fix issues found by static analysis (RHEL-36476)
Resolves: RHEL-36476
This commit is contained in:
Miroslav Lichvar
parent
71a5be74c7
commit
ede8c9ce12
54
slang-sast.patch
Normal file
54
slang-sast.patch
Normal file
@ -0,0 +1,54 @@
|
||||
commit 99a1d340301dcee86cabc16b9721e21562691f9c
|
||||
Author: John E. Davis <jed@jedsoft.org>
|
||||
Date: Mon May 20 00:19:16 2024 -0400
|
||||
|
||||
pre2.3.4-13: Initialize the variables provided by the %g operator to zero to not
|
||||
leak uninitialized data from the stack if not set by %P. (Miroslav
|
||||
Lichvar)
|
||||
|
||||
diff --git a/src/sldisply.c b/src/sldisply.c
|
||||
index 2664aad..00d3acb 100644
|
||||
--- a/src/sldisply.c
|
||||
+++ b/src/sldisply.c
|
||||
@@ -534,6 +534,8 @@ static unsigned int tt_sprintf(char *buf, unsigned int buflen, SLCONST char *fmt
|
||||
parms [1] = x; /* p1 */
|
||||
parms [2] = y; /* p2 */
|
||||
|
||||
+ memset (variables, 0, sizeof(variables));
|
||||
+
|
||||
offset = 0;
|
||||
zero_pad = 0;
|
||||
field_width = 0;
|
||||
|
||||
commit 89d32bb2a32037ce7307b385da88e23dab6f31f6
|
||||
Author: John E. Davis <jed@jedsoft.org>
|
||||
Date: Wed Nov 6 10:49:27 2024 -0500
|
||||
|
||||
pre2.3.4-16: Removed unnecessary chack for a NULL string in keymap.c:find_the_key, and corrected a potential memory leak in the sltoken.c:compile_byte_compiled_multistring function
|
||||
|
||||
diff --git a/src/slkeymap.c b/src/slkeymap.c
|
||||
index ab9f391..0a2de96 100644
|
||||
--- a/src/slkeymap.c
|
||||
+++ b/src/slkeymap.c
|
||||
@@ -335,7 +335,7 @@ static int find_the_key (SLFUTURE_CONST char *s, SLkeymap_Type *kml, SLang_Key_T
|
||||
last = key;
|
||||
key = key->next;
|
||||
|
||||
- if ((key != NULL) && (key->str != NULL))
|
||||
+ if (key != NULL)
|
||||
{
|
||||
len = key_len = key->str[0];
|
||||
if (len > str_len) len = str_len;
|
||||
diff --git a/src/sltoken.c b/src/sltoken.c
|
||||
index d142eee..dd3142e 100644
|
||||
--- a/src/sltoken.c
|
||||
+++ b/src/sltoken.c
|
||||
@@ -1999,7 +1999,7 @@ static int compile_byte_compiled_multistring (char *buf)
|
||||
if ((last_type != type) && (type != 0))
|
||||
{
|
||||
SLang_verror (SL_INVALID_DATA_ERROR, "Unexpected object (0x%X) encountered in stream", (int)this_type);
|
||||
- return -1;
|
||||
+ goto return_error;
|
||||
}
|
||||
type = last_type;
|
||||
|
||||
@ -13,6 +13,9 @@ URL: https://www.jedsoft.org/slang/
|
||||
Source: https://www.jedsoft.org/releases/%{name}/%{name}-%{version}.tar.bz2
|
||||
# disable test that fails with SIGHUP ignored (e.g. in koji)
|
||||
Patch2: slang-sighuptest.patch
|
||||
# fix issues found by static analysis
|
||||
Patch3: slang-sast.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc libpng-devel zlib-devel
|
||||
%{?with_oniguruma:BuildRequires: oniguruma-devel}
|
||||
@ -54,6 +57,7 @@ based on the S-Lang extension language.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch2 -p1 -b .sighuptest
|
||||
%patch3 -p1 -b .sast
|
||||
|
||||
%build
|
||||
%configure \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user