New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clam 2296 coverity regressions #891
Conversation
Fix issue introduced during 1.1 dev. Fix coverity-405726 coverity-405725.
Because we free after the done-label.
The strncpy intentionally is not copying the NULL terminator for the log message prefix. The NULL will be added by vsnprintf, after. Switching to memcpy eliminates the warning.
c6059dc
to
916211a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good, just made a few suggestions.
| @@ -417,6 +419,7 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n | |||
| return memcmp(digest1, digest2, HASH_LEN) ? CL_EVERIFY : CL_SUCCESS; | |||
|
|
|||
| done: | |||
| free(decoded); | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is specified in the man page to not do anything if 'decoded' is NULL. Are there any platforms that do not honor this? Should we add a test just to be safe?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used to be superstitious about this, but from what I can tell it's safe everywhere if the pointer is NULL.
E.g. on Windows: https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/free?view=msvc-170
Coverity complained about missing break statements for two switch cases that end with asserts. Adding /* fall-through */ comments appears to assuage Coverity's fears.
abbd351
to
c8fcabe
Compare
Fix a number of recent coverity issues introduced during 1.1 dev, along with a large number of compile time warnings:
Fix many warnings
Fix benign compiler warning in logging macro
The strncpy intentionally is not copying the NULL terminator for the log message prefix. The NULL will be added by vsnprintf, after. Switching to memcpy eliminates the warning.
Fix possibly uninitialized variable warning
Coverity-401433: Fix file descriptor leak in VBA parser
Coverity-401434: Switch to realloc that does not free after failure
Because we free after the done-label.
Coverity-404677: Add missing frees in sigtool
Coverity-405726, 405725: Fix overlapping copy complaint
Fix issue introduced during 1.1 dev.
Fix coverity-405726 coverity-405725.
Coverity-405733, 405732: Add missing variable initializers
Coverity-405734: Add missing variable initializer
Coverity-405735: Add missing 'goto done;' on error