Page MenuHome GnuPG
Create Task
Maniphest T5381

libgpg-error coverity static analysis reports
Closed, ResolvedPublic
Actions

Description

Our routine scan of all the packages found couple of potential issues. None of them look like high-priority, but some would be great to have fixed.

libgpg-error-coverity.patch3 KBDownload

On top of these, we have also some issues with shell scripts. This can be probably simplified, but as I did not manage to come up with a proposed patch:

Error: SHELLCHECK_WARNING (CWE-398): [#def1]
/usr/bin/gpgrt-config:44:25: error[SC2066]: Since you double quoted this, it will not word split, and the loop will only run once.

  1. 42| # variant of get_attr for list (separated by ',')
  2. 43| get_attr_l () {
  3. 44|-> (IFS=', '; for x in "$(get_attr $1)"; do echo $x; done)
  4. 45| }
  5. 46|

There is a couple of more less important issues so I can either share them with you or try to prepare more patches.

Revisions and Commits

rE libgpg-error
rEad062b0a5b7d build,tests: Fix leaks of memory or file pointer.
rE956c40f106ea core: Fix gpgrt_wait_processes, by skipping invalid PID.
rE89a353f418f5 build: Fix gpgrt-config for handling 'Requires' field.

Related Objects

Event Timeline

Jakuje created this task.Apr 6 2021, 5:56 PM

FYI, I sent DCO to gnupg-devel@gnupg.org some moments ago, so I hope it arrived correctly.

werner added a project: gpgrt.Apr 6 2021, 11:29 PM
werner added a subscriber: werner.

Actually I don't care about releasing resources for regression test failures.
The other missing free is for code which is commented out (#if 0) but should eventually be fixed.

gniibe added a subscriber: gniibe.Apr 7 2021, 10:25 AM

Thank you.
For get_attr_l, I pushed a fix as rE89a353f418f5: build: Fix gpgrt-config for handling 'Requires' field.

Actually, for GnuPG build with its libraries, we don't have any cases having multiple entries of Requires.

gniibe added a commit: rE89a353f418f5: build: Fix gpgrt-config for handling 'Requires' field..Apr 7 2021, 10:26 AM
Jakuje added a comment.Apr 7 2021, 11:56 AM

Thanks. I understand that this is no big issue in the test code, but half of the code paths have proper cleaning already so fixing it once should save anyone in the future going through the same issues over and over again during our releases or anyone else who would run your code through static analyzer.

gniibe added a commit: rE956c40f106ea: core: Fix gpgrt_wait_processes, by skipping invalid PID..Apr 8 2021, 4:15 AM
gniibe added a comment.Apr 8 2021, 4:26 AM

For gpgrt_wait_processes, I modified it to skip invalid PID.
The change is: rE956c40f106ea: core: Fix gpgrt_wait_processes, by skipping invalid PID.

Jakuje added a comment.Apr 8 2021, 9:33 AM
In T5381#144927, @gniibe wrote:

For gpgrt_wait_processes, I modified it to skip invalid PID.
The change is: rE956c40f106ea: core: Fix gpgrt_wait_processes, by skipping invalid PID.

Thanks. Note, that the same code is in gnupg2 in common/exechelp-posix.c:736

gniibe added a comment.EditedApr 9 2021, 1:45 AM

Thanks. Note, that the same code is in gnupg2 in common/exechelp-posix.c:736

Yes, I pushed as: rGd82dae5d2229: common: Fix gnupg_wait_processes, by skipping invalid PID.

For other fixes, I will apply those eventually.

BTW, I don't have your key to check your mail of DCO. In the long run, it's good for Red Hat to prepare their WKD setup, so that keys can be distributed by the company. For a while, could you please send me your key by another email mailto:gniibe@fsij.org?

gniibe added a commit: rEad062b0a5b7d: build,tests: Fix leaks of memory or file pointer..Apr 12 2021, 6:08 AM
gniibe closed this task as Resolved.Apr 12 2021, 6:08 AM
gniibe claimed this task.

Thank you for your publishing your key of CB6BE1D0D7D1594A.
I applied and pushed your changes.

werner mentioned this in T5352: Release libgpg-error 1.43.Nov 3 2021, 3:16 PM