“dpkg-deb -I foo.deb” leaks the file handle for the package’s control file. Check for read errors and close the file before it falls out of scope.
Found by cppcheck. Reported-by: Raphael Geissert <[email protected]> Signed-off-by: Jonathan Nieder <[email protected]> --- Raphael Geissert wrote: > Right, should have been more careful. This is a false positive. No problem --- finding the problems and writing a first patch is half the work already. Consider this a wishlist bug for the static analyzers: if they would output their suggestions in the form of a patch, I would find them much more usable... Looking over the patch again, it seems I forgot to check for errors before closing control. Here’s a revised patch. Thanks again, Jonathan debian/changelog | 4 ++++ dpkg-deb/info.c | 4 ++++ 2 files changed, 8 insertions(+), 0 deletions(-) diff --git a/debian/changelog b/debian/changelog index 02d5a43..3a62972 100644 --- a/debian/changelog +++ b/debian/changelog @@ -63,6 +63,10 @@ dpkg (1.15.6) UNRELEASED; urgency=low * Fix error handling, clean up and refactor compression code. Thanks to Jonathan Nieder for several of the patches. + [ Jonathan Nieder ] + * Fix a file handle leak in dpkg-deb --info. Thanks to Raphael Geissert for + the report and patch. + [ Modestas Vainius ] * Implement symbol patterns (Closes: #563752). From now on, it is possible to match multiple symbols with a single entry in the symbol file template. diff --git a/dpkg-deb/info.c b/dpkg-deb/info.c index 9ce7e76..6f58dc1 100644 --- a/dpkg-deb/info.c +++ b/dpkg-deb/info.c @@ -183,6 +183,10 @@ static void info_list(const char *debar, const char *directory) { } if (!lines) putc('\n', stdout); + if (ferror(cc)) + ohshite(_("failed to read `%.255s' (in `%.255s')"), + "control", directory); + fclose(cc); } m_output(stdout, _("<standard output>")); -- 1.7.0 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
