 
 2.21.0
--- a/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch
+++ b/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch
@ -0,0 +1,50 @@
 From d1baaf2946513be06f97ab66e7845e14073add3d Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
 Date: Tue, 21 May 2019 13:29:18 +0200
 Subject: [PATCH 2/3] tree: Avoid use of memory after it's freed
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 We've been passing data->location as the @url argument of
 osinfo_tree_create_from_location_async_helper(), freeing it and trying
 to g_strdup() it as the new content of data->location.
 In order to avoid doing so, let's set the data->location only once, in
 the first caller of osinfo_tree_create_from_location_async_helper(), as
 its content is always going to be the same doesn't matter the treeinfo
 format to be used with.
 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 Reviewed-by: Cole Robinson <crobinso@redhat.com>
 (cherry picked from commit d7bc838a96acf5f058e13d2b49157b4ba396cd87)
 ---
 osinfo/osinfo_tree.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
 diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c
 index 88a2d6e..ab498f0 100644
 --- a/osinfo/osinfo_tree.c
 +++ b/osinfo/osinfo_tree.c
@@ -702,9 +702,6 @@ osinfo_tree_create_from_location_async_helper(const gchar *url,
     g_clear_object(&data->file);
     data->file = g_file_new_for_uri(location);
 -    g_free(data->location);
 -    data->location = g_strdup(url);
 -
     g_free(data->treeinfo);
     data->treeinfo = g_strdup(treeinfo);
@@ -740,6 +737,8 @@ void osinfo_tree_create_from_location_async(const gchar *location,
                            user_data);
     g_task_set_priority(data->res, priority);
 +    data->location = g_strdup(location);
 +
     osinfo_tree_create_from_location_async_helper(location,
                                                   ".treeinfo",
                                                   cancellable,
 -- 
 2.21.0
--- a/0003-tree-Cleanup-_create_from_location_async_helper.patch
+++ b/0003-tree-Cleanup-_create_from_location_async_helper.patch
@ -0,0 +1,92 @@
 From 97d60a2e53439d6ad1a462267c3bdf0f09a6f7c8 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
 Date: Tue, 21 May 2019 13:33:27 +0200
 Subject: [PATCH 3/3] tree: Cleanup _create_from_location_async_helper()
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 There's no need to pass neither the URL nor the cancellable to this
 function as those can be taken directly from data.
 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 Reviewed-by: Cole Robinson <crobinso@redhat.com>
 (cherry picked from commit dfda02598034737610b69fdd08d62f62cbf5b0cb)
 ---
 osinfo/osinfo_tree.c | 27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)
 diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c
 index ab498f0..0f14276 100644
 --- a/osinfo/osinfo_tree.c
 +++ b/osinfo/osinfo_tree.c
@@ -631,10 +631,8 @@ static OsinfoTree *load_keyinfo(const gchar *location,
 }
 static void
 -osinfo_tree_create_from_location_async_helper(const gchar *url,
 -                                              const gchar *treeinfo,
 -                                              GCancellable *cancellable,
 -                                              CreateFromLocationAsyncData *data);
 +osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data,
 +                                              const gchar *treeinfo);
 static void on_location_read(GObject *source,
                              GAsyncResult *res,
@@ -657,10 +655,7 @@ static void on_location_read(GObject *source,
         /* It means no ".treeinfo" file has been found. Try again, this time
          * looking for a "treeinfo" file. */
         if (g_str_equal(data->treeinfo, ".treeinfo")) {
 -            osinfo_tree_create_from_location_async_helper(data->location,
 -                                                          "treeinfo",
 -                                                          g_task_get_cancellable(data->res),
 -                                                          data);
 +            osinfo_tree_create_from_location_async_helper(data, "treeinfo");
             return;
         }
@@ -687,17 +682,14 @@ static void on_location_read(GObject *source,
 }
 static void
 -osinfo_tree_create_from_location_async_helper(const gchar *url,
 -                                              const gchar *treeinfo,
 -                                              GCancellable *cancellable,
 -                                              CreateFromLocationAsyncData *data)
 +osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data,
 +                                              const gchar *treeinfo)
 {
     gchar *location;
 -    g_return_if_fail(url != NULL);
     g_return_if_fail(treeinfo != NULL);
 -    location = g_strdup_printf("%s/%s", url, treeinfo);
 +    location = g_strdup_printf("%s/%s", data->location, treeinfo);
     g_clear_object(&data->file);
     data->file = g_file_new_for_uri(location);
@@ -706,7 +698,7 @@ osinfo_tree_create_from_location_async_helper(const gchar *url,
     data->treeinfo = g_strdup(treeinfo);
     g_file_load_contents_async(data->file,
 -                               cancellable,
 +                               g_task_get_cancellable(data->res),
                                on_location_read,
                                data);
     g_free(location);
@@ -739,10 +731,7 @@ void osinfo_tree_create_from_location_async(const gchar *location,
     data->location = g_strdup(location);
 -    osinfo_tree_create_from_location_async_helper(location,
 -                                                  ".treeinfo",
 -                                                  cancellable,
 -                                                  data);
 +    osinfo_tree_create_from_location_async_helper(data, ".treeinfo");
 }
 -- 
 2.21.0
--- a/libosinfo.spec
+++ b/libosinfo.spec
@ -3,11 +3,16 @@
 Summary: A library for managing OS information for virtualization
 Name: libosinfo
 Version: 1.5.0
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
 License: LGPLv2+
 Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.gz
 URL: https://libosinfo.org/
 ### Patches ###
 Patch0001: 0001-db-Avoid-dereference-of-null-pointer.patch
 Patch0002: 0002-tree-Avoid-use-of-memory-after-it-s-freed.patch
 Patch0003: 0003-tree-Cleanup-_create_from_location_async_helper.patch
 BuildRequires: gettext-devel
 BuildRequires: glib2-devel
 BuildRequires: libxml2-devel >= 2.6.0
@ -97,6 +102,9 @@ fi
 %{_datadir}/vala/vapi/libosinfo-1.0.vapi
 %changelog
 * Mon Jun 03 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-2
 - Fix coverity issues
 * Thu May 09 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-1
 - Update to 1.5.0 release