tar - covscan issues

Wed, 07 Apr 2021 01:25:08 -0700 

Hello,

proposing patch for some of the issues found by coverity scan in tar-1.34

Patch:

diff --git a/gnu/malloc/scratch_buffer_dupfree.c
b/gnu/malloc/scratch_buffer_dupfree.c
index 775bff5..3b246f2 100644
--- a/gnu/malloc/scratch_buffer_dupfree.c
+++ b/gnu/malloc/scratch_buffer_dupfree.c
@@ -35,7 +35,13 @@ __libc_scratch_buffer_dupfree (struct scratch_buffer
*buffer, size_t size)
   else
     {
       void *copy = realloc (data, size);
-      return copy != NULL ? copy : data;
+      if (copy != NULL)
+      {
+        data = NULL;
+        return copy;
+      }
+      else
+        return data;
     }
 }
 libc_hidden_def (__libc_scratch_buffer_dupfree)
diff --git a/lib/wordsplit.c b/lib/wordsplit.c
index 661a4f8..6ccaa2a 100644
--- a/lib/wordsplit.c
+++ b/lib/wordsplit.c
@@ -615,7 +615,6 @@ coalesce_segment (struct wordsplit *wsp, struct
wordsplit_node *node)
          node->flags |= p->flags & _WSNF_QUOTE;
          wsnode_remove (wsp, p);
          stop = p == end;
-         wsnode_free (p);
        }
       p = next;
     }

In addition, there are some issues which are not resolved by this patch.
There is a compiler warning about issues in utimens.c, which I find as
false positives. Another false positive is memory leak in malloca.c. Issue
presented in stdopen.c might be actually a problem. Can you please
investigate it and give feedback ?

Thank you.

Ondrej

Covscan results:

Error: CPPCHECK_WARNING (CWE-401):
tar-1.34/gnu/malloc/scratch_buffer_dupfree.c:38: error[memleak]:
Memory leak: copy
#   36|       {
#   37|         void *copy = realloc (data, size);
#   38|->       return copy != NULL ? copy : data;
#   39|       }
#   40|   }

Error: CPPCHECK_WARNING (CWE-401):
tar-1.34/gnu/malloca.c:67: error[memleak]: Memory leak: mem
#   65|             ((small_t *) p)[-1] = p - mem;
#   66|             /* p     sa_alignment_max mod 2*sa_alignment_max.  */
#   67|->           return p;
#   68|           }
#   69|       }

Error: RESOURCE_LEAK (CWE-772):
tar-1.34/gnu/stdopen.c:51: open_fn: Returning handle opened by "open".
[Note: The source code implementation of the function has been
overridden by a user model.]
tar-1.34/gnu/stdopen.c:51: var_assign: Assigning: "full_fd" = handle
returned from "open("/dev/full", mode)".
tar-1.34/gnu/stdopen.c:52: var_assign: Assigning: "new_fd" = "full_fd".
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "new_fd"
going out of scope leaks the handle.
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "full_fd"
going out of scope leaks the handle.
#   60|                 return 0;
#   61|               }
#   62|->         }
#   63|       }
#   64|

Error: RESOURCE_LEAK (CWE-772):
tar-1.34/gnu/stdopen.c:52: open_fn: Returning handle opened by "open".
[Note: The source code implementation of the function has been
overridden by a user model.]
tar-1.34/gnu/stdopen.c:52: var_assign: Assigning: "new_fd" = handle
returned from "open("/dev/null", mode)".
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "new_fd"
going out of scope leaks the handle.
#   60|                 return 0;
#   61|               }
#   62|->         }
#   63|       }
#   64|

Error: COMPILER_WARNING (CWE-758):
tar-1.34/gnu/utimens.c: scope_hint: In function 'fdutimens'
tar-1.34/gnu/utimens.c:399:17: warning[-Wstringop-overflow=]:
'update_timespec' accessing 16 bytes in a region of size 8
#  399 |       if (ts && update_timespec (&st, &ts))
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~
tar-1.34/gnu/utimens.c:399:17: note: referencing argument 2 of type
'struct timespec * *'
tar-1.34/gnu/utimens.c:136:1: note: in a call to function 'update_timespec'
#  136 | update_timespec (struct stat const *statbuf, struct timespec *ts[2])
#      | ^~~~~~~~~~~~~~~
#  397|             && (fd < 0 ? stat (file, &st) : fstat (fd, &st)))
#  398|           return -1;
#  399|->       if (ts && update_timespec (&st, &ts))
#  400|           return 0;
#  401|       }

Error: COMPILER_WARNING (CWE-758):
tar-1.34/gnu/utimens.c: scope_hint: In function 'lutimens'
tar-1.34/gnu/utimens.c:612:17: warning[-Wstringop-overflow=]:
'update_timespec' accessing 16 bytes in a region of size 8
#  612 |       if (ts && update_timespec (&st, &ts))
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~
tar-1.34/gnu/utimens.c:612:17: note: referencing argument 2 of type
'struct timespec * *'
tar-1.34/gnu/utimens.c:136:1: note: in a call to function 'update_timespec'
#  136 | update_timespec (struct stat const *statbuf, struct timespec *ts[2])
#      | ^~~~~~~~~~~~~~~
#  610|         if (adjustment_needed != 3 && lstat (file, &st))
#  611|           return -1;
#  612|->       if (ts && update_timespec (&st, &ts))
#  613|           return 0;
#  614|       }

Error: USE_AFTER_FREE (CWE-416):
tar-1.34/lib/wordsplit.c:683: freed_arg: "coalesce_segment" frees "p->next".
tar-1.34/lib/wordsplit.c:680: use_after_free: Using freed pointer "p->next".
#  678|     struct wordsplit_node *p;
#  679|
#  680|->   for (p = wsp->ws_head; p; p = p->next)
#  681|       {
#  682|         if (p->flags & _WSNF_JOIN)

Reply via email to