json,xml: fix programming mistakes detected by static analysis

Resolves: RHEL-36490
2024-11-04 12:30:44 +01:00 · 2024-11-04 12:30:44 +01:00 · b451fbde3a
commit b451fbde3a
parent bd8ae02049
2 changed files with 65 additions and 1 deletions
--- a/tree-pkg.spec
+++ b/tree-pkg.spec
@ -1,7 +1,7 @@
 Summary: File system tree viewer
 Name: tree-pkg
 Version: 2.1.0
-Release: 7%{?dist}
+Release: 8%{?dist}

 # The entire source code is LGPL-2.1-or-later except strverscmp.c
 # which is LGPL-2.1-or-later.
@ -30,6 +30,10 @@ Patch7: tree-size-field-len.patch
 # Sent upstream via email 20181106
 Patch8: tree-static-analysis.patch

+# fix programming mistakes detected by static analysis (RHEL-36490)
+# Upstream is not active
+Patch9: tree-static-analysis-2.patch
+
 %description
 The source RPM package of tree, which has to be named differently due to
 limitations of Pagure and Gitlab.
@ -63,6 +67,10 @@ sed -e 's/LINUX/__linux__/' -i tree.c
 %doc README

 %changelog
+* Mon Nov 04 2024 Vincent Mihalkovic <vmihalko@redhat.com> - 2.1.0-8
+- fix programming mistakes detected by static analysis
+  Resolves: RHEL-36490
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.1.0-7
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018
--- a/tree-static-analysis-2.patch
+++ b/tree-static-analysis-2.patch
@ -0,0 +1,56 @@
+From b25def5b8385f8382d3da1e37fc2204ffedc72e5 Mon Sep 17 00:00:00 2001
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Thu, 31 Oct 2024 14:56:32 +0100
+Subject: [PATCH] json, xml: fix identical branches warning
+
+Error: IDENTICAL_BRANCHES (CWE-398):
+tree-2.1.0/json.c:124: identical_branches: The same code is executed regardless of whether "file->lnk" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
+  122|
+  123|     if (file != NULL) {
+  124|->     if (file->lnk) mt = file->mode & S_IFMT;
+  125|       else mt = file->mode & S_IFMT;
+  126|     } else mt = 0;
+
+Error: IDENTICAL_BRANCHES (CWE-398):
+tree-2.1.0/json.c:124: identical_branches: The same code is executed regardless of whether "file->lnk" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
+  122|
+  123|     if (file != NULL) {
+  124|->     if (file->lnk) mt = file->mode & S_IFMT;
+  125|       else mt = file->mode & S_IFMT;
+  126|     } else mt = 0;
+---
+ json.c | 3 +--
+ xml.c  | 3 +--
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/json.c b/json.c
+index 3495448..e86a590 100644
+--- a/json.c
+++ b/json.c
+@@ -121,8 +121,7 @@ int json_printinfo(char *dirname, struct _info *file, int level)
+   if (!noindent) json_indent(level);
+ 
+   if (file != NULL) {
+-    if (file->lnk) mt = file->mode & S_IFMT;
+-    else mt = file->mode & S_IFMT;
+    mt = file->mode & S_IFMT;
+   } else mt = 0;
+ 
+   for(t=0;ifmt[t];t++)
+diff --git a/xml.c b/xml.c
+index 9fdf74e..96c76f2 100644
+--- a/xml.c
+++ b/xml.c
+@@ -105,8 +105,7 @@ int xml_printinfo(char *dirname, struct _info *file, int level)
+   if (!noindent) xml_indent(level);
+ 
+   if (file != NULL) {
+-    if (file->lnk) mt = file->mode & S_IFMT;
+-    else mt = file->mode & S_IFMT;
+    mt = file->mode & S_IFMT;
+   } else mt = 0;
+ 
+   for(t=0;ifmt[t];t++)
+-- 
+2.46.2
+