Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clam 2324 more coverity fixes 2 #899

Merged
merged 14 commits into from Apr 26, 2023
Merged

Clam 2324 more coverity fixes 2 #899

merged 14 commits into from Apr 26, 2023

Conversation

micahsnyder
Copy link
Contributor

Fixes a large range of warnings from Coverity, plus one new small leak detected by oss-fuzz.

@micahsnyder micahsnyder force-pushed the CLAM-2324-more-coverity-fixes-2 branch from 89e5977 to 4946076 Compare April 20, 2023 17:42
@micahsnyder
Coverity: fix assorted static analysis issues
c9adeff 
RTF:
- Coverity-344490: Use cli_realloc instead of cli_realloc2.
  cli_realloc2 will free the memory if the allocation fails, though we
  also free the memory later in SCAN_CLEANUP.
- Fix warning about unused variable.

AutoIt:
- Fix possible memory leaks of input and output buffers.
- Set pointer to NULL after handing off memory to new pointer.
@micahsnyder
Assorted unit test Coverity fixes
a69f803 
Coverity-344508: Fix out-of-bound read in check_str test.
The len argument cannot be longer than the size of the source buffer.
The original test was attempting to test an append failure.
The updated test checks for correct behavior with two consecutive
appends.

Also added function comments to document correct use of textbuffer
functions.

Coverity-344493: Fix out-of-bounds read in check_jsnorm test.
The buffers passed to tokenizer_test must be NULL-terminated.
@micahsnyder
Coverity-396088: Fix possible use of uninitialized variable in msxml …
b222fc2 
…parser.
@micahsnyder
Coverity-401432: Correctly initialize file descriptor in HFS+ parser
8c39174 
If not initialized, it could try to close some random file descriptor.
@micahsnyder
Coverity-396111: Fix possibly unitialized binop variable in bytecode …
736fe01 
…module

Fix possibly unitialized binop variable in bytecode module for STORE
and COPY instructions in bytecode module.

Refactored slightly to include additional opcode login in the switch statement.
@micahsnyder
Coverity-396100: Initialize url flags variable in phishcheck module.
e5bef6d
@micahsnyder
Coverity-396093: Correctly initialize zlib stream structure in vba_ex…
dcb56ad 
…tract module.
@micahsnyder
Coverity-396091: Initialize host array in clamav-milter netcode.
9694cad
@micahsnyder
Coverity-344513: Fix use-after-free in unit test error condition.
8745c10
@micahsnyder
Coverity and OSS-Fuzz fixes in PDF module
84bf2c7 
Prevent double-extraction of same PDF object

Two indirect references to the same PDF object may cause it to try to
extract that object twice. This also may cause it to set the extraction
path twice, which leaks the memory from the first time.

This commit records when object extraction is attempted and prevents
doing it again. It also adds a couple extra checks to make sure that the
object path string is not leaked.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58072

Also:

- Coverity-317959: Fix complaint about logically dead code. No need to
  check if UE variable is NULL because we would've returned earlier if it
  was NULL.

- A bunch of medium-severity coverity issues for PDF parser regarding
  checking if a `pdf` pointer is NULL after dereferencing it.

- Coverity-192930: bytes_remaining was being checked twice in a row
  without chainging it. Turns out we should have been changing it after
  moving the `index` pointer.

- Coverity-192920: Switch to use CLI_REALLOC instead of cli_realloc2.
  This is because cli_realloc2 would free `pdf->objs` on failure and we
  still need it.
@micahsnyder
Assorted clamd unit test Coverity fixes
2d31e0c 
Coverity-344510: Fix unitialized sock variable in check_clamd test
program. Only close the socket on error if is a valid file descriptor.

Coverity-344507: Remove unused file-open from clamd test.

Coverity-344497: clamd test recvpartial convenience function is was
reusing the `len` variable used for "how long is the reply" also as
the buffer length. Coverity appears to be confused here and thinks that
the length of the buffer may not be long enough for the NULL terminating
character. I have reworked this to use a separate variable for managing
the length of the buffer.
@micahsnyder
Resolve Coverity assignment of overlapping memory warnings
d9c3da6 
Coverity is unhappy with the use of the EC32, cli_readint32,
and cli_writeint32 macros (and the 64bit equivalents to potentially
change the endianess of variables in place.
It claims:

overlapping_assignment: Assigning ... to ..., which have overlapping
memory locations and different types.

Using a temporary variable in between reading and writing should
resolve these "high impact" complaints.

Resolves: Coverity-225232. 225225, 225215, 225212, 225180, 225170,
225165, 225161, 225159.
@micahsnyder
Fix assorted Coverity warnings in EGG parser
9af0201 
Coverity-225186, 225156: Fix possible leak of comment message in case
parsing the comment header fails after allocating the comment buffer.

Coverity-225184: Fix possible leak of egg block if the archive is not
solid and contains no files.

Additional improvements to egg parser error handling for functions that
pass back allocated memory through the parameters. Instead of checking
for failure before freeing the allocated memory, we'll hand off
ownership of the allocated memory to the parameter variable by setting
to NULL afterwards, and then always free the variable if not NULL after
the `done` label.
@micahsnyder
EGG parser: Fix error handling when comment can't be converted to utf8
231aeeb 
For some reason we're generating a filename wiith a random hash in it
to use for the comment content in the event that codepage converstion to
utf8 fails for the comment. This makes no sense. So I'm removing it and
letting it just fail out. The calling functions ignore the failure
anyways and move on which is good.

Note: I think the "cli_genfname" call that I'm removing was a copypaste
from the logic for converting the filename to utf8. We still do that.
I'm not sure about the consequence of failing to have a filename in that
case, so I'm going to leave it as-is.
@micahsnyder micahsnyder force-pushed the CLAM-2324-more-coverity-fixes-2 branch from 4946076 to 231aeeb Compare April 21, 2023 20:00
@micahsnyder
Copy link
Contributor Author

@ragusaa Ok added the egg parser CLI_REALLOC commit I mentioned in status today. I think I'm done with this PR. Ready for review when you're at a good place to context switch.

ragusaa
ragusaa requested changes Apr 26, 2023
View reviewed changes
libclamav/autoit.c Show resolved Hide resolved
@ragusaa
Copy link
Contributor

ragusaa commented Apr 26, 2023

Since there was a change in bytecode.c, I re-ran the bytecode tests with the interpreter and the LLVM runtime. There were no issues there, so I am approving.

@micahsnyder micahsnyder merged commit c45a15e into main Apr 26, 2023
22 of 24 checks passed
@micahsnyder micahsnyder deleted the CLAM-2324-more-coverity-fixes-2 branch May 1, 2023 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ragusaa ragusaa ragusaa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@micahsnyder @ragusaa