Rebase to 1.5.2 and backport further SAST patches

Rebasing to the latest version fixes most SAST issue, but doesn't
includes the latest 8 fixes which have to be bacported on top of it.

Resolves: RHEL-40112

.gitignore

@@ -3,3 +3,4 @@
 /trace-cmd-libtracecmd-1.2.0.tar.gz
 /trace-cmd-libtracecmd-1.3.1.tar.gz
 /trace-cmd-libtracecmd-1.5.1.tar.gz
+/trace-cmd-libtracecmd-1.5.2.tar.gz

libtracecmd.spec

@@ -1,11 +1,19 @@
 Name: libtracecmd
-Version: 1.5.1
+Version: 1.5.2
-Release: 5%{?dist}
+Release: 1%{?dist}
 License: LGPL-2.1-only AND LGPL-2.1-or-later AND GPL-2.0-only AND GPL-2.0-or-later
 Summary: A library for reading tracing instances stored in a trace file
 
 URL: https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/
 Source0: https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/snapshot/trace-cmd-libtracecmd-%{version}.tar.gz
+Patch0: trace-cmd-lib-Prevent-a-memory-leak-in-handle_option.patch
+Patch1: trace-cmd-record-Prevent-a-memory-leak-in-show_error.patch
+Patch2: trace-cmd-lib-Check-the-return-value-of-do_lseek-in-.patch
+Patch3: trace-cmd-dump-Prevent-buffer-overrun-in-dump_clock.patch
+Patch4: trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch
+Patch5: trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch
+Patch6: trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch
+Patch7: trace-cmd-record-Check-the-length-of-the-protocol-ve.patch
 
 ExcludeArch: %{ix86} %{arm}
 
@@ -36,7 +44,7 @@ Requires: libtracecmd%{_isa} = %{version}-%{release}
 Development files of the libtracecmd library
 
 %prep
-%autosetup -n trace-cmd-libtracecmd-%{version}
+%autosetup -p1 -n trace-cmd-libtracecmd-%{version}
 
 %build
 # MANPAGE_DOCBOOK_XSL define is hack to avoid using locate
@@ -57,7 +65,7 @@ chrpath --delete %{buildroot}/%{_libdir}/libtracecmd.so*
 %license COPYING COPYING.LIB
 %doc README
 %{_libdir}/libtracecmd.so.1
-%{_libdir}/libtracecmd.so.1.5.1
+%{_libdir}/libtracecmd.so.%{version}
 %{_docdir}/libtracecmd-doc
 %{_mandir}/man3/libtracecmd*
 %{_mandir}/man3/tracecmd*
@@ -68,6 +76,9 @@ chrpath --delete %{buildroot}/%{_libdir}/libtracecmd.so*
 %{_includedir}/trace-cmd
 
 %changelog
+* Thu Nov 28 2024 Jerome Marchand <jmarchan@redhat.com> - 1.5.2-1
+- Rebase to 1.5.2 and backport further SAST patches (RHEL-40112)
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.5.1-5
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018

sources

@@ -1 +1 @@
-SHA512 (trace-cmd-libtracecmd-1.5.1.tar.gz) = 0fa0b6a912164284e6db3c95d99c46e0f6726021fa7f76e531871d6424c0a5d8f316244f75a5c85b06b1cd5aa7349dcb286185fa3a0b36a08c8b7eac38ad8192
+SHA512 (trace-cmd-libtracecmd-1.5.2.tar.gz) = aaaa65fde06d71bf0e2199bf32a767f900b68c1bf5adc726adad5b76123daf0c9118ef10a5d276fcc375b63614a11428998c837a8c7e01c78c0411087a095f2f

trace-cmd-dump-Prevent-buffer-overrun-in-dump_clock.patch

@@ -0,0 +1,34 @@
+From 7a0d3baf2ab09f7a729e4de592b784e307caa70f Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:13 +0100
+Subject: [PATCH 4/8] trace-cmd dump: Prevent buffer overrun in dump_clock()
+
+The clock isn't big enough to hold the string with the null
+terminating character. Worse, clock[size], which is out of range, is
+set to 0. Allocate a big enough buffer.
+
+Fixes an OVERRUN error (CWE-119)
+
+Link: https://lore.kernel.org/20241029080117.625177-5-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ tracecmd/trace-dump.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tracecmd/trace-dump.c b/tracecmd/trace-dump.c
+index 11c1baf1..0a21356e 100644
+--- a/tracecmd/trace-dump.c
++++ b/tracecmd/trace-dump.c
+@@ -961,7 +961,7 @@ static void dump_clock(int fd)
+ 	}
+ 	if (read_file_number(fd, &size, 8))
+ 		die("cannot read clock size");
+-	clock = calloc(1, size);
++	clock = calloc(1, size + 1);
+ 	if (!clock)
+ 		die("cannot allocate clock %lld bytes", size);
+ 
+-- 
+2.47.0
+

trace-cmd-lib-Check-the-return-value-of-do_lseek-in-.patch

@@ -0,0 +1,36 @@
+From ea419e8e8f5e56c166b14aef26be814daebe2832 Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:12 +0100
+Subject: [PATCH 3/8] trace-cmd lib: Check the return value of do_lseek() in
+ trace_get_options()
+
+Check that do_lseek doesn't fail before calling malloc() with a -1
+argument.
+
+This is flagged as an overrun error (CWE-119) by static anaysis
+because of the call to read() later, but I don't imagine that malloc
+would succeed.
+
+Link: https://lore.kernel.org/20241029080117.625177-4-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ lib/trace-cmd/trace-output.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/trace-cmd/trace-output.c b/lib/trace-cmd/trace-output.c
+index 66e11ddc..8bc9325c 100644
+--- a/lib/trace-cmd/trace-output.c
++++ b/lib/trace-cmd/trace-output.c
+@@ -2070,6 +2070,8 @@ __hidden void *trace_get_options(struct tracecmd_output *handle, size_t *len)
+ 	}
+ 
+ 	offset = do_lseek(&out_handle, 0, SEEK_CUR);
++	if (offset == (off_t)-1)
++		goto out;
+ 	buf = malloc(offset);
+ 	if (!buf)
+ 		goto out;
+-- 
+2.47.0
+

trace-cmd-lib-Prevent-a-memory-leak-in-handle_option.patch

@@ -0,0 +1,57 @@
+From 3be4066b9a9c6a76a824fc7a7a6a983fd23088a7 Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:10 +0100
+Subject: [PATCH 1/8] trace-cmd lib: Prevent a memory leak in handle_options()
+
+Buf isn't always fred in the error path. Instead of freing buf at the
+end of the loop, free it in the exit path and before reallocating it.
+
+Fixes a RESOURCE_LEAK error (CWE-772)
+
+Link: https://lore.kernel.org/20241029080117.625177-2-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ lib/trace-cmd/trace-input.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/lib/trace-cmd/trace-input.c b/lib/trace-cmd/trace-input.c
+index 8b6e3d0c..ad662fc6 100644
+--- a/lib/trace-cmd/trace-input.c
++++ b/lib/trace-cmd/trace-input.c
+@@ -4006,7 +4006,7 @@ static int handle_options(struct tracecmd_input *handle)
+ 	char *cpustats = NULL;
+ 	struct hook_list *hook;
+ 	bool compress = false;
+-	char *buf;
++	char *buf = NULL;
+ 	int cpus;
+ 	int ret;
+ 
+@@ -4036,6 +4036,7 @@ static int handle_options(struct tracecmd_input *handle)
+ 		ret = read4(handle, &size);
+ 		if (ret)
+ 			goto out;
++		free(buf);
+ 		buf = malloc(size);
+ 		if (!buf) {
+ 			ret = -ENOMEM;
+@@ -4189,14 +4190,12 @@ static int handle_options(struct tracecmd_input *handle)
+ 			tracecmd_warning("unknown option %d", option);
+ 			break;
+ 		}
+-
+-		free(buf);
+-
+ 	}
+ 
+ 	ret = 0;
+ 
+ out:
++	free(buf);
+ 	if (compress)
+ 		in_uncompress_reset(handle);
+ 	return ret;
+-- 
+2.47.0
+

trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch

@@ -0,0 +1,33 @@
+From cbe42ab193ac866e9a6644b8509ab341a8aa474d Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:15 +0100
+Subject: [PATCH 6/8] trace-cmd lib: Prevent memory leak in
+ tracecmd_create_event_hook()
+
+Free hook and hook->str in the error path.
+
+Fixes a RESOURCE_LEAK error (CWE-772)
+
+Link: https://lore.kernel.org/20241029080117.625177-7-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ lib/trace-cmd/trace-hooks.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/trace-cmd/trace-hooks.c b/lib/trace-cmd/trace-hooks.c
+index a58b5356..aa12f6e9 100644
+--- a/lib/trace-cmd/trace-hooks.c
++++ b/lib/trace-cmd/trace-hooks.c
+@@ -151,6 +151,8 @@ struct hook_list *tracecmd_create_event_hook(const char *arg)
+ 
+ invalid_tok:
+ 	tracecmd_warning("Invalid hook format '%s'", arg);
++	free(hook->str);
++	free(hook);
+ 	return NULL;
+ }
+ 
+-- 
+2.47.0
+

trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch

@@ -0,0 +1,36 @@
+From b0e1a9c5c099282d30fee8f6aa89bd12ce5e8a73 Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:16 +0100
+Subject: [PATCH 7/8] trace-cmd mem: Prevent a memory leak in trace_mem()
+
+Close the tracecmd handle in the error path.
+
+Fixes a RESOURCE_LEAK error (CWE-772)
+
+Link: https://lore.kernel.org/20241029080117.625177-8-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ tracecmd/trace-mem.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/tracecmd/trace-mem.c b/tracecmd/trace-mem.c
+index 3e1ac9f3..b8babbbc 100644
+--- a/tracecmd/trace-mem.c
++++ b/tracecmd/trace-mem.c
+@@ -554,10 +554,8 @@ void trace_mem(int argc, char **argv)
+ 		die("can't open %s\n", input_file);
+ 
+ 	ret = tracecmd_read_headers(handle, 0);
+-	if (ret)
+-		return;
+-
+-	do_trace_mem(handle);
++	if (!ret)
++		do_trace_mem(handle);
+ 
+ 	tracecmd_close(handle);
+ }
+-- 
+2.47.0
+

trace-cmd-record-Check-the-length-of-the-protocol-ve.patch

@@ -0,0 +1,39 @@
+From 75d8bba90d8b4cbe1a80381f1dfbd80cbb0fbd60 Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:17 +0100
+Subject: [PATCH 8/8] trace-cmd record: Check the length of the protocol
+ version received
+
+In check_protocol_version we compare the protocol version string with
+the expected one ("V3") with memcmp(). The received string could be
+longer than the constant string used for the comparison. That could
+lead to out of range access.
+
+Use the known length of the fixed "V3" string for the comparison and
+check that the received protocol version is not too short.
+
+Fixes a OVERRUN error (CWE-119)
+
+Link: https://lore.kernel.org/20241029080117.625177-9-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ tracecmd/trace-record.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
+index d78c13c2..febf8578 100644
+--- a/tracecmd/trace-record.c
++++ b/tracecmd/trace-record.c
+@@ -3811,7 +3811,7 @@ static void check_protocol_version(struct tracecmd_msg_handle *msg_handle)
+ 		msg_handle->version = V1_PROTOCOL;
+ 		tracecmd_plog("Use the v1 protocol\n");
+ 	} else {
+-		if (memcmp(buf, "V3", n) != 0)
++		if (n < 3 || memcmp(buf, "V3", 3) != 0)
+ 			die("Cannot handle the protocol %s", buf);
+ 		/* OK, let's use v3 protocol */
+ 		write(fd, V3_MAGIC, sizeof(V3_MAGIC));
+-- 
+2.47.0
+

trace-cmd-record-Prevent-a-memory-leak-in-show_error.patch

@@ -0,0 +1,38 @@
+From 8e7de34bca5fdfcd8276116db4dd02308de0e194 Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:11 +0100
+Subject: [PATCH 2/8] trace-cmd record: Prevent a memory leak in show_error()
+
+In show_error() the pointer p is used for several functions. At first,
+it contain a substring of path.
+
+Then it is replaced by either an allocated string containing the path
+to the error log file or the result of read_path(), neither of which
+are freed when exiting.
+
+Free p in both case in the exit path.
+
+Fixes a RESOURCE_LEAK error (CWE-772)
+
+Link: https://lore.kernel.org/20241029080117.625177-3-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ tracecmd/trace-record.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
+index 0063d528..bdfa57b0 100644
+--- a/tracecmd/trace-record.c
++++ b/tracecmd/trace-record.c
+@@ -2374,6 +2374,7 @@ static void show_error(const char *file, const char *type)
+ 
+  out:
+ 	printf("Failed %s of %s\n", type, file);
++	free(p);
+ 	free(path);
+ 	return;
+ }
+-- 
+2.47.0
+

trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch

@@ -0,0 +1,41 @@
+From e48db64dcb0dfddb6b8f6cd8624e1e2ff2c1302c Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Tue, 29 Oct 2024 09:01:14 +0100
+Subject: [PATCH 5/8] trace-cmd record: Prevent memory leak in setup_network()
+
+Because of the again label, msg_handle can be already allocated if we
+exit after we got a negative socket file descriptor. Free it there.
+Also unassign msg_handle->fd as to not double close sfd.
+
+Fixes a RESOURCE_LEAK error (CWE-772)
+
+Link: https://lore.kernel.org/20241029080117.625177-6-jmarchan@redhat.com
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+---
+ tracecmd/trace-record.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
+index bdfa57b0..d78c13c2 100644
+--- a/tracecmd/trace-record.c
++++ b/tracecmd/trace-record.c
+@@ -3904,6 +3904,7 @@ static struct tracecmd_msg_handle *setup_network(struct buffer_instance *instanc
+ 
+ 	if (sfd < 0) {
+ 		free(thost);
++		tracecmd_msg_handle_close(msg_handle);
+ 		return NULL;
+ 	}
+ 
+@@ -3934,6 +3935,7 @@ static struct tracecmd_msg_handle *setup_network(struct buffer_instance *instanc
+ 		if (msg_handle->version == V1_PROTOCOL) {
+ 			/* reconnect to the server for using the v1 protocol */
+ 			close(sfd);
++			msg_handle->fd = -1;
+ 			free(host);
+ 			host = NULL;
+ 			goto again;
+-- 
+2.47.0
+