Fixed some issues found by static analyzers #2634
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
dracut-install
Error: RESOURCE_LEAK (CWE-772): src/util/util.c:188: alloc_fn: Storage is returned from allocation function "strdup". src/util/util.c:188: var_assign: Assigning: "cmdline" = storage returned from "strdup(p)". src/util/util.c:209: identity_transfer: Passing "cmdline" as argument 1 to function "next_arg", which returns an offset off that argument. src/util/util.c:209: identity_transfer: Passing "cmdline" as argument 1 to function "next_arg", which sets "key" to an offset off that argument. src/util/util.c:209: identity_transfer: Passing "cmdline" as argument 1 to function "next_arg", which sets "value" to an offset off that argument. src/util/util.c:209: var_assign: Assigning: "cmdline" = storage returned from "next_arg(cmdline, &key, &value)". src/util/util.c:210: noescape: Resource "key" is not freed or pointed-to in "strcmp". src/util/util.c:219: leaked_storage: Variable "value" going out of scope leaks the storage it points to. src/util/util.c:219: leaked_storage: Variable "key" going out of scope leaks the storage it points to. src/util/util.c:209: identity_transfer: Passing "cmdline" as argument 1 to function "next_arg", which returns an offset off that argument. src/util/util.c:209: identity_transfer: Passing "cmdline" as argument 1 to function "next_arg", which sets "key" to an offset off that argument. src/util/util.c:209: identity_transfer: Passing "cmdline" as argument 1 to function "next_arg", which sets "value" to an offset off that argument. src/util/util.c:209: var_assign: Assigning: "cmdline" = storage returned from "next_arg(cmdline, &key, &value)". src/util/util.c:210: noescape: Resource "key" is not freed or pointed-to in "strcmp". src/util/util.c:219: leaked_storage: Variable "value" going out of scope leaks the storage it points to. src/util/util.c:219: leaked_storage: Variable "key" going out of scope leaks the storage it points to. src/util/util.c:238: leaked_storage: Variable "cmdline" going out of scope leaks the storage it points to.
Error: OVERRUN (CWE-119):
src/install/dracut-install.c:464: identity_transfer: Passing "4097UL" as argument 3 to function "readlink", which returns that argument. [Note: The source code implementation of the function has been overridden by a builtin model.]
src/install/dracut-install.c:464: assignment: Assigning: "linksz" = "readlink(fullsrcpath, linktarget, 4097UL)". The value of "linksz" is now 4097.
src/install/dracut-install.c:467: overrun-local: Overrunning array "linktarget" of 4097 bytes at byte offset 4097 using index "linksz" (which evaluates to 4097).
465| if (linksz < 0)
466| return NULL;
467|-> linktarget[linksz] = '\0';
468|
469| log_debug("get_real_file: readlink('%s') returns '%s'", fullsrcpath, linktarget);
"Error: RESOURCE_LEAK (CWE-772): src/util/util.c:252: alloc_fn: Storage is returned from allocation function ""strdup"". src/util/util.c:252: var_assign: Assigning: ""cmdline"" = storage returned from ""strdup(p)"". src/util/util.c:273: identity_transfer: Passing ""cmdline"" as argument 1 to function ""next_arg"", which returns an offset off that argument. src/util/util.c:273: identity_transfer: Passing ""cmdline"" as argument 1 to function ""next_arg"", which sets ""key"" to an offset off that argument. src/util/util.c:273: identity_transfer: Passing ""cmdline"" as argument 1 to function ""next_arg"", which sets ""value"" to an offset off that argument. src/util/util.c:273: var_assign: Assigning: ""cmdline"" = storage returned from ""next_arg(cmdline, &key, &value)"". src/util/util.c:274: noescape: Resource ""key"" is not freed or pointed-to in ""strcmp"". src/util/util.c:289: leaked_storage: Variable ""value"" going out of scope leaks the storage it points to. src/util/util.c:289: leaked_storage: Variable ""key"" going out of scope leaks the storage it points to. src/util/util.c:273: identity_transfer: Passing ""cmdline"" as argument 1 to function ""next_arg"", which returns an offset off that argument. src/util/util.c:273: identity_transfer: Passing ""cmdline"" as argument 1 to function ""next_arg"", which sets ""key"" to an offset off that argument. src/util/util.c:273: identity_transfer: Passing ""cmdline"" as argument 1 to function ""next_arg"", which sets ""value"" to an offset off that argument. src/util/util.c:273: var_assign: Assigning: ""cmdline"" = storage returned from ""next_arg(cmdline, &key, &value)"". src/util/util.c:274: noescape: Resource ""key"" is not freed or pointed-to in ""strcmp"". src/util/util.c:289: leaked_storage: Variable ""value"" going out of scope leaks the storage it points to. src/util/util.c:289: leaked_storage: Variable ""key"" going out of scope leaks the storage it points to. src/util/util.c:290: leaked_storage: Variable ""cmdline"" going out of scope leaks the storage it points to. 288| } 289| } while (cmdline[0]); 290|-> return found_value ? EXIT_SUCCESS : EXIT_FAILURE; 291| } 292| "
"Error: RESOURCE_LEAK (CWE-772): src/install/dracut-install.c:1135: alloc_fn: Storage is returned from allocation function ""strv_split"". src/install/dracut-install.c:1135: var_assign: Assigning: ""firmwaredirs"" = storage returned from ""strv_split(optarg, "":"")"". src/install/dracut-install.c:1135: overwrite_var: Overwriting ""firmwaredirs"" in ""firmwaredirs = strv_split(optarg, "":"")"" leaks the storage that ""firmwaredirs"" points to. 1133| break; 1134| case ARG_FIRMWAREDIRS: 1135|-> firmwaredirs = strv_split(optarg, "":""); 1136| break; 1137| case 'f':"
dtardon
reviewed
Mar 7, 2024
| @@ -253,16 +253,15 @@ static int getargs(int argc, char **argv) | |||
| char *search_value; | |||
| bool found_value = false; | |||
| char *cmdline = NULL; | |||
| char *cmdline_iter = NULL; | |||
There was a problem hiding this comment.
Merge this into the preceding line?
dtardon
reviewed
Mar 7, 2024
| @@ -204,9 +204,16 @@ static int getarg(int argc, char **argv) | |||
| if (strlen(search_key) == 0) | |||
| usage(GETARG, EXIT_FAILURE, "search key undefined"); | |||
|
|
|||
| cmdline = strdup(p); | |||
There was a problem hiding this comment.
Hmm, I see no reason to copy p in the first place... The function could just use it directly, i.e., initialize cmdline (the iterator) simply as cmdline = p. Or have I overlooked something?
There was a problem hiding this comment.
I have... next_arg() modifies the string, so it must be copied. So scratch this.
dtardon
reviewed
Mar 7, 2024
| @@ -180,12 +180,12 @@ static int getarg(int argc, char **argv) | |||
| char *end_value = NULL; | |||
| bool bool_value = false; | |||
| char *cmdline = NULL; | |||
| char *cmdline_iter = NULL; | |||
There was a problem hiding this comment.
Merge this into the preceding line?
There was a problem hiding this comment.
Also, the var doesn't have to be initialized.
|
CI tests seems to be failing with
I have not had a chance to investigate yet. |
dtardon
suggested changes
Mar 12, 2024
| do { | ||
| char *key = NULL, *value = NULL; | ||
| cmdline = next_arg(cmdline, &key, &value); | ||
| cmdline = next_arg(cmdline_iter, &key, &value); |
| @@ -180,12 +180,12 @@ static int getarg(int argc, char **argv) | |||
| char *end_value = NULL; | |||
| bool bool_value = false; | |||
| char *cmdline = NULL; | |||
| char *cmdline_iter = NULL; | |||
There was a problem hiding this comment.
Also, the var doesn't have to be initialized.
| do { | ||
| char *key = NULL, *value = NULL; | ||
| cmdline = next_arg(cmdline, &key, &value); | ||
| cmdline = next_arg(cmdline_iter, &key, &value); |
| } while (cmdline[0]); | ||
| } while (cmdline_iter[0]); | ||
|
|
||
| free(cmdline_iter); |
| @@ -1140,6 +1140,7 @@ static int parse_argv(int argc, char *argv[]) | |||
| kerneldir = optarg; | |||
| break; | |||
| case ARG_FIRMWAREDIRS: | |||
| strv_free(firmwaredirs); | |||
| firmwaredirs = strv_split(optarg, ":"); | |||
There was a problem hiding this comment.
Not related to the fix, but maybe add a check that strv_split() succeeded?
|
This issue is being marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. If this is still an issue in the latest release of Dracut and you would like to keep it open please comment on this issue within the next 7 days. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.