Re: Using relocatable-prog with relocatable libraries

2021-04-08 Thread Ben Pfaff 
On Mon, Apr 5, 2021 at 3:43 PM Reuben Thomas  wrote:
>
> On Mon, 5 Apr 2021 at 23:36, Reuben Thomas  wrote:
>>
>>
>> The comment about "all the copies of relocatable.c" in progreloc.c is surely 
>> is clue, but I cannot see how more than one copy of relocatable.c is ever 
>> compiled…
>
>
> Finally found, in relocatable-maint.texi, "If you need more than one module, 
> or you need to use them with different settings, you will need multiple 
> copies of gnulib (@pxref{Multiple instances})." Sorry for the noise!

Do you think it should be better documented, or documented somewhere
else? (I'm only getting to my email now.)

tar + cpio - covscan issues

2021-04-08 Thread Ondrej Dubaj 
Hello,

proposing patch for some of the issues found by coverity scan in tar-1.34

Patch:

diff --git a/gnu/malloc/scratch_buffer_dupfree.c
b/gnu/malloc/scratch_buffer_dupfree.c
index 775bff5..3b246f2 100644
--- a/gnu/malloc/scratch_buffer_dupfree.c
+++ b/gnu/malloc/scratch_buffer_dupfree.c
@@ -35,7 +35,13 @@ __libc_scratch_buffer_dupfree (struct scratch_buffer
*buffer, size_t size)
   else
 {
   void *copy = realloc (data, size);
-  return copy != NULL ? copy : data;
+  if (copy != NULL)
+  {
+data = NULL;
+return copy;
+  }
+  else
+return data;
 }
 }
 libc_hidden_def (__libc_scratch_buffer_dupfree)
diff --git a/lib/wordsplit.c b/lib/wordsplit.c
index 661a4f8..6ccaa2a 100644
--- a/lib/wordsplit.c
+++ b/lib/wordsplit.c
@@ -615,7 +615,6 @@ coalesce_segment (struct wordsplit *wsp, struct
wordsplit_node *node)
  node->flags |= p->flags & _WSNF_QUOTE;
  wsnode_remove (wsp, p);
  stop = p == end;
- wsnode_free (p);
}
   p = next;
 }

In addition, there are some issues which are not resolved by this patch.
There is a compiler warning about issues in utimens.c, which I find as
false positives. Another false positive is memory leak in malloca.c. Issue
presented in stdopen.c might be actually a problem. Can you please
investigate it and give feedback ?

Covscan results:

Error: CPPCHECK_WARNING (CWE-401):
tar-1.34/gnu/malloc/scratch_buffer_dupfree.c:38: error[memleak]:
Memory leak: copy
#   36|   {
#   37| void *copy = realloc (data, size);
#   38|->   return copy != NULL ? copy : data;
#   39|   }
#   40|   }

Error: CPPCHECK_WARNING (CWE-401):
tar-1.34/gnu/malloca.c:67: error[memleak]: Memory leak: mem
#   65| ((small_t *) p)[-1] = p - mem;
#   66| /* p sa_alignment_max mod 2*sa_alignment_max.  */
#   67|->   return p;
#   68|   }
#   69|   }

Error: RESOURCE_LEAK (CWE-772):
tar-1.34/gnu/stdopen.c:51: open_fn: Returning handle opened by "open".
[Note: The source code implementation of the function has been
overridden by a user model.]
tar-1.34/gnu/stdopen.c:51: var_assign: Assigning: "full_fd" = handle
returned from "open("/dev/full", mode)".
tar-1.34/gnu/stdopen.c:52: var_assign: Assigning: "new_fd" = "full_fd".
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "new_fd"
going out of scope leaks the handle.
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "full_fd"
going out of scope leaks the handle.
#   60| return 0;
#   61|   }
#   62|-> }
#   63|   }
#   64|

Error: RESOURCE_LEAK (CWE-772):
tar-1.34/gnu/stdopen.c:52: open_fn: Returning handle opened by "open".
[Note: The source code implementation of the function has been
overridden by a user model.]
tar-1.34/gnu/stdopen.c:52: var_assign: Assigning: "new_fd" = handle
returned from "open("/dev/null", mode)".
tar-1.34/gnu/stdopen.c:62: leaked_handle: Handle variable "new_fd"
going out of scope leaks the handle.
#   60| return 0;
#   61|   }
#   62|-> }
#   63|   }
#   64|

Error: COMPILER_WARNING (CWE-758):
tar-1.34/gnu/utimens.c: scope_hint: In function 'fdutimens'
tar-1.34/gnu/utimens.c:399:17: warning[-Wstringop-overflow=]:
'update_timespec' accessing 16 bytes in a region of size 8
#  399 |   if (ts && update_timespec (, ))
#  | ^~
tar-1.34/gnu/utimens.c:399:17: note: referencing argument 2 of type
'struct timespec * *'
tar-1.34/gnu/utimens.c:136:1: note: in a call to function 'update_timespec'
#  136 | update_timespec (struct stat const *statbuf, struct timespec *ts[2])
#  | ^~~
#  397| && (fd < 0 ? stat (file, ) : fstat (fd, )))
#  398|   return -1;
#  399|->   if (ts && update_timespec (, ))
#  400|   return 0;
#  401|   }

Error: COMPILER_WARNING (CWE-758):
tar-1.34/gnu/utimens.c: scope_hint: In function 'lutimens'
tar-1.34/gnu/utimens.c:612:17: warning[-Wstringop-overflow=]:
'update_timespec' accessing 16 bytes in a region of size 8
#  612 |   if (ts && update_timespec (, ))
#  | ^~
tar-1.34/gnu/utimens.c:612:17: note: referencing argument 2 of type
'struct timespec * *'
tar-1.34/gnu/utimens.c:136:1: note: in a call to function 'update_timespec'
#  136 | update_timespec (struct stat const *statbuf, struct timespec *ts[2])
#  | ^~~
#  610| if (adjustment_needed != 3 && lstat (file, ))
#  611|   return -1;
#  612|->   if (ts && update_timespec (, ))
#  613|   return 0;
#  614|   }

Error: USE_AFTER_FREE (CWE-416):
tar-1.34/lib/wordsplit.c:683: freed_arg: "coalesce_segment" frees "p->next".
tar-1.34/lib/wordsplit.c:680: use_after_free: Using freed pointer "p->next".
#  678| struct wordsplit_node *p;
#  679|
#  680|->   for (p = wsp->ws_head; p; p = p->next)
#  681|   {
#  682| if