cvs-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD


From: Mark D. Baushke
Subject: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD
Date: Thu, 11 May 2006 10:25:46 -0700

Hi Christos,

I have addressed more of the Coverity bugs from run 22:

    CID   Checker         Status
    632   DEADCODE        FALSE
    924   FORWARD_NULL    BUG
    994   FORWARD_NULL    BUG
    995   FORWARD_NULL    BUG
    996   FORWARD_NULL    BUG
    997   FORWARD_NULL    BUG
    1053  FORWARD_NULL    BUG
    1054  FORWARD_NULL    BUG
    1055  FORWARD_NULL    BUG
    1056  FORWARD_NULL    FALSE
    1057  FORWARD_NULL    IGNORE
    2427  REVERSE_NULL    BUG
    2428  REVERSE_NULL    BUG

All of CIDs 994, 995, 1055 and 1057 were fixed by the patch to the
Entnode_Create function in entries.c rather than in the location where
the error was reported.

I have applied this fix to both the cvs-1.11.x (STABLE) and cvs-1.12.x
(FEATURE) branches in the main cvs repository. The following patch is
against the :pserver:address@hidden:/cvsroot
src/gnu/dist/xcvs/src top-of-tree sources.

I will continue to work through the list of remaining problems as time
permits.

None of these fixes appear to have any security implications.

        Enjoy!
        -- Mark

[BTW: The CVS development team address has changed to <address@hidden>.]

Note: The change to the previous ChangeLog entry was to remove an extra
initial space character that appeared before the first TAB.

Index: ChangeLog
===================================================================
RCS file: /cvsroot/src/gnu/dist/xcvs/src/ChangeLog,v
retrieving revision 1.2
diff -u -p -r1.2 ChangeLog
--- ChangeLog   4 May 2006 15:39:34 -0000       1.2
+++ ChangeLog   11 May 2006 09:45:20 -0000
@@ -1,18 +1,45 @@
+2006-05-11  Mark D. Baushke  <address@hidden>
+
+       * add.c (add_directory): Protect tag from NULL dereference.
+       [Fixes NetBSD cid-1054.]
+
+       * client.c (handle_mt): Deal with missing text argument.
+       [Fixes NetBSD cid-924.]
+
+       * entries.c (Entnode_Create): Protect date, tag and ts_conflict
+       from possible NULL dereference.
+       [Fixes NetBSD coverity cid-994, cid-995, cid-1055, cid-1057.]
+
+       * entries.c (Entries_Open): Protect dirtag and dirdate from
+       possible NULL dereference.
+       [Fixes NetBSD coverity cid-996.]
+
+       * log.c (cvslog): Validate start and end args to
+       date_to_internet().
+       [Fixes NetBSD coverity cid-2427 and cid-2428.]
+
+       * logmsg.c (fmt_proc): Protect li->tag from NULL dereference.
+       [Fixes NetBSD coverity cid-997.]
+
+       * vers_ts.c (Version_TS): Protect tag and vers_ts->tag from NULL
+       dereference.
+       [Fixes NetBSD coverity cid-1053.]
+
 2006-05-04  Mark D. Baushke  <address@hidden>
 
-       * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d
-       storage laying around.
-       * commit.c (commit): Handle possible NULL filename values
-       returned from cvs_temp_file().
-       * filesubr.c (cvs_temp_name): Ditto.
-       * import.c (import): Ditto.
-       * login.c (password_entry_operation): Ditto.
-       * logmsg.c (do_verify): Ditto.
-       * patch.c (patch_fileproc): Ditto.
-       [Fixes NetBSD coverity cid-2545.]
+       * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d
+       storage laying around.
+       * commit.c (commit): Handle possible NULL filename values
+       returned from cvs_temp_file().
+       * filesubr.c (cvs_temp_name): Ditto.
+       * import.c (import): Ditto.
+       * login.c (password_entry_operation): Ditto.
+       * logmsg.c (do_verify): Ditto.
+       * patch.c (patch_fileproc): Ditto.
+       [Fixes NetBSD coverity cid-2545.]
 
-       * buffer.c (packetizing_buffer_output): Initialize outdata.
-       [Fixes NetBSD coverity cid-2474.]
+       * buffer.c (packetizing_buffer_output): Initialize outdata.
+       [Fixes NetBSD coverity cid-2474.]
 
        * server.c (server_updated): Fix NetBSD coverity cid-1352
        NetBSD-sparc64 of 2006-May-02 03:02:46.
Index: add.c
===================================================================
RCS file: /cvsroot/src/gnu/dist/xcvs/src/add.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 add.c
--- add.c       4 Feb 2006 15:54:55 -0000       1.1.1.1
+++ add.c       11 May 2006 09:45:20 -0000
@@ -852,7 +852,7 @@ add_directory (finfo)
        p->key = xstrdup ("- New directory");
        li = (struct logfile_info *) xmalloc (sizeof (struct logfile_info));
        li->type = T_TITLE;
-       li->tag = xstrdup (tag);
+       li->tag = tag ? xstrdup (tag) : NULL;
        li->rev_old = li->rev_new = NULL;
        p->data = li;
        (void) addnode (ulist, p);
Index: client.c
===================================================================
RCS file: /cvsroot/src/gnu/dist/xcvs/src/client.c,v
retrieving revision 1.3
diff -u -p -r1.3 client.c
--- client.c    19 Mar 2006 22:58:14 -0000      1.3
+++ client.c    11 May 2006 09:45:20 -0000
@@ -3277,7 +3277,7 @@ handle_mt (args, len)
                        cvs_output ("\n", 1);
                        free (updated_fname);
                    }
-                   updated_fname = xstrdup (text);
+                   updated_fname = text ? xstrdup (text) : NULL;
                }
                /* Swallow all other tags.  Either they are extraneous
                   or they reflect future extensions that we can
@@ -3286,13 +3286,13 @@ handle_mt (args, len)
            else if (importmergecmd.seen)
            {
                if (strcmp (tag, "conflicts") == 0)
-                   importmergecmd.conflicts = atoi (text);
+                   importmergecmd.conflicts = text ? atoi (text) : -1;
                else if (strcmp (tag, "mergetag1") == 0)
-                   importmergecmd.mergetag1 = xstrdup (text);
+                   importmergecmd.mergetag1 = text ? xstrdup (text) : NULL;
                else if (strcmp (tag, "mergetag2") == 0)
-                   importmergecmd.mergetag2 = xstrdup (text);
+                   importmergecmd.mergetag2 = text ? xstrdup (text) : NULL;
                else if (strcmp (tag, "repository") == 0)
-                   importmergecmd.repository = xstrdup (text);
+                   importmergecmd.repository = text ? xstrdup (text) : NULL;
                /* Swallow all other tags.  Either they are text for
                    which we are going to print our own version when we
                    see -importmergecmd, or they are future extensions
Index: entries.c
===================================================================
RCS file: /cvsroot/src/gnu/dist/xcvs/src/entries.c,v
retrieving revision 1.2
diff -u -p -r1.2 entries.c
--- entries.c   4 Feb 2006 16:29:56 -0000       1.2
+++ entries.c   11 May 2006 09:45:20 -0000
@@ -59,9 +59,9 @@ Entnode_Create(type, user, vn, ts, optio
     ent->version   = xstrdup (vn);
     ent->timestamp = xstrdup (ts ? ts : "");
     ent->options   = xstrdup (options ? options : "");
-    ent->tag       = xstrdup (tag);
-    ent->date      = xstrdup (date);
-    ent->conflict  = xstrdup (ts_conflict);
+    ent->tag       = tag ? xstrdup (tag) : NULL;
+    ent->date      = date ? xstrdup (date) : NULL;
+    ent->conflict  = ts_conflict ? xstrdup (ts_conflict) : NULL;
 
     return ent;
 }
@@ -491,8 +491,8 @@ Entries_Open (aflag, update_dir)
        sdtp = (struct stickydirtag *) xmalloc (sizeof (*sdtp));
        memset ((char *) sdtp, 0, sizeof (*sdtp));
        sdtp->aflag = aflag;
-       sdtp->tag = xstrdup (dirtag);
-       sdtp->date = xstrdup (dirdate);
+       sdtp->tag = dirtag ? xstrdup (dirtag) : NULL;
+       sdtp->date = dirdate ? xstrdup (dirdate) : NULL;
        sdtp->nonbranch = dirnonbranch;
 
        /* feed it into the list-private area */
Index: log.c
===================================================================
RCS file: /cvsroot/src/gnu/dist/xcvs/src/log.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 log.c
--- log.c       4 Feb 2006 15:55:23 -0000       1.1.1.1
+++ log.c       11 May 2006 09:45:20 -0000
@@ -316,17 +316,20 @@ cvslog (argc, argv)
        {
            p = log_data.datelist;
            log_data.datelist = p->next;
-           send_to_server ("Argument -d\012", 0);
-           send_to_server ("Argument ", 0);
-           date_to_internet (datetmp, p->start);
-           send_to_server (datetmp, 0);
-           if (p->inclusive)
-               send_to_server ("<=", 0);
-           else
-               send_to_server ("<", 0);
-           date_to_internet (datetmp, p->end);
-           send_to_server (datetmp, 0);
-           send_to_server ("\012", 0);
+           if (p->start != NULL && p->end != NULL)
+           {
+               send_to_server ("Argument -d\012", 0);
+               send_to_server ("Argument ", 0);
+               date_to_internet (datetmp, p->start);
+               send_to_server (datetmp, 0);
+               if (p->inclusive)
+                   send_to_server ("<=", 0);
+               else
+                   send_to_server ("<", 0);
+               date_to_internet (datetmp, p->end);
+               send_to_server (datetmp, 0);
+               send_to_server ("\012", 0);
+           }
            if (p->start)
                free (p->start);
            if (p->end)
@@ -337,13 +340,15 @@ cvslog (argc, argv)
        {
            p = log_data.singledatelist;
            log_data.singledatelist = p->next;
-           send_to_server ("Argument -d\012", 0);
-           send_to_server ("Argument ", 0);
-           date_to_internet (datetmp, p->end);
-           send_to_server (datetmp, 0);
-           send_to_server ("\012", 0);
            if (p->end)
+           {
+               send_to_server ("Argument -d\012", 0);
+               send_to_server ("Argument ", 0);
+               date_to_internet (datetmp, p->end);
+               send_to_server (datetmp, 0);
+               send_to_server ("\012", 0);
                free (p->end);
+           }
            free (p);
        }
            
Index: logmsg.c
===================================================================
RCS file: /cvsroot/src/gnu/dist/xcvs/src/logmsg.c,v
retrieving revision 1.3
diff -u -p -r1.3 logmsg.c
--- logmsg.c    4 May 2006 15:39:34 -0000       1.3
+++ logmsg.c    11 May 2006 09:45:20 -0000
@@ -155,7 +155,7 @@ fmt_proc (p, closure)
 
            if (tag != NULL)
                free (tag);
-           tag = xstrdup (li->tag);
+           tag = li->tag ? xstrdup (li->tag) : NULL;
 
            /* Force a new line.  */
            col = 70;
Index: vers_ts.c
===================================================================
RCS file: /cvsroot/src/gnu/dist/xcvs/src/vers_ts.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 vers_ts.c
--- vers_ts.c   4 Feb 2006 15:55:48 -0000       1.1.1.1
+++ vers_ts.c   11 May 2006 09:45:20 -0000
@@ -155,8 +155,8 @@ Version_TS (finfo, options, tag, date, f
      */
     if (tag || date)
     {
-       vers_ts->tag = xstrdup (tag);
-       vers_ts->date = xstrdup (date);
+       vers_ts->tag = tag ? xstrdup (tag) : NULL;
+       vers_ts->date = date ? xstrdup (date) : NULL;
     }
     else if (!vers_ts->entdata && (sdtp && sdtp->aflag == 0))
     {
@@ -200,7 +200,7 @@ Version_TS (finfo, options, tag, date, f
            if (vers_ts->vn_rcs == NULL)
                vers_ts->vn_tag = NULL;
            else if (simple)
-               vers_ts->vn_tag = xstrdup (vers_ts->tag);
+               vers_ts->vn_tag = vers_ts->tag ? xstrdup (vers_ts->tag) : NULL;
            else
                vers_ts->vn_tag = xstrdup (vers_ts->vn_rcs);
        }




reply via email to

[Prev in Thread] Current Thread [Next in Thread]