texinfo/texinfo-7.1-various-sast-fixes.patch

151 lines
4.8 KiB
Diff
Raw Normal View History

diff -up texinfo-7.1/info/filesys.c.orig texinfo-7.1/info/filesys.c
diff -up texinfo-7.1/info/infokey.c.orig texinfo-7.1/info/infokey.c
--- texinfo-7.1/info/infokey.c.orig 2023-08-14 20:53:20.000000000 +0200
+++ texinfo-7.1/info/infokey.c 2024-08-07 12:12:04.651748655 +0200
@@ -208,7 +208,7 @@ compile (FILE *fp, const char *filename,
char oval = 0;
char comment[10];
unsigned int clen = 0;
- int seq[20];
+ int seq[20] = { 0 };
unsigned int slen = 0;
char act[80];
unsigned int alen = 0;
diff -up texinfo-7.1/info/session.c.orig texinfo-7.1/info/session.c
--- texinfo-7.1/info/session.c.orig 2023-08-15 14:52:09.000000000 +0200
+++ texinfo-7.1/info/session.c 2024-08-08 13:14:28.320463664 +0200
@@ -2335,7 +2335,7 @@ info_menu_or_ref_item (WINDOW *window, i
if (defentry)
{
prompt = xmalloc (strlen (defentry->label)
- + strlen (_("Menu item (%s): ")));
+ + strlen (_("Menu item (%s): ")) + 1);
sprintf (prompt, _("Menu item (%s): "), defentry->label);
}
else
@@ -2346,7 +2346,7 @@ info_menu_or_ref_item (WINDOW *window, i
if (defentry)
{
prompt = xmalloc (strlen (defentry->label)
- + strlen (_("Follow xref (%s): ")));
+ + strlen (_("Follow xref (%s): ")) + 1);
sprintf (prompt, _("Follow xref (%s): "), defentry->label);
}
else
@@ -2923,7 +2923,7 @@ DECLARE_INFO_COMMAND (info_menu_sequence
static int
info_handle_pointer (char *label, WINDOW *window)
{
- char *description;
+ char *description = NULL;
NODE *node;
if (!strcmp (label, "Up"))
@@ -3480,7 +3480,7 @@ info_intuit_options_node (NODE *node, ch
{
char *nodename;
- nodename = xmalloc (strlen (program) + strlen (*try_node));
+ nodename = xmalloc (strlen (program) + strlen (*try_node) + 1);
sprintf (nodename, *try_node, program);
/* The last resort "%s" is dangerous, so we restrict it
to exact matches here. */
@@ -3556,7 +3556,7 @@ DECLARE_INFO_COMMAND (info_goto_invocati
default_program_name = program_name_from_file_name (file_name);
prompt = xmalloc (strlen (default_program_name) +
- strlen (invocation_prompt));
+ strlen (invocation_prompt) + 1);
sprintf (prompt, invocation_prompt, default_program_name);
line = info_read_in_echo_area (prompt);
free (prompt);
diff -up texinfo-7.1/info/util.c.orig texinfo-7.1/info/util.c
--- texinfo-7.1/info/util.c.orig 2023-08-14 20:53:20.000000000 +0200
+++ texinfo-7.1/info/util.c 2024-08-07 12:12:04.656748661 +0200
@@ -34,9 +34,12 @@ xvasprintf (char **ptr, const char *temp
int
xasprintf (char **ptr, const char *template, ...)
{
+ int ret;
va_list v;
va_start (v, template);
- return xvasprintf (ptr, template, v);
+ ret = xvasprintf (ptr, template, v);
+ va_end (v);
+ return ret;
}
/* Return the file buffer which belongs to WINDOW's node. */
diff -up texinfo-7.1/install-info/install-info.c.orig texinfo-7.1/install-info/install-info.c
--- texinfo-7.1/install-info/install-info.c.orig 2023-10-08 17:57:24.000000000 +0200
+++ texinfo-7.1/install-info/install-info.c 2024-08-07 12:12:04.657748663 +0200
@@ -752,11 +752,15 @@ open_possibly_compressed_file (char *fil
return 0;
nread = fread (data, sizeof (data), 1, f);
if (nread == 0)
- return 0;
+ {
+ fclose (f);
+ return 0;
+ }
goto determine_file_type; /* success */
}
}
errno = 0;
+ fclose (f);
return 0; /* unknown error */
}
@@ -829,10 +833,16 @@ determine_file_type:
FILE *f2;
if (fclose (f) < 0)
- return 0;
+ {
+ free (command);
+ return 0;
+ }
f2 = freopen (*opened_filename, FOPEN_RBIN, stdin);
if (!f)
- return 0;
+ {
+ fclose (f2);
+ return 0;
+ }
f = popen (command, "r");
fclose (f2);
if (!f)
@@ -854,7 +864,10 @@ determine_file_type:
#else
/* Seek back over the magic bytes. */
if (fseek (f, 0, 0) < 0)
- return 0;
+ {
+ fclose (f);
+ return 0;
+ }
#endif
}
@@ -885,7 +898,10 @@ readfile (char *filename, int *sizep,
compression_program);
if (!f)
- return 0;
+ {
+ free (data);
+ return 0;
+ }
for (;;)
{
@@ -1836,7 +1852,7 @@ munge_old_style_debian_options (int argc
int *new_argc, char ***new_argv)
{
char *opt = NULL;
- int i, err;
+ int i, err = 0;
char *argz = NULL;
size_t argz_len = 0;
const char *regex, *title;