Fix issues uncovered by static analysis
Resolves: RHEL-45021
This commit is contained in:
Charalampos Stratakis
parent
65ab1b123f
commit
c0743142b2
216
00323-static-analysis-fixes.patch
Normal file
216
00323-static-analysis-fixes.patch
Normal file
@ -0,0 +1,216 @@
|
||||
From 833c91e1cb9219937c15b6c913e540e7aae07168 Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Wed, 12 Jun 2024 15:57:45 +0200
|
||||
Subject: [PATCH 1/5] gh-120155: Add assertion to sre.c match_getindex()
|
||||
(GH-120402) (#120410)
|
||||
|
||||
gh-120155: Add assertion to sre.c match_getindex() (GH-120402)
|
||||
|
||||
Add an assertion to help static analyzers to detect that i*2 cannot
|
||||
overflow.
|
||||
(cherry picked from commit 42b25dd61ff3593795c4cc2ffe876ab766098b24)
|
||||
|
||||
Co-authored-by: Victor Stinner <vstinner@python.org>
|
||||
---
|
||||
Modules/_sre/sre.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/Modules/_sre/sre.c b/Modules/_sre/sre.c
|
||||
index 0547390..59a5b11 100644
|
||||
--- a/Modules/_sre/sre.c
|
||||
+++ b/Modules/_sre/sre.c
|
||||
@@ -2166,6 +2166,8 @@ match_getindex(MatchObject* self, PyObject* index)
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ // Check that i*2 cannot overflow to make static analyzers happy
|
||||
+ assert(i <= SRE_MAXGROUPS);
|
||||
return i;
|
||||
}
|
||||
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From eedc88971887bea9f37eab8bb8a1af6f650f88d8 Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Fri, 7 Jun 2024 18:26:03 +0200
|
||||
Subject: [PATCH 2/5] gh-120155: Fix copy/paste error in
|
||||
HAVE_SUBOFFSETS_IN_LAST_DIM() (GH-120228) (#120240)
|
||||
|
||||
gh-120155: Fix copy/paste error in HAVE_SUBOFFSETS_IN_LAST_DIM() (GH-120228)
|
||||
|
||||
Don't hardcode 'dest' in HAVE_SUBOFFSETS_IN_LAST_DIM() macro of
|
||||
memoryobject.c, but use its 'view' parameter instead.
|
||||
|
||||
Fix the Coverity issue:
|
||||
|
||||
Error: COPY_PASTE_ERROR (CWE-398):
|
||||
Python-3.12.2/Objects/memoryobject.c:273:14: original: ""dest->suboffsets + (dest->ndim - 1)"" looks like the original copy.
|
||||
Python-3.12.2/Objects/memoryobject.c:274:14: copy_paste_error: ""dest"" in ""src->suboffsets + (dest->ndim - 1)"" looks like a copy-paste error.
|
||||
Python-3.12.2/Objects/memoryobject.c:274:14: remediation: Should it say ""src"" instead?
|
||||
GH- 272| assert(dest->ndim > 0 && src->ndim > 0);
|
||||
GH- 273| return (!HAVE_SUBOFFSETS_IN_LAST_DIM(dest) &&
|
||||
GH- 274|-> !HAVE_SUBOFFSETS_IN_LAST_DIM(src) &&
|
||||
GH- 275| dest->strides[dest->ndim-1] == dest->itemsize &&
|
||||
GH- 276| src->strides[src->ndim-1] == src->itemsize);
|
||||
(cherry picked from commit 90b75405260467814c93738a3325645918d4ea51)
|
||||
|
||||
Co-authored-by: Victor Stinner <vstinner@python.org>
|
||||
---
|
||||
Objects/memoryobject.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Objects/memoryobject.c b/Objects/memoryobject.c
|
||||
index b016804..3c88859 100644
|
||||
--- a/Objects/memoryobject.c
|
||||
+++ b/Objects/memoryobject.c
|
||||
@@ -264,7 +264,7 @@ PyTypeObject _PyManagedBuffer_Type = {
|
||||
/* Assumptions: ndim >= 1. The macro tests for a corner case that should
|
||||
perhaps be explicitly forbidden in the PEP. */
|
||||
#define HAVE_SUBOFFSETS_IN_LAST_DIM(view) \
|
||||
- (view->suboffsets && view->suboffsets[dest->ndim-1] >= 0)
|
||||
+ (view->suboffsets && view->suboffsets[view->ndim-1] >= 0)
|
||||
|
||||
static inline int
|
||||
last_dim_is_contiguous(const Py_buffer *dest, const Py_buffer *src)
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From d8eaaecbc2823a5d093248467a13111c1f821889 Mon Sep 17 00:00:00 2001
|
||||
From: Victor Stinner <vstinner@python.org>
|
||||
Date: Fri, 7 Jun 2024 17:17:06 +0200
|
||||
Subject: [PATCH 3/5] gh-120155: Fix optimize_and_assemble_code_unit() error
|
||||
handling (#120231)
|
||||
|
||||
gh-120155: Fix optimize_and_assemble_code_unit() error handling
|
||||
|
||||
Don't use 'g' before it's being initialized: don't use the 'error'
|
||||
label if consts_dict_keys_inorder() failed.
|
||||
|
||||
Fix the Coverity issue:
|
||||
|
||||
Error: UNINIT (CWE-457):
|
||||
Python-3.12.2/Python/compile.c:7670:5: skipped_decl: Jumping over declaration of ""g"".
|
||||
Python-3.12.2/Python/compile.c:7714:5: uninit_use_in_call: Using uninitialized value ""g.g_block_list"" when calling ""_PyCfgBuilder_Fini"".
|
||||
Python-3.12.2/Python/compile.c:7714:5: uninit_use_in_call: Using uninitialized value ""g.g_entryblock"" when calling ""_PyCfgBuilder_Fini"".
|
||||
7712| Py_XDECREF(consts);
|
||||
7713| instr_sequence_fini(&optimized_instrs);
|
||||
7714|-> _PyCfgBuilder_Fini(&g);
|
||||
7715| return co;
|
||||
7716| }
|
||||
---
|
||||
Python/compile.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Python/compile.c b/Python/compile.c
|
||||
index 40335f6..0cd8d60 100644
|
||||
--- a/Python/compile.c
|
||||
+++ b/Python/compile.c
|
||||
@@ -7682,7 +7682,7 @@ optimize_and_assemble_code_unit(struct compiler_unit *u, PyObject *const_cache,
|
||||
PyCodeObject *co = NULL;
|
||||
PyObject *consts = consts_dict_keys_inorder(u->u_metadata.u_consts);
|
||||
if (consts == NULL) {
|
||||
- goto error;
|
||||
+ return NULL;
|
||||
}
|
||||
cfg_builder g;
|
||||
if (instr_sequence_to_cfg(&u->u_instr_sequence, &g) < 0) {
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From 85f555bd5d59cf5a29c8f7ef410b0f78a0b839cc Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Mon, 10 Jun 2024 12:12:25 +0200
|
||||
Subject: [PATCH 4/5] gh-120155: Fix Coverity issue in zoneinfo load_data()
|
||||
(GH-120232) (#120311)
|
||||
|
||||
gh-120155: Fix Coverity issue in zoneinfo load_data() (GH-120232)
|
||||
|
||||
Declare the 'rv' varaible at the top of the load_data() function to
|
||||
make sure that it's initialized before the first 'goto error' which
|
||||
uses 'rv' (return rv).
|
||||
|
||||
Fix the Coverity issue:
|
||||
|
||||
Error: UNINIT (CWE-457):
|
||||
Python-3.12.2/Modules/_zoneinfo.c:1233:5: skipped_decl: Jumping over declaration of ""rv"".
|
||||
Python-3.12.2/Modules/_zoneinfo.c:1284:5: uninit_use: Using uninitialized value ""rv"".
|
||||
1282| }
|
||||
1283|
|
||||
1284|-> return rv;
|
||||
1285| }
|
||||
1286|
|
||||
(cherry picked from commit b90bd3e5bbc136f53b24ee791824acd6b17e0d42)
|
||||
|
||||
Co-authored-by: Victor Stinner <vstinner@python.org>
|
||||
---
|
||||
Modules/_zoneinfo.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Modules/_zoneinfo.c b/Modules/_zoneinfo.c
|
||||
index 8fc8616..47e4012 100644
|
||||
--- a/Modules/_zoneinfo.c
|
||||
+++ b/Modules/_zoneinfo.c
|
||||
@@ -954,6 +954,7 @@ end:
|
||||
static int
|
||||
load_data(zoneinfo_state *state, PyZoneInfo_ZoneInfo *self, PyObject *file_obj)
|
||||
{
|
||||
+ int rv = 0;
|
||||
PyObject *data_tuple = NULL;
|
||||
|
||||
long *utcoff = NULL;
|
||||
@@ -1230,7 +1231,6 @@ load_data(zoneinfo_state *state, PyZoneInfo_ZoneInfo *self, PyObject *file_obj)
|
||||
}
|
||||
}
|
||||
|
||||
- int rv = 0;
|
||||
goto cleanup;
|
||||
error:
|
||||
// These resources only need to be freed if we have failed, if we succeed
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From 94346cac4ee78d624b0dbe9d67f5dc2a03fa2a4f Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Tue, 25 Jun 2024 19:40:08 +0200
|
||||
Subject: [PATCH 5/5] gh-120155: Fix Coverity issue in parse_string()
|
||||
(GH-120997) (#121006)
|
||||
|
||||
gh-120155: Fix Coverity issue in parse_string() (GH-120997)
|
||||
(cherry picked from commit 769aea332940f03c3e5b1ad9badd6635c1ac992a)
|
||||
|
||||
Co-authored-by: Victor Stinner <vstinner@python.org>
|
||||
---
|
||||
Parser/string_parser.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/Parser/string_parser.c b/Parser/string_parser.c
|
||||
index 65c320c..164f715 100644
|
||||
--- a/Parser/string_parser.c
|
||||
+++ b/Parser/string_parser.c
|
||||
@@ -226,9 +226,14 @@ _PyPegen_parse_string(Parser *p, Token *t)
|
||||
PyErr_BadInternalCall();
|
||||
return NULL;
|
||||
}
|
||||
+
|
||||
/* Skip the leading quote char. */
|
||||
s++;
|
||||
len = strlen(s);
|
||||
+ // gh-120155: 's' contains at least the trailing quote,
|
||||
+ // so the code '--len' below is safe.
|
||||
+ assert(len >= 1);
|
||||
+
|
||||
if (len > INT_MAX) {
|
||||
PyErr_SetString(PyExc_OverflowError, "string to parse is too long");
|
||||
return NULL;
|
||||
--
|
||||
2.45.2
|
||||
|
||||
@ -17,7 +17,7 @@ URL: https://www.python.org/
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: Python-2.0.1
|
||||
|
||||
|
||||
@ -365,6 +365,12 @@ Source11: idle3.appdata.xml
|
||||
# pypa/distutils integration: https://github.com/pypa/distutils/pull/70
|
||||
Patch251: 00251-change-user-install-location.patch
|
||||
|
||||
# 00323 #
|
||||
# Fix issues uncovered by static analysis scanners
|
||||
# Resolved upstream:
|
||||
# https://github.com/python/cpython/issues/120155
|
||||
Patch323: 00323-static-analysis-fixes.patch
|
||||
|
||||
# 00329 #
|
||||
# Support OpenSSL FIPS mode
|
||||
# - In FIPS mode, OpenSSL wrappers are always used in hashlib
|
||||
@ -1771,6 +1777,10 @@ CheckPython optimized
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Thu Jul 11 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.4-3
|
||||
- Fix issues uncovered by static analysis
|
||||
Resolves: RHEL-45021
|
||||
|
||||
* Thu Jul 04 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.12.4-2
|
||||
- Require expat >= 2.6 to prevent errors when creating venvs with older expat
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user