teknoraver / rpms / rpm

Forked from rpms/rpm 3 months ago
Clone

Blame SOURCES/rpm-4.16.1.3-imp-covscan-fixes.patch

a5e32e
commit c7d7c5acd0c14d0450016887cba1d86483086794
a5e32e
Author: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date:   Mon Jun 21 10:05:10 2021 +0200
a5e32e
a5e32e
    Add quoting to literal curly brackets
a5e32e
    
a5e32e
    These curly brackets are already treated as literals by the shell, so
a5e32e
    let's make that explicit for clarity, and silence a ShellCheck warning
a5e32e
    at the same time.
a5e32e
    
a5e32e
    More info: https://github.com/koalaman/shellcheck/wiki/SC1083
a5e32e
    
a5e32e
    Found by ShellCheck.
a5e32e
a5e32e
    Adjusted for 4.16.1.3
a5e32e
a5e32e
diff -up rpm-4.16.1.3/scripts/check-rpaths-worker.orig rpm-4.16.1.3/scripts/check-rpaths-worker
a5e32e
--- rpm-4.16.1.3/scripts/check-rpaths-worker.orig	2021-06-29 15:34:31.671003589 +0200
a5e32e
+++ rpm-4.16.1.3/scripts/check-rpaths-worker	2021-06-29 15:34:51.993414093 +0200
a5e32e
@@ -120,13 +120,13 @@ for i; do
a5e32e
 	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
a5e32e
 		    badness=0;;
a5e32e
 
a5e32e
-		(\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
a5e32e
+		(\$ORIGIN|\$\{ORIGINX\}|\$ORIGIN/*|\$\{ORIGINX\}/*)
a5e32e
 		    test $allow_ORIGIN -eq 0 && badness=8 || {
a5e32e
 			badness=0
a5e32e
 			new_allow_ORIGIN=1
a5e32e
 		    }
a5e32e
 		    ;;
a5e32e
-		(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
a5e32e
+		(/*\$PLATFORM*|/*\$\{PLATFORM\}*|/*\$LIB*|/*\$\{LIB\}*)
a5e32e
 		    badness=0;;
a5e32e
 	    	
a5e32e
 	        (/lib|/usr/lib|/usr/X11R6/lib)
a5e32e
From d8dc4fd37b1d90cd97de7fcf484d449ec132c9b3 Mon Sep 17 00:00:00 2001
a5e32e
From: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date: Wed, 9 Jun 2021 21:31:40 +0200
a5e32e
Subject: [PATCH 1/7] Fix memory leak in sqlexec()
a5e32e
a5e32e
Callers are supposed to free the error strings themselves:
a5e32e
https://www.sqlite.org/capi3ref.html#sqlite3_exec
a5e32e
a5e32e
Found by Coverity.
a5e32e
---
a5e32e
 lib/backend/sqlite.c | 1 +
a5e32e
 1 file changed, 1 insertion(+)
a5e32e
a5e32e
diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
a5e32e
index 7c2de45aa..dbefeb163 100644
a5e32e
--- a/lib/backend/sqlite.c
a5e32e
+++ b/lib/backend/sqlite.c
a5e32e
@@ -233,6 +233,7 @@ static int sqlexec(sqlite3 *sdb, const char *fmt, ...)
a5e32e
 	rpmlog(RPMLOG_DEBUG, "%s: %d\n", cmd, rc);
a5e32e
 
a5e32e
     sqlite3_free(cmd);
a5e32e
+    sqlite3_free(err);
a5e32e
 
a5e32e
     return rc ? RPMRC_FAIL : RPMRC_OK;
a5e32e
 }
a5e32e
-- 
a5e32e
2.31.1
a5e32e
a5e32e
From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001
a5e32e
From: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date: Fri, 25 Jun 2021 11:21:46 +0200
a5e32e
Subject: [PATCH 2/7] Always free the arg list passed to rpmGlob()
a5e32e
a5e32e
Even though the actual implementation of rpmGlob() does not allocate the
a5e32e
passed arg list (av) if the return code (rc) is non-zero or arg count
a5e32e
(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to
a5e32e
free that memory, so make sure we do that irrespectively of the above
a5e32e
conditions.
a5e32e
a5e32e
Found by Coverity.
a5e32e
---
a5e32e
 lib/rpminstall.c | 1 +
a5e32e
 1 file changed, 1 insertion(+)
a5e32e
a5e32e
diff --git a/lib/rpminstall.c b/lib/rpminstall.c
a5e32e
index 724126e94..302ec0ba1 100644
a5e32e
--- a/lib/rpminstall.c
a5e32e
+++ b/lib/rpminstall.c
a5e32e
@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
a5e32e
 		rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp);
a5e32e
 	    }
a5e32e
 	    eiu->numFailed++;
a5e32e
+	    argvFree(av);
a5e32e
 	    continue;
a5e32e
 	}
a5e32e
 
a5e32e
-- 
a5e32e
2.31.1
a5e32e
a5e32e
From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001
a5e32e
From: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date: Mon, 14 Jun 2021 10:21:25 +0200
a5e32e
Subject: [PATCH 3/7] Fix resource leak in Fts_children()
a5e32e
a5e32e
This function is not used anywhere within our codebase (and neither is
a5e32e
it part of the public API) so it's basically a no-op... Still, rather
a5e32e
than yanking it completely, let's just silence the Coverity error here.
a5e32e
a5e32e
Found by Coverity.
a5e32e
---
a5e32e
 misc/fts.c | 4 +++-
a5e32e
 1 file changed, 3 insertions(+), 1 deletion(-)
a5e32e
a5e32e
diff --git a/misc/fts.c b/misc/fts.c
a5e32e
index d3ebb2946..caf27495d 100644
a5e32e
--- a/misc/fts.c
a5e32e
+++ b/misc/fts.c
a5e32e
@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr)
a5e32e
 	if ((fd = __open(".", O_RDONLY, 0)) < 0)
a5e32e
 		return (NULL);
a5e32e
 	sp->fts_child = fts_build(sp, instr);
a5e32e
-	if (__fchdir(fd))
a5e32e
+	if (__fchdir(fd)) {
a5e32e
+		(void)__close(fd);
a5e32e
 		return (NULL);
a5e32e
+	}
a5e32e
 	(void)__close(fd);
a5e32e
 	return (sp->fts_child);
a5e32e
 }
a5e32e
-- 
a5e32e
2.31.1
a5e32e
a5e32e
From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001
a5e32e
From: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date: Mon, 14 Jun 2021 12:34:23 +0200
a5e32e
Subject: [PATCH 4/7] Fix memory leak in fts_build()
a5e32e
a5e32e
Turns out this leak is already fixed in glibc's current version of fts.c
a5e32e
(where our copy originates from), so let's just backport that.
a5e32e
a5e32e
Original commit in glibc:
a5e32e
https://sourceware.org/git/?p=glibc.git;\
a5e32e
a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65
a5e32e
a5e32e
Found by Coverity.
a5e32e
---
a5e32e
 misc/fts.c | 2 ++
a5e32e
 1 file changed, 2 insertions(+)
a5e32e
a5e32e
diff --git a/misc/fts.c b/misc/fts.c
a5e32e
index caf27495d..f7fce0eaa 100644
a5e32e
--- a/misc/fts.c
a5e32e
+++ b/misc/fts.c
a5e32e
@@ -855,6 +855,7 @@ mem1:				saved_errno = errno;
a5e32e
 	     fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
a5e32e
 		cur->fts_info = FTS_ERR;
a5e32e
 		SET(FTS_STOP);
a5e32e
+		fts_lfree(head);
a5e32e
 		return (NULL);
a5e32e
 	}
a5e32e
 
a5e32e
@@ -862,6 +863,7 @@ mem1:				saved_errno = errno;
a5e32e
 	if (!nitems) {
a5e32e
 		if (type == BREAD)
a5e32e
 			cur->fts_info = FTS_DP;
a5e32e
+		fts_lfree(head);
a5e32e
 		return (NULL);
a5e32e
 	}
a5e32e
 
a5e32e
-- 
a5e32e
2.31.1
a5e32e
a5e32e
From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001
a5e32e
From: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date: Tue, 15 Jun 2021 13:34:21 +0200
a5e32e
Subject: [PATCH 5/7] Fix memory leak in decodePkts()
a5e32e
a5e32e
Found by Coverity.
a5e32e
---
a5e32e
 rpmio/rpmpgp.c | 6 +++++-
a5e32e
 1 file changed, 5 insertions(+), 1 deletion(-)
a5e32e
a5e32e
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
a5e32e
index c59185dce..ee5c81e24 100644
a5e32e
--- a/rpmio/rpmpgp.c
a5e32e
+++ b/rpmio/rpmpgp.c
a5e32e
@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
a5e32e
 	    crc = pgpCRC(dec, declen);
a5e32e
 	    if (crcpkt != crc) {
a5e32e
 		ec = PGPARMOR_ERR_CRC_CHECK;
a5e32e
+		_free(dec);
a5e32e
 		goto exit;
a5e32e
 	    }
a5e32e
-	    if (pkt) *pkt = dec;
a5e32e
+	    if (pkt)
a5e32e
+		*pkt = dec;
a5e32e
+	    else
a5e32e
+		_free(dec);
a5e32e
 	    if (pktlen) *pktlen = declen;
a5e32e
 	    ec = PGPARMOR_PUBKEY;	/* XXX ASCII Pubkeys only, please. */
a5e32e
 	    goto exit;
a5e32e
-- 
a5e32e
2.31.1
a5e32e
a5e32e
From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001
a5e32e
From: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date: Mon, 21 Jun 2021 17:51:14 +0200
a5e32e
Subject: [PATCH 6/7] Fix memory leak with multiple %lang-s in one line
a5e32e
a5e32e
We permit two equivalent forms of specifying a list of languages per
a5e32e
file:
a5e32e
a5e32e
  %lang(xx,yy,zz) /path/to/file
a5e32e
  %lang(xx) %lang(yy) %lang(zz) /path/to/file
a5e32e
a5e32e
The leak was when parsing the second form.
a5e32e
a5e32e
Found by Coverity.
a5e32e
---
a5e32e
 build/files.c | 2 ++
a5e32e
 1 file changed, 2 insertions(+)
a5e32e
a5e32e
diff --git a/build/files.c b/build/files.c
a5e32e
index f8153ad2b..0c8859f6c 100644
a5e32e
--- a/build/files.c
a5e32e
+++ b/build/files.c
a5e32e
@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur)
a5e32e
 
a5e32e
 	if (*pe == ',') pe++;	/* skip , if present */
a5e32e
     }
a5e32e
+
a5e32e
+    q = _free(q);
a5e32e
   }
a5e32e
 
a5e32e
     rc = RPMRC_OK;
a5e32e
-- 
a5e32e
2.31.1
a5e32e
a5e32e
From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001
a5e32e
From: Michal Domonkos <mdomonko@redhat.com>
a5e32e
Date: Fri, 25 Jun 2021 15:15:08 +0200
a5e32e
Subject: [PATCH 7/7] Fix memory leaks in Lua rex extension
a5e32e
a5e32e
This covers the following usage:
a5e32e
a5e32e
expr = rex.newPOSIX(<regex>)
a5e32e
expr:match(<string>)           # A leak occurred here
a5e32e
expr:gmatch(<string>, <func>)  # A leak occurred here
a5e32e
a5e32e
Found by Coverity.
a5e32e
---
a5e32e
 luaext/lrexlib.c | 9 ++++++---
a5e32e
 1 file changed, 6 insertions(+), 3 deletions(-)
a5e32e
a5e32e
diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c
a5e32e
index 09c5a6454..0f29b6371 100644
a5e32e
--- a/luaext/lrexlib.c
a5e32e
+++ b/luaext/lrexlib.c
a5e32e
@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match,
a5e32e
 
a5e32e
 static int rex_match(lua_State *L)
a5e32e
 {
a5e32e
+  int rc = 0;
a5e32e
   int res;
a5e32e
 #ifdef REG_BASIC
a5e32e
   size_t len;
a5e32e
@@ -109,9 +110,10 @@ static int rex_match(lua_State *L)
a5e32e
     lua_pushstring(L, "n");
a5e32e
     lua_pushnumber(L, ncapt);
a5e32e
     lua_rawset(L, -3);
a5e32e
-    return 3;
a5e32e
-  } else
a5e32e
-    return 0;
a5e32e
+    rc = 3;
a5e32e
+  }
a5e32e
+  free(match);
a5e32e
+  return rc;
a5e32e
 }
a5e32e
 
a5e32e
 static int rex_gmatch(lua_State *L)
a5e32e
@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L)
a5e32e
       break;
a5e32e
   }
a5e32e
   lua_pushnumber(L, nmatch);
a5e32e
+  free(match);
a5e32e
   return 1;
a5e32e
 }
a5e32e
 
a5e32e
-- 
a5e32e
2.31.1
a5e32e