GNU bug report logs -
#47362
important potential issues found by covscan in diffutils-3.7 on fedora
Previous Next
Reported by: than <than <at> redhat.com>
Date: Wed, 24 Mar 2021 14:10:01 UTC
Severity: normal
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 47362 in the body.
You can then email your comments to 47362 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-diffutils <at> gnu.org
:
bug#47362
; Package
diffutils
.
(Wed, 24 Mar 2021 14:10:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
than <than <at> redhat.com>
:
New bug report received and forwarded. Copy sent to
bug-diffutils <at> gnu.org
.
(Wed, 24 Mar 2021 14:10:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Dear diffutil devs,
Covscan found 10important potentialin diffutils-3.7 on fedora. The
Coverity covscan result is attached below. It could be that some of them
are false positive but it's worth checking the coverity covscan result.
Thanks!
Best Regards,
Than
List of Defects:
Error: COMPILER_WARNING (CWE-758): [#def1]
diffutils-3.7/lib/exclude.c:636:18: warning[-Wstringop-overflow=]:
writing 1 byte into a region of size 0
# 636 | buf[buf_count] = line_end;
# | ^
# 634|
# 635| buf = xrealloc (buf, buf_count + 1);
# 636|-> buf[buf_count] = line_end;
# 637| lim = buf + buf_count + ! (buf_count == 0 || buf[buf_count -
1] == line_end);
# 638|
Error: RESOURCE_LEAK (CWE-772): [#def2]
diffutils-3.7/lib/freopen-safer.c:42: open_fn: Returning handle opened
by "open". [Note: The source code implementation of the function has
been overridden by a user model.]
diffutils-3.7/lib/freopen-safer.c:42: var_assign: Assigning: "value" =
handle returned from "open("/dev/null", 0)".
diffutils-3.7/lib/freopen-safer.c:52: leaked_handle: Handle variable
"value" going out of scope leaks the handle.
# 50| return false;
# 51| }
# 52|-> return true;
# 53| }
# 54|
Error: CPPCHECK_WARNING (CWE-401): [#def3]
diffutils-3.7/lib/malloca.c:67: error[memleak]: Memory leak: mem
# 65| ((small_t *) p)[-1] = p - mem;
# 66| /* p sa_alignment_max mod 2*sa_alignment_max. */
# 67|-> return p;
# 68| }
# 69| }
Error: RESOURCE_LEAK (CWE-772): [#def4]
diffutils-3.7/lib/regex_internal.c:1684: alloc_fn: Storage is returned
from allocation function "calloc".
diffutils-3.7/lib/regex_internal.c:1684: var_assign: Assigning:
"newstate" = storage returned from "calloc(112UL, 1UL)".
diffutils-3.7/lib/regex_internal.c:1687: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_init_copy".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1727: leaked_storage: Variable
"newstate" going out of scope leaks the storage it points to.
# 1725| if (re_node_set_init_copy (newstate->entrance_nodes,
nodes)
# 1726| != REG_NOERROR)
# 1727|-> return NULL;
# 1728| nctx_nodes = 0;
# 1729| newstate->has_constraint = 1;
Error: BAD_FREE (CWE-763): [#def5]
diffutils-3.7/src/analyze.c:691: offset_free: "free" frees address
offset from "cmp->file[f].linbuf".
# 689| {
# 690| free (cmp->file[f].equivs);
# 691|-> free (cmp->file[f].linbuf + cmp->file[f].linbuf_base);
# 692| }
# 693|
Error: RESOURCE_LEAK (CWE-772): [#def6]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage
returned from "create_diff3_block(low[0], high[0], low[1], high[1],
lowc, highc)".
diffutils-3.7/src/diff3.c:798: leaked_storage: Variable "result" going
out of scope leaks the storage it points to.
# 796| D_LENARRAY (result, FILEC) + result_offset,
# 797| D_NUMLINES (ptr, FC)))
# 798|-> return 0;
# 799| }
# 800|
Error: RESOURCE_LEAK (CWE-772): [#def7]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage
returned from "create_diff3_block(low[0], high[0], low[1], high[1],
lowc, highc)".
diffutils-3.7/src/diff3.c:827: leaked_storage: Variable "result" going
out of scope leaks the storage it points to.
# 825| D_LENARRAY (result, FILE0 + d) + result_offset,
# 826| D_NUMLINES (ptr, FO)))
# 827|-> return 0;
# 828|
# 829| /* Catch the lines between here and the next diff */
Error: RESOURCE_LEAK (CWE-772): [#def8]
diffutils-3.7/src/ifdef.c:368: alloc_fn: Storage is returned from
allocation function "xmalloc".
diffutils-3.7/src/ifdef.c:368: var_assign: Assigning: "format" = storage
returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".
diffutils-3.7/src/ifdef.c:370: var_assign: Assigning: "p" = "format".
diffutils-3.7/src/ifdef.c:371: noescape: Resource "format" is not freed
or pointed-to in "memcpy". [Note: The source code implementation of the
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:372: noescape: Resource "format +
spec_prefix_len" is not freed or pointed-to in "memcpy". [Note: The
source code implementation of the function has been overridden by a
builtin model.]
diffutils-3.7/src/ifdef.c:375: noescape: Resource "format" is not freed
or pointed-to in "fprintf". [Note: The source code implementation of the
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "p" going out of
scope leaks the storage it points to.
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "format" going
out of scope leaks the storage it points to.
# 377| free (format);
# 378| #endif
# 379|-> }
# 380| }
# 381| break;
Error: RESOURCE_LEAK (CWE-772): [#def9]
diffutils-3.7/src/sdiff.c:1166: alloc_fn: Storage is returned from
allocation function "xmalloc".
diffutils-3.7/src/sdiff.c:1166: var_assign: Assigning: "buf" = storage
returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL + 1UL)".
diffutils-3.7/src/sdiff.c:1168: noescape: Resource "buf" is not freed or
pointed-to in "sprintf". [Note: The source code implementation of the
function has been overridden by a builtin model.]
diffutils-3.7/src/sdiff.c:1169: noescape: Resource "buf" is not freed or
pointed-to in "mkstemp".
diffutils-3.7/src/sdiff.c:1172: leaked_storage: Variable "buf" going out
of scope leaks the storage it points to.
# 1170| if (0 <= fd)
# 1171| tmpname = buf;
# 1172|-> return fd;
# 1173| }
Error: RESOURCE_LEAK (CWE-772): [#def10]
diffutils-3.7/src/util.c:594: alloc_fn: Storage is returned from
allocation function "xstrdup".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "color_buf" =
storage returned from "xstrdup(p)".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "buf" = "color_buf".
diffutils-3.7/src/util.c:702: leaked_storage: Variable "buf" going out
of scope leaks the storage it points to.
diffutils-3.7/src/util.c:702: leaked_storage: Variable "color_buf" going
out of scope leaks the storage it points to.
# 700| colors_enabled = false;
# 701| }
# 702|-> }
# 703|
# 704| static void
[Message part 2 (text/html, inline)]
Reply sent
to
Paul Eggert <eggert <at> cs.ucla.edu>
:
You have taken responsibility.
(Wed, 24 Mar 2021 21:17:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
than <than <at> redhat.com>
:
bug acknowledged by developer.
(Wed, 24 Mar 2021 21:17:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 47362-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Thanks for the bug report. Those are all false alarms or are already
fixed in Gnulib, except for a memory leak in ifdef.c for which I
installed the attached patch. Thanks for reporting the problem.
[0001-diff-plug-memory-leak-in-ifdef.c.patch (text/x-patch, attachment)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Thu, 22 Apr 2021 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 363 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.