Various fixes based on coverity errors #405

lutter · 2016-09-29T19:22:46Z

This fixes are all based on running augeas through coverity.

… paths

…tax error

… them fails

The main reason to make these macros is that it makes sure we set state->regs to NULL when we save registers so that any error path does not inadvertently free the caller's registers. Before we inconsistently set state->regs to NULL manually, and there were cases where we could have freed the caller's registers when encountering certain errors.

…e error

We were calling free on a pointer into the interior of an array

When we ran out of memory, we did not properly free the previously allocated LOCPATH.

…lure

This allows us to remove some confused checking

These routines are now more resilient to being passed NULL arguments

The TREE argument must not be NULL, so there's no need to check for that later on

Fixing this to make coverity happy - it's unused code in a debugging routine

If we succeed in allocating INI ourselves, but then fail to push the initial state into it, we would leak INI. Fix that by explicitly freeing it.

When we tried to allocate BODY and allocation failed, we still had allocated memory in PARAMS that was not freed in the error label. We now free that list on error. To make sure we do not try and free PARAMS when it has been linked into FUNC, we set it to NULL after the call to BUILD_FUNC. The call to BUILD_FUNC also erroneously checked the return value for NULL, even though this function can never return NULL. This check was removed.

… "/*"

We used to call STRDUP for no good reason on the constant error message returned by PATHX_ERROR and promptly leaked it.

Without this cleanup, it's too hard to spot genuine leaks from address sanitizer

There was no good reason why we allocated a span here; in fact, it would only get leaked as there was nothing in visit_exit that would move the span into the tree.

… for NULL

…thx_exn make_pathx_exn already increases the reference count appropriately. The additional reference caused INFO to be leaked.

When parse failed, and we needed to skip the actual put, we used to return straight away, even though we were holding on to a number of intermediate data structures. Now we properly clean them up.

Otherwise, we might try to free cmd.opt before it has been set to NULL.

If we encountered an (internal) error in ENSURE, it was possible that we leaked SKEL and DICT. We now make sure they get set to NULL when we have saved them, and free them if they are not NULL yet.

This avoids false positives with address sanitizer

lutter · 2016-10-02T01:16:26Z

With the latest updates to this PR, pretty much all coverity errors have been addressed, and the build passes for me locally with ASAN turned on.

When we went to clean up files that are not managed by a lens anymore, we just assumed that anything with a 'path' child held metadata for a file and removed that metadata and the actual contents. That could lead to a situation where creating a node /augeas/files/path would lead to a crash. We now use an explicit flag in the tree node that holds file metadata to indicate the fact rather than just inferring it from the presence of a 'path' child, so that we will never inadvertently free everything under /augeas/files.

This file used tabs for indentation which causes errors about misleading indentation with GCC 6. Replacing tabs with spaces fixes that.

lutter added 19 commits September 29, 2016 12:20

Update gnulib to 5f7358cc

564fcd9

* transform.c (load_file): avoid leaking span on parse errors

d24320e

* transform.c (load_file, text_store): do not leak info on some error…

4d128f2

… paths

* augeas.c (aug_set, aug_print): do not leak p when path expr has syn…

729f7ab

…tax error

* augeas.c (aug_setm): fix leaking of bx and sx

2a88350

* transform.c (xfm_error): do not leak v or l if allocation of one of…

bf54bb7

… them fails

* src/augeas.c (aug_text_store): fix leak of p on syntax error in path

db84d3b

* src/augeas.c (aug_rm): do not leak p on syntax error in path

c307c1f

* src/augeas.c (aug_defnode): do not leak p on syntax error in expr

863d752

* src/augeas.c (aug_to_xml): do not leak P on syntax error in PATHIN

bc769e3

* src/transform.c (text_store): remove dead code

f268b52

* src/transform.c (remove_file): remove some unreachable code

40592ca

* src/transform.c (text_retrieve): remove unused variable

fd87c42

* src/augeas.c (aug_load_file): check xasprintf call for alloc error

b9e6d4e

* src/lens.c (typecheck_n): make clearer why we return early

3306cf4

* src/augeas.c (unlink_removed_files): avoid leaking PX on pathx pars…

8f4c7b9

…e error

* src/pathx.c (clone_vlaue): remove incorrect call to free

a7351fa

We were calling free on a pointer into the interior of an array

* src/pathx.c (parse_relative_location_path): avoid leak on ENOMEM

ded43af

When we ran out of memory, we did not properly free the previously allocated LOCPATH.

lutter mentioned this pull request Sep 29, 2016

Run with address sanitizer in CI #404

Closed

thedrow mentioned this pull request Sep 30, 2016

DO NOT MERGE - Address sanitizer plus latest coverity fixes #406

Closed

lutter added 9 commits September 30, 2016 17:49

* src/lexer.l (regexp_literal): avoid knockon error on allocation fai…

56199ef

…lure

* src/pathx.c (ns_from_locpath): insist that arg LP is not NULL

5a6f709

This allows us to remove some confused checking

* src/info.c, src/lens.c: shore up some error formatting routines

e9961db

These routines are now more resilient to being passed NULL arguments

* src/internal.c (path_expand): remove unnecessary NULL check

3cacb36

The TREE argument must not be NULL, so there's no need to check for that later on

* src/get.c (print_frames): do not leak the result of format_lens

92c9a66

Fixing this to make coverity happy - it's unused code in a debugging routine

* src/fa.c (determinize): do not leak INI in an error case

adb38f5

If we succeed in allocating INI ourselves, but then fail to push the initial state into it, we would leak INI. Fix that by explicitly freeing it.

* src/augeas.c (dump_tree): do not leak P when we can't compile pathx…

531372e

… "/*"

* src/builtin.c (make_pathx_exn): avoid unnecessary alllocation and leak

d8c5b66

We used to call STRDUP for no good reason on the constant error message returned by PATHX_ERROR and promptly leaked it.

lutter added 9 commits September 30, 2016 17:49

* cutest.h (CuSuiteFree): new function to free memory held by a suite

c6b4b21

* tests/fatest.c: free memory allocated by tests

9b08193

Without this cleanup, it's too hard to spot genuine leaks from address sanitizer

* src/transform.c (transform_file_error): do not leak EP

60f3aac

* src/augrun.c (aug_srun): do not leak command_opt when 'quit' is issued

e1c1ed1

* src/internal.h (move): new macro to move ownership of pointers

606836f

* src/get.c (get_subtree): make sure we do not leak a span on error

edcaaa0

* src/get.c (visit_enter): do not allocate a new span for L_MAYBE

5be0b57

There was no good reason why we allocated a span here; in fact, it would only get leaked as there was nothing in visit_exit that would move the span into the tree.

* src/get.c (visit_exit): do not deref TREE until after we checked it…

8da45c9

… for NULL

* src/get.c (rec_process): do not leak span on error

0ac14c0

lutter force-pushed the dev/cov branch from 33685db to 35a1c30 Compare October 1, 2016 00:50

lutter added 10 commits October 1, 2016 18:13

* tests: fix various memory leaks caused by the tests

bac37f1

* src/pathx.c (axis_sep): remove unused constant

f6b7ffb

* src/pathx.c (parse_location_path): do not leak STEP on error

5c88645

* src/augrun.c (cmd_errors): do not leak filename

5522ab2

* src/builtin.c (pathx_parse_glue): do not ref INFO passed to make_pa…

790cb9d

…thx_exn make_pathx_exn already increases the reference count appropriately. The additional reference caused INFO to be leaked.

* src/put.c (lns_put): do not leak various things when parse fails

310d0f7

When parse failed, and we needed to skip the actual put, we used to return straight away, even though we were holding on to a number of intermediate data structures. Now we properly clean them up.

* src/augrun.c (aug_srun): make sure we always initialize CMD

35ed59b

Otherwise, we might try to free cmd.opt before it has been set to NULL.

* src/get.c (parse_combine): do not leak SKEL or DICT on error

99228bd

If we encountered an (internal) error in ENSURE, it was possible that we leaked SKEL and DICT. We now make sure they get set to NULL when we have saved them, and free them if they are not NULL yet.

* src/get.c (visit_exit): do not leak SKEL when we fail to allocate DICT

958fc38

* examples/fadot.c: free the result from FA_AS_REGEXP

c106a28

This avoids false positives with address sanitizer

lutter force-pushed the dev/cov branch from 35a1c30 to e38a014 Compare October 2, 2016 01:14

lutter force-pushed the dev/cov branch from 8440ac6 to a0e04bf Compare October 2, 2016 19:39

* NEWS: add note about coverity/ASAN fixes

9404fe4

lutter force-pushed the dev/cov branch from a0e04bf to 9404fe4 Compare October 2, 2016 20:09

lutter added 2 commits October 4, 2016 10:09

* tests/cutest.h: remove misleading const decls from struct CuTest

b9d718d

* tests/cutest.c: fix indentation by removing tabs

0d8c7bb

This file used tabs for indentation which causes errors about misleading indentation with GCC 6. Replacing tabs with spaces fixes that.

lutter merged commit 0d8c7bb into hercules-team:master Oct 4, 2016

lutter deleted the dev/cov branch October 4, 2016 17:38

Various fixes based on coverity errors #405

Various fixes based on coverity errors #405

lutter commented Sep 29, 2016

lutter commented Oct 2, 2016

Various fixes based on coverity errors #405

Various fixes based on coverity errors #405

Conversation

lutter commented Sep 29, 2016

lutter commented Oct 2, 2016