Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit a8596e5

Browse files
author
Reini Urban
committed
fix some coverity issues with High impact
Security recommendation: stat+open, Time of check time of use Pointer to local outside scope (RETURN_LOCAL) Some resource leaks (not all yet)
1 parent ab282bb commit a8596e5

File tree

6 files changed

+21
-15
lines changed

6 files changed

+21
-15
lines changed

‎core/compile.c‎

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1257,8 +1257,7 @@ PN potion_source_dumpbc(Potion *P, PN cl, PN proto, PN options) {
12571257
h.minor = POTION_MINOR;
12581258
h.vmid = POTION_VMID;
12591259
h.pn = (u8)sizeof(PN);
1260-
1261-
PN_MEMCPY(PN_STR_PTR(pnb), &h, struct PNBHeader);
1260+
PN_MEMCPY(PN_STR_PTR(pnb), &h, struct PNBHeader); // coverity[uninit_use_in_call:FALSE]
12621261
PN_STR_LEN(pnb) = (long)sizeof(struct PNBHeader) +
12631262
potion_proto_dumpbc(P, proto, pnb, sizeof(struct PNBHeader));
12641263
return pnb;

‎core/file.c‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,7 @@ PN potion_file_read(Potion *P, PN cl, pn_file self, PN n) {
118118
PN potion_file_write(Potion *P, PN cl, pn_file self, PN obj) {
119119
long len = 0;
120120
char *ptr = NULL;
121+
double tmp;
121122
//TODO: maybe extract ptr+len to seperate function
122123
if (!PN_IS_PTR(obj)) {
123124
if (!obj) return PN_NIL; //silent
@@ -135,7 +136,7 @@ PN potion_file_write(Potion *P, PN cl, pn_file self, PN obj) {
135136
case PN_TSTRING: len = PN_STR_LEN(obj); ptr = PN_STR_PTR(obj); break;
136137
case PN_TBYTES: len = potion_send(obj, PN_STR("length")); ptr = PN_STR_PTR(obj); break;
137138
case PN_TNUMBER: {
138-
doubletmp = PN_DBL(obj); len = sizeof(tmp); ptr = (char *)&tmp;
139+
tmp = PN_DBL(obj); len = sizeof(tmp); ptr = (char *)&tmp;
139140
break;
140141
}
141142
default: return potion_type_error(P, obj);

‎core/gc.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -397,7 +397,7 @@ void *potion_gc_copy(Potion *P, struct PNObject *ptr) {
397397
if (!sz) { //external pointer or immediate value
398398
DBG_G(P,"GC copy: assuming extern pointer or immediate potion value %p: %ld / 0x%lx\n", ptr, *(long*)ptr, *(long*)ptr);
399399
//return ptr;
400-
memcpy(dst, ptr, sizeof(void*));
400+
memcpy(dst, ptr, sizeof(void*));// coverity[suspicious_sizeof::FALSE]
401401
return dst;
402402
}
403403
memcpy(dst, ptr, sz);

‎core/load.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ static char *potion_initializer_name(Potion *P, const char *filename, PN_SIZE le
6262
}
6363

6464
static PN potion_load_dylib(Potion *P, const char *filename) {
65-
void *handle = dlopen(filename, RTLD_LAZY);
65+
void *handle = dlopen(filename, RTLD_LAZY);// XXX when can we close this?
6666
void (*func)(Potion *);
6767
char *err, *init_func_name;
6868
if (handle == NULL) {

‎core/potion.c‎

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -78,17 +78,23 @@ static PN potion_cmd_exec(Potion *P, PN buf, char *filename, char *compile, char
7878

7979
if (!buf && filename) {
8080
struct stat stats;
81-
if (stat(filename, &stats) == -1) {
82-
fprintf(stderr, "** %s does not exist.", filename);
83-
goto done;
84-
}
81+
long size;
82+
char *bufptr;
83+
// TOCTTOU http://cwe.mitre.org/data/definitions/367.html
8584
fd = open(filename, O_RDONLY | O_BINARY);
8685
if (fd == -1) {
87-
fprintf(stderr, "** could not open %s. check permissions.", filename);
86+
if (stat(filename, &stats) == -1) {
87+
fprintf(stderr, "** %s does not exist.", filename);
88+
} else {
89+
fprintf(stderr, "** could not open %s. check permissions.", filename);
90+
}
8891
goto done;
8992
}
90-
long size = stats.st_size;
91-
char *bufptr;
93+
if (stat(filename, &stats) == -1) {
94+
fprintf(stderr, "** %s vanished!", filename);
95+
goto done;
96+
}
97+
size = stats.st_size;
9298
if (addcode) {
9399
int len = strlen(addcode);
94100
size += len;
@@ -117,7 +123,7 @@ static PN potion_cmd_exec(Potion *P, PN buf, char *filename, char *compile, char
117123
code = potion_parse(P, buf, filename);
118124
if (!code || PN_TYPE(code) == PN_TERROR) {
119125
potion_p(P, code);
120-
returncode;
126+
goto done;
121127
}
122128
DBG_v("\n-- parsed --\n");
123129
DBG_Pv(code);
@@ -196,7 +202,6 @@ static PN potion_cmd_exec(Potion *P, PN buf, char *filename, char *compile, char
196202
if (code &&
197203
(written = fwrite(PN_STR_PTR(code), 1, PN_STR_LEN(code), pnb) == PN_STR_LEN(code))) {
198204
printf("** compiled code saved to %s\n", outpath);
199-
fclose(pnb);
200205

201206
if (!compile || !strcmp(compile, "bc"))
202207
printf("** run it with: potion %s\n", outpath);
@@ -209,6 +214,7 @@ static PN potion_cmd_exec(Potion *P, PN buf, char *filename, char *compile, char
209214
fprintf(stderr, "** could not write all %s compiled code (%u/%u) to %s\n",
210215
compile?compile:"bytecode", written, code?PN_STR_LEN(code):0, outpath);
211216
}
217+
fclose(pnb);
212218
}
213219

214220
#if defined(DEBUG)

‎lib/buffile.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ PN potion_buffile_tmpfile(Potion *P, PN cl, PN ign) {
5858
struct PNBufFile *self;
5959
self = (struct PNBufFile *)potion_data_alloc(P, sizeof(struct PNBufFile));
6060
self->siz = BufFileSize;
61-
self->file = tmpfile();
61+
self->file = tmpfile();// CID 32134
6262
if (!self->file)
6363
return potion_io_error(P, "tmpfile");
6464
self->path = PN_NIL;

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /