Fix SAST issues (RHEL-39394)
Resolves: RHEL-39394
This commit is contained in:
Michal Sekletar
Michal Sekletár
parent
7a8c5dd9bf
commit
87e7a0a933
46
0001-Avoid-writing-uninitialized-header-data.patch
Normal file
46
0001-Avoid-writing-uninitialized-header-data.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From de286d090353e92b479c49590aa9c9e99b3defa1 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 28 Aug 2024 09:47:39 +0200
|
||||
Subject: [PATCH] Avoid writing uninitialized header data
|
||||
|
||||
---
|
||||
database-builder.cpp | 15 ++++++++-------
|
||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/database-builder.cpp b/database-builder.cpp
|
||||
index f9dfb71..0655681 100644
|
||||
--- a/database-builder.cpp
|
||||
+++ b/database-builder.cpp
|
||||
@@ -531,7 +531,15 @@ DatabaseBuilder::DatabaseBuilder(const char *outfile, gid_t owner, int block_siz
|
||||
hdr.max_version = 2;
|
||||
hdr.filename_index_offset_bytes = -1;
|
||||
hdr.zstd_dictionary_length_bytes = -1;
|
||||
+ hdr.zstd_dictionary_offset_bytes = -1; // Dictionary offset is not known yet.
|
||||
hdr.check_visibility = check_visibility;
|
||||
+ hdr.directory_data_length_bytes = 0;
|
||||
+ hdr.directory_data_offset_bytes = 0;
|
||||
+ hdr.next_zstd_dictionary_length_bytes = 0;
|
||||
+ hdr.next_zstd_dictionary_offset_bytes = 0;
|
||||
+ hdr.conf_block_length_bytes = 0;
|
||||
+ hdr.conf_block_offset_bytes = 0;
|
||||
+
|
||||
fwrite(&hdr, sizeof(hdr), 1, outfp);
|
||||
|
||||
if (dictionary.empty()) {
|
||||
@@ -543,13 +551,6 @@ DatabaseBuilder::DatabaseBuilder(const char *outfile, gid_t owner, int block_siz
|
||||
hdr.zstd_dictionary_length_bytes = dictionary.size();
|
||||
cdict = ZSTD_createCDict(dictionary.data(), dictionary.size(), /*level=*/6);
|
||||
}
|
||||
-
|
||||
- hdr.directory_data_length_bytes = 0;
|
||||
- hdr.directory_data_offset_bytes = 0;
|
||||
- hdr.next_zstd_dictionary_length_bytes = 0;
|
||||
- hdr.next_zstd_dictionary_offset_bytes = 0;
|
||||
- hdr.conf_block_length_bytes = 0;
|
||||
- hdr.conf_block_offset_bytes = 0;
|
||||
}
|
||||
|
||||
DatabaseReceiver *DatabaseBuilder::start_corpus(bool store_dir_times)
|
||||
--
|
||||
2.45.2
|
||||
|
||||
56
0002-Don-t-leak-file-descriptor.patch
Normal file
56
0002-Don-t-leak-file-descriptor.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From 80d6f4a60cddfbf9235c6f5132ee6fde99cf5c81 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 28 Aug 2024 15:36:24 +0200
|
||||
Subject: [PATCH] Don't leak file descriptor
|
||||
|
||||
---
|
||||
plocate.cpp | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/plocate.cpp b/plocate.cpp
|
||||
index 519024e..234b703 100644
|
||||
--- a/plocate.cpp
|
||||
+++ b/plocate.cpp
|
||||
@@ -489,6 +489,7 @@ uint64_t do_search_file(const vector<Needle> &needles, const std::string &filena
|
||||
start = steady_clock::now();
|
||||
if (access("/", R_OK | X_OK)) {
|
||||
// We can't find anything, no need to bother...
|
||||
+ close(fd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -534,6 +535,7 @@ uint64_t do_search_file(const vector<Needle> &needles, const std::string &filena
|
||||
uint64_t matched = scan_all_docids(needles, fd, corpus);
|
||||
dprintf("Done in %.1f ms, found %" PRId64 " matches.\n",
|
||||
1e3 * duration<float>(steady_clock::now() - start).count(), matched);
|
||||
+ close(fd);
|
||||
return matched;
|
||||
}
|
||||
|
||||
@@ -592,6 +594,7 @@ uint64_t do_search_file(const vector<Needle> &needles, const std::string &filena
|
||||
dprintf("Hashtable lookups done after %.1f ms.\n", 1e3 * duration<float>(steady_clock::now() - start).count());
|
||||
|
||||
if (should_early_exit) {
|
||||
+ close(fd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -677,6 +680,7 @@ uint64_t do_search_file(const vector<Needle> &needles, const std::string &filena
|
||||
}
|
||||
engine.finish();
|
||||
if (done) {
|
||||
+ close(fd);
|
||||
return 0;
|
||||
}
|
||||
dprintf("Intersection done after %.1f ms. Doing final verification and printing:\n",
|
||||
@@ -685,6 +689,7 @@ uint64_t do_search_file(const vector<Needle> &needles, const std::string &filena
|
||||
uint64_t matched = scan_docids(needles, cur_candidates, corpus, &engine);
|
||||
dprintf("Done in %.1f ms, found %" PRId64 " matches.\n",
|
||||
1e3 * duration<float>(steady_clock::now() - start).count(), matched);
|
||||
+ close(fd);
|
||||
return matched;
|
||||
}
|
||||
|
||||
--
|
||||
2.45.2
|
||||
|
||||
@ -0,0 +1,24 @@
|
||||
From 889638fceaca2b668ea3056c47947b96413b2670 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 28 Aug 2024 16:01:26 +0200
|
||||
Subject: [PATCH] Reset string explicitely to prevent undefined behavior
|
||||
|
||||
---
|
||||
plocate.cpp | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/plocate.cpp b/plocate.cpp
|
||||
index 234b703..36f087e 100644
|
||||
--- a/plocate.cpp
|
||||
+++ b/plocate.cpp
|
||||
@@ -799,6 +799,7 @@ void parse_dbpaths(const char *ptr, vector<string> *output)
|
||||
if (*ptr == ':') {
|
||||
// Separator.
|
||||
output->push_back(move(str));
|
||||
+ str.clear();
|
||||
++ptr;
|
||||
continue;
|
||||
}
|
||||
--
|
||||
2.45.2
|
||||
|
||||
@ -13,6 +13,10 @@ URL: https://plocate.sesse.net/
|
||||
Source0: https://plocate.sesse.net/download/plocate-%{version}.tar.gz
|
||||
Source1: plocate.sysusers
|
||||
|
||||
Patch1: 0001-Avoid-writing-uninitialized-header-data.patch
|
||||
Patch2: 0002-Don-t-leak-file-descriptor.patch
|
||||
Patch3: 0003-Reset-string-explicitely-to-prevent-undefined-behavi.patch
|
||||
|
||||
BuildRequires: meson
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: systemd-rpm-macros
|
||||
|
||||
Loading…
Reference in New Issue
Block a user