rpms/texinfo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix various issues found by static analysis

Browse Source 
Fix memory/resource leaks, insufficient memory allocations
and variable declarations without initializer.

Resolves: RHEL-43595
This commit is contained in:
Vitezslav Crhonek 2024-08-08 14:18:11 +02:00 committed by vcrhonek
parent 22493cc866
commit dcea0c677f
2 changed files with 158 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
texinfo-7.1-various-sast-fixes.patch Normal file
View File

@ -0,0 +1,150 @@
diff -up texinfo-7.1/info/filesys.c.orig texinfo-7.1/info/filesys.c
diff -up texinfo-7.1/info/infokey.c.orig texinfo-7.1/info/infokey.c
--- texinfo-7.1/info/infokey.c.orig 2023-08-14 20:53:20.000000000 +0200
+++ texinfo-7.1/info/infokey.c 2024-08-07 12:12:04.651748655 +0200
@@ -208,7 +208,7 @@ compile (FILE *fp, const char *filename,
char oval = 0;
char comment[10];
unsigned int clen = 0;
- int seq[20];
+ int seq[20] = { 0 };
unsigned int slen = 0;
char act[80];
unsigned int alen = 0;
diff -up texinfo-7.1/info/session.c.orig texinfo-7.1/info/session.c
--- texinfo-7.1/info/session.c.orig 2023-08-15 14:52:09.000000000 +0200
+++ texinfo-7.1/info/session.c 2024-08-08 13:14:28.320463664 +0200
@@ -2335,7 +2335,7 @@ info_menu_or_ref_item (WINDOW *window, i
if (defentry)
{
prompt = xmalloc (strlen (defentry->label)
- + strlen (_("Menu item (%s): ")));
+ + strlen (_("Menu item (%s): ")) + 1);
sprintf (prompt, _("Menu item (%s): "), defentry->label);
}
else
@@ -2346,7 +2346,7 @@ info_menu_or_ref_item (WINDOW *window, i
if (defentry)
{
prompt = xmalloc (strlen (defentry->label)
- + strlen (_("Follow xref (%s): ")));
+ + strlen (_("Follow xref (%s): ")) + 1);
sprintf (prompt, _("Follow xref (%s): "), defentry->label);
}
else
@@ -2923,7 +2923,7 @@ DECLARE_INFO_COMMAND (info_menu_sequence
static int
info_handle_pointer (char *label, WINDOW *window)
{
- char *description;
+ char *description = NULL;
NODE *node;
if (!strcmp (label, "Up"))
@@ -3480,7 +3480,7 @@ info_intuit_options_node (NODE *node, ch
{
char *nodename;
- nodename = xmalloc (strlen (program) + strlen (*try_node));
+ nodename = xmalloc (strlen (program) + strlen (*try_node) + 1);
sprintf (nodename, *try_node, program);
/* The last resort "%s" is dangerous, so we restrict it
to exact matches here. */
@@ -3556,7 +3556,7 @@ DECLARE_INFO_COMMAND (info_goto_invocati
default_program_name = program_name_from_file_name (file_name);
prompt = xmalloc (strlen (default_program_name) +
- strlen (invocation_prompt));
+ strlen (invocation_prompt) + 1);
sprintf (prompt, invocation_prompt, default_program_name);
line = info_read_in_echo_area (prompt);
free (prompt);
diff -up texinfo-7.1/info/util.c.orig texinfo-7.1/info/util.c
--- texinfo-7.1/info/util.c.orig 2023-08-14 20:53:20.000000000 +0200
+++ texinfo-7.1/info/util.c 2024-08-07 12:12:04.656748661 +0200
@@ -34,9 +34,12 @@ xvasprintf (char **ptr, const char *temp
int
xasprintf (char **ptr, const char *template, ...)
{
+ int ret;
va_list v;
va_start (v, template);
- return xvasprintf (ptr, template, v);
+ ret = xvasprintf (ptr, template, v);
+ va_end (v);
+ return ret;
}
/* Return the file buffer which belongs to WINDOW's node. */
diff -up texinfo-7.1/install-info/install-info.c.orig texinfo-7.1/install-info/install-info.c
--- texinfo-7.1/install-info/install-info.c.orig 2023-10-08 17:57:24.000000000 +0200
+++ texinfo-7.1/install-info/install-info.c 2024-08-07 12:12:04.657748663 +0200
@@ -752,11 +752,15 @@ open_possibly_compressed_file (char *fil
return 0;
nread = fread (data, sizeof (data), 1, f);
if (nread == 0)
- return 0;
+ {
+ fclose (f);
+ return 0;
+ }
goto determine_file_type; /* success */
}
}
errno = 0;
+ fclose (f);
return 0; /* unknown error */
}
@@ -829,10 +833,16 @@ determine_file_type:
FILE *f2;
if (fclose (f) < 0)
- return 0;
+ {
+ free (command);
+ return 0;
+ }
f2 = freopen (*opened_filename, FOPEN_RBIN, stdin);
if (!f)
- return 0;
+ {
+ fclose (f2);
+ return 0;
+ }
f = popen (command, "r");
fclose (f2);
if (!f)
@@ -854,7 +864,10 @@ determine_file_type:
#else
/* Seek back over the magic bytes. */
if (fseek (f, 0, 0) < 0)
- return 0;
+ {
+ fclose (f);
+ return 0;
+ }
#endif
}
@@ -885,7 +898,10 @@ readfile (char *filename, int *sizep,
compression_program);
if (!f)
- return 0;
+ {
+ free (data);
+ return 0;
+ }
for (;;)
{
@@ -1836,7 +1852,7 @@ munge_old_style_debian_options (int argc
int *new_argc, char ***new_argv)
{
char *opt = NULL;
- int i, err;
+ int i, err = 0;
char *argz = NULL;
size_t argz_len = 0;
const char *regex, *title;

9
texinfo.spec
View File

@ -3,7 +3,7 @@
Summary: Tools needed to create Texinfo format documentation files
Name: texinfo
Version: 7.1
Release: 3%{?dist}
Release: 4%{?dist}
License: GPL-3.0-or-later
Url: http://www.gnu.org/software/texinfo/
Source0: ftp://ftp.gnu.org/gnu/texinfo/texinfo-%{version}.tar.xz
@ -15,6 +15,8 @@ Patch0: info-6.5-sync-fix-info-dir.patch
Patch1: texinfo-6.5-fix-info-dir.patch
# Patch2: fixes issues detected by static analysis
Patch2: texinfo-6.5-covscan-fixes.patch
# Patch3: fixes various issues found by static analysis
Patch3: texinfo-7.1-various-sast-fixes.patch
BuildRequires: make
BuildRequires: gcc
@ -148,6 +150,11 @@ export ALL_TESTS=yes
%{_mandir}/man1/pdftexi2dvi.1*
%changelog
* Thu Aug 08 2024 Vitezslav Crhonek <vcrhonek@redhat.com> - 7.1-4
- Fix memory/resource leaks, insufficient memory allocations and
variable declarations without initializer
Resolves: RHEL-43595
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7.1-3
- Bump release for June 2024 mass rebuild