diff --git a/texinfo-7.1-various-sast-fixes.patch b/texinfo-7.1-various-sast-fixes.patch new file mode 100644 index 0000000..fb393ac --- /dev/null +++ b/texinfo-7.1-various-sast-fixes.patch @@ -0,0 +1,150 @@ +diff -up texinfo-7.1/info/filesys.c.orig texinfo-7.1/info/filesys.c +diff -up texinfo-7.1/info/infokey.c.orig texinfo-7.1/info/infokey.c +--- texinfo-7.1/info/infokey.c.orig 2023-08-14 20:53:20.000000000 +0200 ++++ texinfo-7.1/info/infokey.c 2024-08-07 12:12:04.651748655 +0200 +@@ -208,7 +208,7 @@ compile (FILE *fp, const char *filename, + char oval = 0; + char comment[10]; + unsigned int clen = 0; +- int seq[20]; ++ int seq[20] = { 0 }; + unsigned int slen = 0; + char act[80]; + unsigned int alen = 0; +diff -up texinfo-7.1/info/session.c.orig texinfo-7.1/info/session.c +--- texinfo-7.1/info/session.c.orig 2023-08-15 14:52:09.000000000 +0200 ++++ texinfo-7.1/info/session.c 2024-08-08 13:14:28.320463664 +0200 +@@ -2335,7 +2335,7 @@ info_menu_or_ref_item (WINDOW *window, i + if (defentry) + { + prompt = xmalloc (strlen (defentry->label) +- + strlen (_("Menu item (%s): "))); ++ + strlen (_("Menu item (%s): ")) + 1); + sprintf (prompt, _("Menu item (%s): "), defentry->label); + } + else +@@ -2346,7 +2346,7 @@ info_menu_or_ref_item (WINDOW *window, i + if (defentry) + { + prompt = xmalloc (strlen (defentry->label) +- + strlen (_("Follow xref (%s): "))); ++ + strlen (_("Follow xref (%s): ")) + 1); + sprintf (prompt, _("Follow xref (%s): "), defentry->label); + } + else +@@ -2923,7 +2923,7 @@ DECLARE_INFO_COMMAND (info_menu_sequence + static int + info_handle_pointer (char *label, WINDOW *window) + { +- char *description; ++ char *description = NULL; + NODE *node; + + if (!strcmp (label, "Up")) +@@ -3480,7 +3480,7 @@ info_intuit_options_node (NODE *node, ch + { + char *nodename; + +- nodename = xmalloc (strlen (program) + strlen (*try_node)); ++ nodename = xmalloc (strlen (program) + strlen (*try_node) + 1); + sprintf (nodename, *try_node, program); + /* The last resort "%s" is dangerous, so we restrict it + to exact matches here. */ +@@ -3556,7 +3556,7 @@ DECLARE_INFO_COMMAND (info_goto_invocati + default_program_name = program_name_from_file_name (file_name); + + prompt = xmalloc (strlen (default_program_name) + +- strlen (invocation_prompt)); ++ strlen (invocation_prompt) + 1); + sprintf (prompt, invocation_prompt, default_program_name); + line = info_read_in_echo_area (prompt); + free (prompt); +diff -up texinfo-7.1/info/util.c.orig texinfo-7.1/info/util.c +--- texinfo-7.1/info/util.c.orig 2023-08-14 20:53:20.000000000 +0200 ++++ texinfo-7.1/info/util.c 2024-08-07 12:12:04.656748661 +0200 +@@ -34,9 +34,12 @@ xvasprintf (char **ptr, const char *temp + int + xasprintf (char **ptr, const char *template, ...) + { ++ int ret; + va_list v; + va_start (v, template); +- return xvasprintf (ptr, template, v); ++ ret = xvasprintf (ptr, template, v); ++ va_end (v); ++ return ret; + } + + /* Return the file buffer which belongs to WINDOW's node. */ +diff -up texinfo-7.1/install-info/install-info.c.orig texinfo-7.1/install-info/install-info.c +--- texinfo-7.1/install-info/install-info.c.orig 2023-10-08 17:57:24.000000000 +0200 ++++ texinfo-7.1/install-info/install-info.c 2024-08-07 12:12:04.657748663 +0200 +@@ -752,11 +752,15 @@ open_possibly_compressed_file (char *fil + return 0; + nread = fread (data, sizeof (data), 1, f); + if (nread == 0) +- return 0; ++ { ++ fclose (f); ++ return 0; ++ } + goto determine_file_type; /* success */ + } + } + errno = 0; ++ fclose (f); + return 0; /* unknown error */ + } + +@@ -829,10 +833,16 @@ determine_file_type: + FILE *f2; + + if (fclose (f) < 0) +- return 0; ++ { ++ free (command); ++ return 0; ++ } + f2 = freopen (*opened_filename, FOPEN_RBIN, stdin); + if (!f) +- return 0; ++ { ++ fclose (f2); ++ return 0; ++ } + f = popen (command, "r"); + fclose (f2); + if (!f) +@@ -854,7 +864,10 @@ determine_file_type: + #else + /* Seek back over the magic bytes. */ + if (fseek (f, 0, 0) < 0) +- return 0; ++ { ++ fclose (f); ++ return 0; ++ } + #endif + } + +@@ -885,7 +898,10 @@ readfile (char *filename, int *sizep, + compression_program); + + if (!f) +- return 0; ++ { ++ free (data); ++ return 0; ++ } + + for (;;) + { +@@ -1836,7 +1852,7 @@ munge_old_style_debian_options (int argc + int *new_argc, char ***new_argv) + { + char *opt = NULL; +- int i, err; ++ int i, err = 0; + char *argz = NULL; + size_t argz_len = 0; + const char *regex, *title; diff --git a/texinfo.spec b/texinfo.spec index e967558..6c63e6f 100644 --- a/texinfo.spec +++ b/texinfo.spec @@ -3,7 +3,7 @@ Summary: Tools needed to create Texinfo format documentation files Name: texinfo Version: 7.1 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL-3.0-or-later Url: http://www.gnu.org/software/texinfo/ Source0: ftp://ftp.gnu.org/gnu/texinfo/texinfo-%{version}.tar.xz @@ -15,6 +15,8 @@ Patch0: info-6.5-sync-fix-info-dir.patch Patch1: texinfo-6.5-fix-info-dir.patch # Patch2: fixes issues detected by static analysis Patch2: texinfo-6.5-covscan-fixes.patch +# Patch3: fixes various issues found by static analysis +Patch3: texinfo-7.1-various-sast-fixes.patch BuildRequires: make BuildRequires: gcc @@ -148,6 +150,11 @@ export ALL_TESTS=yes %{_mandir}/man1/pdftexi2dvi.1* %changelog +* Thu Aug 08 2024 Vitezslav Crhonek - 7.1-4 +- Fix memory/resource leaks, insufficient memory allocations and + variable declarations without initializer + Resolves: RHEL-43595 + * Mon Jun 24 2024 Troy Dawson - 7.1-3 - Bump release for June 2024 mass rebuild