Clam 2296 coverity regressions #891
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix issue introduced during 1.1 dev. Fix coverity-405726 coverity-405725.
Because we free after the done-label.
The strncpy intentionally is not copying the NULL terminator for the log message prefix. The NULL will be added by vsnprintf, after. Switching to memcpy eliminates the warning.
micahsnyder
force-pushed
the
CLAM-2296-coverity-regressions
branch
from
c6059dc
to
916211a
Compare
ragusaa
requested changes
Apr 10, 2023
| @@ -417,6 +419,7 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n | |||
| return memcmp(digest1, digest2, HASH_LEN) ? CL_EVERIFY : CL_SUCCESS; | |||
|
|
|||
| done: | |||
| free(decoded); | |||
There was a problem hiding this comment.
It is specified in the man page to not do anything if 'decoded' is NULL. Are there any platforms that do not honor this? Should we add a test just to be safe?
There was a problem hiding this comment.
I used to be superstitious about this, but from what I can tell it's safe everywhere if the pointer is NULL.
E.g. on Windows: https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/free?view=msvc-170
ragusaa
approved these changes
Apr 11, 2023
Coverity complained about missing break statements for two switch cases that end with asserts. Adding /* fall-through */ comments appears to assuage Coverity's fears.
micahsnyder
force-pushed
the
CLAM-2296-coverity-regressions
branch
from
abbd351
to
c8fcabe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Fix a number of recent coverity issues introduced during 1.1 dev, along with a large number of compile time warnings:
Fix many warnings
Fix benign compiler warning in logging macro
The strncpy intentionally is not copying the NULL terminator for the log message prefix. The NULL will be added by vsnprintf, after. Switching to memcpy eliminates the warning.
Fix possibly uninitialized variable warning
Coverity-401433: Fix file descriptor leak in VBA parser
Coverity-401434: Switch to realloc that does not free after failure
Because we free after the done-label.
Coverity-404677: Add missing frees in sigtool
Coverity-405726, 405725: Fix overlapping copy complaint
Fix issue introduced during 1.1 dev.
Fix coverity-405726 coverity-405725.
Coverity-405733, 405732: Add missing variable initializers
Coverity-405734: Add missing variable initializer
Coverity-405735: Add missing 'goto done;' on error