Fix issues found by static analysis

One patch fixes memory leaks, the other fixes an issue where a function returns a pointer to its local array. Resolves: RHEL-39982 Resolves: RHEL-35668
2024-08-15 11:31:08 +02:00 · 2024-08-15 11:31:08 +02:00 · 9cb0bab097
commit 9cb0bab097
parent 4959d42c33
3 changed files with 52 additions and 1 deletions
--- a/local_array_ptr_return_StrStr.patch
+++ b/local_array_ptr_return_StrStr.patch
@ -0,0 +1,14 @@
+diff --git a/src/minicom.c b/src/minicom.c
+index c9ce75c..1721b92 100644
+--- a/src/minicom.c
+++ b/src/minicom.c
+@@ -390,7 +390,8 @@ wchar_t *StrStr(wchar_t *str1, wchar_t *str2, int case_matters)
+   size_t len1 = wcslen(str1) + 1;
+   size_t len2 = wcslen(str2) + 1;
+   wchar_t tmpstr1[len1], tmpstr2[len2];
+-  return wcsstr(upcase(tmpstr1, str1), upcase(tmpstr2, str2));
+  wchar_t *needle = wcsstr(upcase(tmpstr1, str1), upcase(tmpstr2, str2));
+  return needle ? str1 + (needle - tmpstr1) : NULL;
+ }
+ 
+ static void drawcite(WIN *w, int y, int citey, int start, int end)
--- a/memleaks_term_socket_connect_tcp.patch
+++ b/memleaks_term_socket_connect_tcp.patch
@ -0,0 +1,30 @@
+diff --git a/src/main.c b/src/main.c
+index f5f65e1..8767032 100644
+--- a/src/main.c
+++ b/src/main.c
+@@ -190,6 +190,7 @@ static void term_socket_connect_tcp(void)
+   char *s_port = strchr(s_addr, ':');
+   if (!s_port) {
+     fprintf(stderr, "No port given\n");
+    free(s);
+     return;
+   }
+   *s_port = 0;
+@@ -202,6 +203,7 @@ static void term_socket_connect_tcp(void)
+   int r = getaddrinfo(s_addr, s_port, &hints, &result);
+   if (r) {
+     fprintf(stderr, "Name resolution failed: %s\n", gai_strerror(r));
+    free(s);
+     return;
+   }
+ 
+@@ -221,8 +223,7 @@ static void term_socket_connect_tcp(void)
+     term_socket_close();
+   }
+ 
+-  if (rp)
+-    freeaddrinfo(result);
+  freeaddrinfo(result);
+ }
+ 
+ /*
--- a/minicom.spec
+++ b/minicom.spec
@ -1,7 +1,7 @@
 Summary: A text-based modem control and terminal emulation program
 Name: minicom
 Version: 2.9
-Release: 2%{?dist}
+Release: 3%{?dist}
 URL: https://salsa.debian.org/minicom-team/minicom
 # The file 'src/wildmat.c' is LicenseRef-Fedora-Public-Domain.
 # Some LGPL-2.0-or-later files (e.g., 'lib/getopt.c', 'lib/error.c')
@ -13,6 +13,8 @@ License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LicenseRef-Fedora-Public-Dom
 #ExcludeArch: s390 s390x

 Source0: https://salsa.debian.org/minicom-team/minicom/-/archive/%{version}/%{name}-%{version}.tar.gz
+Patch0: local_array_ptr_return_StrStr.patch
+Patch1: memleaks_term_socket_connect_tcp.patch

 BuildRequires: make
 BuildRequires: lockdev-devel ncurses-devel autoconf automake gettext-devel
@ -67,6 +69,11 @@ mkdir -p %{buildroot}%{_sysconfdir}


 %changelog
+* Thu Aug 15 2024 Pavol Žáčik <pzacik@redhat.com> - 2.9-3
+- Fix issues found by static analysis
+- Resolves: RHEL-39982
+- Resolves: RHEL-35668
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.9-2
 - Bump release for June 2024 mass rebuild