rcolebaugh / rpms / bash

Forked from rpms/bash 2 years ago
Clone

Blame SOURCES/bash-4.4-coverity.patch

50ece2
diff --git a/builtins/fc.def b/builtins/fc.def
50ece2
index fe16471..98c53db 100644
50ece2
--- a/builtins/fc.def
50ece2
+++ b/builtins/fc.def
50ece2
@@ -423,6 +423,7 @@ fc_builtin (list)
50ece2
     {
50ece2
       sh_wrerror ();
50ece2
       fclose (stream);
50ece2
+      FREE (fn);
50ece2
       return (EXECUTION_FAILURE);
50ece2
     }
50ece2
   fclose (stream);
50ece2
diff --git a/execute_cmd.c b/execute_cmd.c
50ece2
index 63a332a..15b5e19 100644
50ece2
--- a/execute_cmd.c
50ece2
+++ b/execute_cmd.c
50ece2
@@ -2196,8 +2196,10 @@ coproc_setvars (cp)
50ece2
   if (v == 0)
50ece2
     {
50ece2
       v = find_variable_nameref_for_create (cp->c_name, 1);
50ece2
-      if (v == INVALID_NAMEREF_VALUE)
50ece2
-	return;
50ece2
+      if (v == INVALID_NAMEREF_VALUE) {
50ece2
+        free (namevar);
50ece2
+        return;
50ece2
+      }
50ece2
       if (v && nameref_p (v))
50ece2
 	{
50ece2
 	  free (cp->c_name);
50ece2
@@ -2210,6 +2212,7 @@ coproc_setvars (cp)
50ece2
     {
50ece2
       if (readonly_p (v))
50ece2
 	err_readonly (cp->c_name);
50ece2
+      free (namevar);
50ece2
       return;
50ece2
     }
50ece2
   if (v == 0)
50ece2
@@ -5528,7 +5531,6 @@ shell_execve (command, args, env)
50ece2
 	      char *interp;
50ece2
 	      int ilen;
50ece2
 
50ece2
-              close (fd);
50ece2
 	      interp = getinterp (sample, sample_len, (int *)NULL);
50ece2
 	      ilen = strlen (interp);
50ece2
 	      errno = i;
50ece2
diff --git a/expr.c b/expr.c
50ece2
index 172964a..5dc57c0 100644
50ece2
--- a/expr.c
50ece2
+++ b/expr.c
50ece2
@@ -207,7 +207,8 @@ static intmax_t exp5 __P((void));
50ece2
 static intmax_t exp4 __P((void));
50ece2
 static intmax_t expshift __P((void));
50ece2
 static intmax_t exp3 __P((void));
50ece2
-static intmax_t exp2 __P((void));
50ece2
+/* Avoid name clash with standard exp2 */
50ece2
+static intmax_t bash_exp2 __P((void));
50ece2
 static intmax_t	exppower __P((void));
50ece2
 static intmax_t exp1 __P((void));
50ece2
 static intmax_t exp0 __P((void));
50ece2
@@ -809,14 +810,14 @@ exp3 ()
50ece2
 {
50ece2
   register intmax_t val1, val2;
50ece2
 
50ece2
-  val1 = exp2 ();
50ece2
+  val1 = bash_exp2 ();
50ece2
 
50ece2
   while ((curtok == PLUS) || (curtok == MINUS))
50ece2
     {
50ece2
       int op = curtok;
50ece2
 
50ece2
       readtok ();
50ece2
-      val2 = exp2 ();
50ece2
+      val2 = bash_exp2 ();
50ece2
 
50ece2
       if (op == PLUS)
50ece2
 	val1 += val2;
50ece2
@@ -828,7 +829,7 @@ exp3 ()
50ece2
 }
50ece2
 
50ece2
 static intmax_t
50ece2
-exp2 ()
50ece2
+bash_exp2 ()
50ece2
 {
50ece2
   register intmax_t val1, val2;
50ece2
 #if defined (HAVE_IMAXDIV)
50ece2
diff --git a/lib/glob/glob.c b/lib/glob/glob.c
50ece2
index 7f6eafe..c018e29 100644
50ece2
--- a/lib/glob/glob.c
50ece2
+++ b/lib/glob/glob.c
50ece2
@@ -576,7 +576,7 @@ glob_vector (pat, dir, flags)
50ece2
   register char *nextname, *npat, *subdir;
50ece2
   unsigned int count;
50ece2
   int lose, skip, ndirs, isdir, sdlen, add_current, patlen;
50ece2
-  register char **name_vector;
50ece2
+  register char **name_vector = NULL;
50ece2
   register unsigned int i;
50ece2
   int mflags;		/* Flags passed to strmatch (). */
50ece2
   int pflags;		/* flags passed to sh_makepath () */
50ece2
@@ -894,7 +894,7 @@ glob_vector (pat, dir, flags)
50ece2
 	}
50ece2
 
50ece2
       /* Don't call QUIT; here; let higher layers deal with it. */
50ece2
-
50ece2
+      FREE (name_vector);
50ece2
       return ((char **)NULL);
50ece2
     }
50ece2
 
50ece2
diff --git a/lib/sh/pathcanon.c b/lib/sh/pathcanon.c
50ece2
index f19bd55..2a565d6 100644
50ece2
--- a/lib/sh/pathcanon.c
50ece2
+++ b/lib/sh/pathcanon.c
50ece2
@@ -227,7 +227,7 @@ sh_canonpath (path, flags)
50ece2
       if (result[2] == '\0')	/* short-circuit for bare `//' */
50ece2
 	result[1] = '\0';
50ece2
       else
50ece2
-	strcpy (result, result + 1);
50ece2
+	memmove(result, result + 1, strlen(result + 1) + 1);
50ece2
     }
50ece2
 
50ece2
   return (result);
50ece2
diff --git a/lib/sh/pathphys.c b/lib/sh/pathphys.c
50ece2
index 26016b7..b64c4cd 100644
50ece2
--- a/lib/sh/pathphys.c
50ece2
+++ b/lib/sh/pathphys.c
50ece2
@@ -245,7 +245,7 @@ error:
50ece2
       if (result[2] == '\0')	/* short-circuit for bare `//' */
50ece2
 	result[1] = '\0';
50ece2
       else
50ece2
-	strcpy (result, result + 1);
50ece2
+	memmove(result, result + 1, strlen(result + 1) + 1);
50ece2
     }
50ece2
 
50ece2
   return (result);
50ece2
diff --git a/shell.c b/shell.c
50ece2
index b43de50..4aae182 100644
50ece2
--- a/shell.c
50ece2
+++ b/shell.c
50ece2
@@ -1948,8 +1948,10 @@ show_shell_usage (fp, extra)
50ece2
   fputs (_("\t-ilrsD or -c command or -O shopt_option\t\t(invocation only)\n"), fp);
50ece2
 
50ece2
   for (i = 0, set_opts = 0; shell_builtins[i].name; i++)
50ece2
-    if (STREQ (shell_builtins[i].name, "set"))
50ece2
+    if (STREQ (shell_builtins[i].name, "set")) {
50ece2
       set_opts = savestring (shell_builtins[i].short_doc);
50ece2
+      break;
50ece2
+    }
50ece2
   if (set_opts)
50ece2
     {
50ece2
       s = strchr (set_opts, '[');
50ece2
diff --git a/subst.c b/subst.c
50ece2
index 5f3e41e..7574617 100644
50ece2
--- a/subst.c
50ece2
+++ b/subst.c
50ece2
@@ -5182,8 +5182,11 @@ parameter_list_transform (xc, itype, quoted)
50ece2
   list = list_rest_of_args ();
50ece2
   if (list == 0)
50ece2
     return ((char *)NULL);
50ece2
-  if (xc == 'A')
50ece2
-    return (pos_params_assignment (list, itype, quoted));
50ece2
+  if (xc == 'A') {
50ece2
+      ret = pos_params_assignment (list, itype, quoted);
50ece2
+      dispose_words (list);
50ece2
+      return (ret);
50ece2
+  }
50ece2
   ret = list_transform (xc, (SHELL_VAR *)0, list, itype, quoted);
50ece2
   dispose_words (list);
50ece2
   return (ret);
50ece2
@@ -6813,6 +6816,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, pflags, qdollaratp, hasdolla
50ece2
 	{
50ece2
 	  report_error (_("%s: invalid indirect expansion"), name);
50ece2
 	  free (vname);
50ece2
+      free (t1);
50ece2
 	  dispose_word (w);
50ece2
 	  return &expand_wdesc_error;
50ece2
 	}
50ece2
@@ -6820,6 +6824,7 @@ parameter_brace_expand_rhs (name, value, c, quoted, pflags, qdollaratp, hasdolla
50ece2
 	{
50ece2
 	  report_error (_("%s: invalid variable name"), vname);
50ece2
 	  free (vname);
50ece2
+      free (t1);
50ece2
 	  dispose_word (w);
50ece2
 	  return &expand_wdesc_error;
50ece2
 	}
50ece2
diff --git a/support/man2html.c b/support/man2html.c
50ece2
index 6ba5061..1d9e376 100644
50ece2
--- a/support/man2html.c
50ece2
+++ b/support/man2html.c
50ece2
@@ -522,6 +522,7 @@ read_man_page(char *filename)
50ece2
 			man_buf[buf_size] = '\n';
50ece2
 			man_buf[buf_size + 1] = man_buf[buf_size + 2] = '\0';
50ece2
 		} else {
50ece2
+            free (man_buf);
50ece2
 			man_buf = NULL;
50ece2
 		}
50ece2
 		fclose(man_stream);
50ece2
@@ -2562,7 +2563,6 @@ scan_request(char *c)
50ece2
 					h = name;
50ece2
 				if (stat(h, &stbuf) != -1)
50ece2
 					l = stbuf.st_size;
50ece2
-				buf = stralloc(l + 4);
50ece2
 #if NOCGI
50ece2
 				if (!out_length) {
50ece2
 					char   *t, *s;