Hello,
proposing patch for some of the issues found by coverity scan in tar-1.34
Patch:
diff --git a/gnu/malloc/scratch_buffer_dupfree.c b/gnu/malloc/scratch_buffer_dupfree.c
index 775bff5..3b246f2 100644
--- a/gnu/malloc/scratch_buffer_dupfree.c
+++ b/gnu/malloc/scratch_buffer_dupfree.c
@@ -35,7 +35,13 @@ __libc_scratch_buffer_dupfree (struct scratch_buffer *buffer, size_t size)
else
{
void *copy = realloc (data, size);
- return copy != NULL ? copy : data;
+ if (copy != NULL)
+ {
+ data = "">+ return copy;
+ }
+ else
+ return data;
}
}
libc_hidden_def (__libc_scratch_buffer_dupfree)
diff --git a/lib/wordsplit.c b/lib/wordsplit.c
index 661a4f8..6ccaa2a 100644
--- a/lib/wordsplit.c
+++ b/lib/wordsplit.c
@@ -615,7 +615,6 @@ coalesce_segment (struct wordsplit *wsp, struct wordsplit_node *node)
node->flags |= p->flags & _WSNF_QUOTE;
wsnode_remove (wsp, p);
stop = p == end;
- wsnode_free (p);
}
p = next;
}
In addition, there are some issues which are not resolved by this patch. There is a compiler warning about issues in utimens.c, which I find as false positives. Another false positive is memory leak in malloca.c. Issue presented in stdopen.c might be actually a problem. Can you please investigate it and give feedback ?
Thank you.
Ondrej
Covscan results:
Error: CPPCHECK_WARNING (CWE-401):
tar-1.34/gnu/malloc/scratch_buffer_dupfree.c:38: error[memleak]: Memory leak: copy
# 36| {
# 37| void *copy = realloc (data, size);
# 38|-> return copy != NULL ? copy : data;
# 39| }
# 40| }
Error: CPPCHECK_WARNING (CWE-401):
tar-1.34/gnu/malloca.c:67: error[memleak]: Memory leak: mem
# 65| ((small_t *) p)[-1] = p - mem;
# 66| /* p sa_alignment_max mod 2*sa_alignment_max. */
# 67|-> return p;
# 68| }
# 69| }
Error: RESOURCE_LEAK (CWE-772):
tar-1.34/gnu/stdopen.c:51: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
tar-1.34/gnu/stdopen.c:51: var_assign: Assigning: "full_fd" = handle returned from "open("/dev/full", mode)".
tar-1.34/gnu/stdopen.c:52: var_assign: Assigning: "new_fd" = "full_fd".
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "new_fd" going out of scope leaks the handle.
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "full_fd" going out of scope leaks the handle.
# 60| return 0;
# 61| }
# 62|-> }
# 63| }
# 64|
Error: RESOURCE_LEAK (CWE-772):
tar-1.34/gnu/stdopen.c:52: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
tar-1.34/gnu/stdopen.c:52: var_assign: Assigning: "new_fd" = handle returned from "open("/dev/null", mode)".
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "new_fd" going out of scope leaks the handle.
# 60| return 0;
# 61| }
# 62|-> }
# 63| }
# 64|
Error: COMPILER_WARNING (CWE-758):
tar-1.34/gnu/utimens.c: scope_hint: In function 'fdutimens'
tar-1.34/gnu/utimens.c:399:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8
# 399 | if (ts && update_timespec (&st, &ts))
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~
tar-1.34/gnu/utimens.c:399:17: note: referencing argument 2 of type 'struct timespec * *'
tar-1.34/gnu/utimens.c:136:1: note: in a call to function 'update_timespec'
# 136 | update_timespec (struct stat const *statbuf, struct timespec *ts[2])
# | ^~~~~~~~~~~~~~~
# 397| && (fd < 0 ? stat (file, &st) : fstat (fd, &st)))
# 398| return -1;
# 399|-> if (ts && update_timespec (&st, &ts))
# 400| return 0;
# 401| }
Error: COMPILER_WARNING (CWE-758):
tar-1.34/gnu/utimens.c: scope_hint: In function 'lutimens'
tar-1.34/gnu/utimens.c:612:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8
# 612 | if (ts && update_timespec (&st, &ts))
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~
tar-1.34/gnu/utimens.c:612:17: note: referencing argument 2 of type 'struct timespec * *'
tar-1.34/gnu/utimens.c:136:1: note: in a call to function 'update_timespec'
# 136 | update_timespec (struct stat const *statbuf, struct timespec *ts[2])
# | ^~~~~~~~~~~~~~~
# 610| if (adjustment_needed != 3 && lstat (file, &st))
# 611| return -1;
# 612|-> if (ts && update_timespec (&st, &ts))
# 613| return 0;
# 614| }
Error: USE_AFTER_FREE (CWE-416):
tar-1.34/lib/wordsplit.c:683: freed_arg: "coalesce_segment" frees "p->next".
tar-1.34/lib/wordsplit.c:680: use_after_free: Using freed pointer "p->next".
# 678| struct wordsplit_node *p;
# 679|
# 680|-> for (p = wsp->ws_head; p; p = p->next)
# 681| {
# 682| if (p->flags & _WSNF_JOIN)