teknoraver / rpms / rpm

Forked from rpms/rpm 3 months ago
Clone

Blame SOURCES/rpm-4.16.1.3-imp-covscan-fixes.patch

813822
commit c7d7c5acd0c14d0450016887cba1d86483086794
813822
Author: Michal Domonkos <mdomonko@redhat.com>
813822
Date:   Mon Jun 21 10:05:10 2021 +0200
813822
813822
    Add quoting to literal curly brackets
813822
    
813822
    These curly brackets are already treated as literals by the shell, so
813822
    let's make that explicit for clarity, and silence a ShellCheck warning
813822
    at the same time.
813822
    
813822
    More info: https://github.com/koalaman/shellcheck/wiki/SC1083
813822
    
813822
    Found by ShellCheck.
813822
813822
    Adjusted for 4.16.1.3
813822
813822
diff -up rpm-4.16.1.3/scripts/check-rpaths-worker.orig rpm-4.16.1.3/scripts/check-rpaths-worker
813822
--- rpm-4.16.1.3/scripts/check-rpaths-worker.orig	2021-06-29 15:34:31.671003589 +0200
813822
+++ rpm-4.16.1.3/scripts/check-rpaths-worker	2021-06-29 15:34:51.993414093 +0200
813822
@@ -120,13 +120,13 @@ for i; do
813822
 	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
813822
 		    badness=0;;
813822
 
813822
-		(\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
813822
+		(\$ORIGIN|\$\{ORIGINX\}|\$ORIGIN/*|\$\{ORIGINX\}/*)
813822
 		    test $allow_ORIGIN -eq 0 && badness=8 || {
813822
 			badness=0
813822
 			new_allow_ORIGIN=1
813822
 		    }
813822
 		    ;;
813822
-		(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
813822
+		(/*\$PLATFORM*|/*\$\{PLATFORM\}*|/*\$LIB*|/*\$\{LIB\}*)
813822
 		    badness=0;;
813822
 	    	
813822
 	        (/lib|/usr/lib|/usr/X11R6/lib)
813822
From d8dc4fd37b1d90cd97de7fcf484d449ec132c9b3 Mon Sep 17 00:00:00 2001
813822
From: Michal Domonkos <mdomonko@redhat.com>
813822
Date: Wed, 9 Jun 2021 21:31:40 +0200
813822
Subject: [PATCH 1/7] Fix memory leak in sqlexec()
813822
813822
Callers are supposed to free the error strings themselves:
813822
https://www.sqlite.org/capi3ref.html#sqlite3_exec
813822
813822
Found by Coverity.
813822
---
813822
 lib/backend/sqlite.c | 1 +
813822
 1 file changed, 1 insertion(+)
813822
813822
diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
813822
index 7c2de45aa..dbefeb163 100644
813822
--- a/lib/backend/sqlite.c
813822
+++ b/lib/backend/sqlite.c
813822
@@ -233,6 +233,7 @@ static int sqlexec(sqlite3 *sdb, const char *fmt, ...)
813822
 	rpmlog(RPMLOG_DEBUG, "%s: %d\n", cmd, rc);
813822
 
813822
     sqlite3_free(cmd);
813822
+    sqlite3_free(err);
813822
 
813822
     return rc ? RPMRC_FAIL : RPMRC_OK;
813822
 }
813822
-- 
813822
2.31.1
813822
813822
From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001
813822
From: Michal Domonkos <mdomonko@redhat.com>
813822
Date: Fri, 25 Jun 2021 11:21:46 +0200
813822
Subject: [PATCH 2/7] Always free the arg list passed to rpmGlob()
813822
813822
Even though the actual implementation of rpmGlob() does not allocate the
813822
passed arg list (av) if the return code (rc) is non-zero or arg count
813822
(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to
813822
free that memory, so make sure we do that irrespectively of the above
813822
conditions.
813822
813822
Found by Coverity.
813822
---
813822
 lib/rpminstall.c | 1 +
813822
 1 file changed, 1 insertion(+)
813822
813822
diff --git a/lib/rpminstall.c b/lib/rpminstall.c
813822
index 724126e94..302ec0ba1 100644
813822
--- a/lib/rpminstall.c
813822
+++ b/lib/rpminstall.c
813822
@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
813822
 		rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp);
813822
 	    }
813822
 	    eiu->numFailed++;
813822
+	    argvFree(av);
813822
 	    continue;
813822
 	}
813822
 
813822
-- 
813822
2.31.1
813822
813822
From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001
813822
From: Michal Domonkos <mdomonko@redhat.com>
813822
Date: Mon, 14 Jun 2021 10:21:25 +0200
813822
Subject: [PATCH 3/7] Fix resource leak in Fts_children()
813822
813822
This function is not used anywhere within our codebase (and neither is
813822
it part of the public API) so it's basically a no-op... Still, rather
813822
than yanking it completely, let's just silence the Coverity error here.
813822
813822
Found by Coverity.
813822
---
813822
 misc/fts.c | 4 +++-
813822
 1 file changed, 3 insertions(+), 1 deletion(-)
813822
813822
diff --git a/misc/fts.c b/misc/fts.c
813822
index d3ebb2946..caf27495d 100644
813822
--- a/misc/fts.c
813822
+++ b/misc/fts.c
813822
@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr)
813822
 	if ((fd = __open(".", O_RDONLY, 0)) < 0)
813822
 		return (NULL);
813822
 	sp->fts_child = fts_build(sp, instr);
813822
-	if (__fchdir(fd))
813822
+	if (__fchdir(fd)) {
813822
+		(void)__close(fd);
813822
 		return (NULL);
813822
+	}
813822
 	(void)__close(fd);
813822
 	return (sp->fts_child);
813822
 }
813822
-- 
813822
2.31.1
813822
813822
From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001
813822
From: Michal Domonkos <mdomonko@redhat.com>
813822
Date: Mon, 14 Jun 2021 12:34:23 +0200
813822
Subject: [PATCH 4/7] Fix memory leak in fts_build()
813822
813822
Turns out this leak is already fixed in glibc's current version of fts.c
813822
(where our copy originates from), so let's just backport that.
813822
813822
Original commit in glibc:
813822
https://sourceware.org/git/?p=glibc.git;\
813822
a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65
813822
813822
Found by Coverity.
813822
---
813822
 misc/fts.c | 2 ++
813822
 1 file changed, 2 insertions(+)
813822
813822
diff --git a/misc/fts.c b/misc/fts.c
813822
index caf27495d..f7fce0eaa 100644
813822
--- a/misc/fts.c
813822
+++ b/misc/fts.c
813822
@@ -855,6 +855,7 @@ mem1:				saved_errno = errno;
813822
 	     fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
813822
 		cur->fts_info = FTS_ERR;
813822
 		SET(FTS_STOP);
813822
+		fts_lfree(head);
813822
 		return (NULL);
813822
 	}
813822
 
813822
@@ -862,6 +863,7 @@ mem1:				saved_errno = errno;
813822
 	if (!nitems) {
813822
 		if (type == BREAD)
813822
 			cur->fts_info = FTS_DP;
813822
+		fts_lfree(head);
813822
 		return (NULL);
813822
 	}
813822
 
813822
-- 
813822
2.31.1
813822
813822
From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001
813822
From: Michal Domonkos <mdomonko@redhat.com>
813822
Date: Tue, 15 Jun 2021 13:34:21 +0200
813822
Subject: [PATCH 5/7] Fix memory leak in decodePkts()
813822
813822
Found by Coverity.
813822
---
813822
 rpmio/rpmpgp.c | 6 +++++-
813822
 1 file changed, 5 insertions(+), 1 deletion(-)
813822
813822
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
813822
index c59185dce..ee5c81e24 100644
813822
--- a/rpmio/rpmpgp.c
813822
+++ b/rpmio/rpmpgp.c
813822
@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
813822
 	    crc = pgpCRC(dec, declen);
813822
 	    if (crcpkt != crc) {
813822
 		ec = PGPARMOR_ERR_CRC_CHECK;
813822
+		_free(dec);
813822
 		goto exit;
813822
 	    }
813822
-	    if (pkt) *pkt = dec;
813822
+	    if (pkt)
813822
+		*pkt = dec;
813822
+	    else
813822
+		_free(dec);
813822
 	    if (pktlen) *pktlen = declen;
813822
 	    ec = PGPARMOR_PUBKEY;	/* XXX ASCII Pubkeys only, please. */
813822
 	    goto exit;
813822
-- 
813822
2.31.1
813822
813822
From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001
813822
From: Michal Domonkos <mdomonko@redhat.com>
813822
Date: Mon, 21 Jun 2021 17:51:14 +0200
813822
Subject: [PATCH 6/7] Fix memory leak with multiple %lang-s in one line
813822
813822
We permit two equivalent forms of specifying a list of languages per
813822
file:
813822
813822
  %lang(xx,yy,zz) /path/to/file
813822
  %lang(xx) %lang(yy) %lang(zz) /path/to/file
813822
813822
The leak was when parsing the second form.
813822
813822
Found by Coverity.
813822
---
813822
 build/files.c | 2 ++
813822
 1 file changed, 2 insertions(+)
813822
813822
diff --git a/build/files.c b/build/files.c
813822
index f8153ad2b..0c8859f6c 100644
813822
--- a/build/files.c
813822
+++ b/build/files.c
813822
@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur)
813822
 
813822
 	if (*pe == ',') pe++;	/* skip , if present */
813822
     }
813822
+
813822
+    q = _free(q);
813822
   }
813822
 
813822
     rc = RPMRC_OK;
813822
-- 
813822
2.31.1
813822
813822
From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001
813822
From: Michal Domonkos <mdomonko@redhat.com>
813822
Date: Fri, 25 Jun 2021 15:15:08 +0200
813822
Subject: [PATCH 7/7] Fix memory leaks in Lua rex extension
813822
813822
This covers the following usage:
813822
813822
expr = rex.newPOSIX(<regex>)
813822
expr:match(<string>)           # A leak occurred here
813822
expr:gmatch(<string>, <func>)  # A leak occurred here
813822
813822
Found by Coverity.
813822
---
813822
 luaext/lrexlib.c | 9 ++++++---
813822
 1 file changed, 6 insertions(+), 3 deletions(-)
813822
813822
diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c
813822
index 09c5a6454..0f29b6371 100644
813822
--- a/luaext/lrexlib.c
813822
+++ b/luaext/lrexlib.c
813822
@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match,
813822
 
813822
 static int rex_match(lua_State *L)
813822
 {
813822
+  int rc = 0;
813822
   int res;
813822
 #ifdef REG_BASIC
813822
   size_t len;
813822
@@ -109,9 +110,10 @@ static int rex_match(lua_State *L)
813822
     lua_pushstring(L, "n");
813822
     lua_pushnumber(L, ncapt);
813822
     lua_rawset(L, -3);
813822
-    return 3;
813822
-  } else
813822
-    return 0;
813822
+    rc = 3;
813822
+  }
813822
+  free(match);
813822
+  return rc;
813822
 }
813822
 
813822
 static int rex_gmatch(lua_State *L)
813822
@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L)
813822
       break;
813822
   }
813822
   lua_pushnumber(L, nmatch);
813822
+  free(match);
813822
   return 1;
813822
 }
813822
 
813822
-- 
813822
2.31.1
813822