Hello,
I have packaged Virtuoso for openSUSE to be used by KDE's Soprano and while
doing so rpmlint, the rpm checking tool, reported:
=====
I: A function overflows or underflows an array access. This could be a real
error,
but occasionaly this condition is also misdetected due to loop unrolling or
strange pointer
handling. So this is warning only, please review.
W: virtuoso arraysubscript sqlcost.c:1053
W: virtuoso arraysubscript string_tmpl.c:625, 633, 787, 808, 889, 910
I: Statement might be overflowing a buffer in strncat. Common mistake:
BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left
over size as 3rd argument
GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: virtuoso bufferoverflowstrncat http_client.c:414
I: Program returns random data in a function
E: virtuoso no-return-in-nonvoid-function sqlovdb.c:203, 172, 151
=====
The first one comes from a gcc warning and since the code involved in not
trivial I couldn't confirm, but it appears to me the accesses are not guarded
against the invalid accesses.
The second case is clearly a bug (caused by strncat() being brain-damaged
API), the second thunk of the attached patch fixes that.
The third item is also from a gcc warning, it should be harmless in practice
but I suggest using either the gcc noreturn attribute for gpf_notice() or
using the first hunk of the attached patch.
--
Lubos Lunak
KDE developer
--------------------------------------------------------------
SUSE LINUX, s.r.o. e-mail: [email protected] , [email protected]
Lihovarska 1060/12 tel: +420 284 084 672
190 00 Prague 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz
--- libsrc/Wi/sqlovdb.c.sav 2009-04-19 23:48:59.000000000 +0200
+++ libsrc/Wi/sqlovdb.c 2009-05-07 17:23:08.000000000 +0200
@@ -121,7 +121,7 @@ sqlo_new_locus (sqlo_t * so, remote_ds_t
return loc;
}
-#define NO_VDB GPF_T1 ("This build does not include virtual database support.")
+#define NO_VDB do { GPF_T1 ("This build does not include virtual database support."); abort(); } while(0)
void
sqlo_table_new_locus (sqlo_t * so, df_elt_t * tb_dfe, remote_ds_t * rds, dk_set_t col_preds, dk_set_t * after_test, dk_set_t after_join_test, dk_set_t * vdb_join_test)
--- libsrc/Wi/http_client.c.sav 2009-04-19 23:48:56.000000000 +0200
+++ libsrc/Wi/http_client.c 2009-05-07 17:25:28.000000000 +0200
@@ -411,7 +411,7 @@ http_cli_negotiate_socks4 (dk_session_t
socksreq[8] = 0; /* no name */
if (name)
{
- strncat ((char*)socksreq + 8, name, sizeof(socksreq) - 8);
+ strncat ((char*)socksreq + 8, name, sizeof(socksreq) - 8 - strlen(name) - 1);
socksreq[sizeof (socksreq) - 1] = 0;
packetsize = 9 + strlen ((char *) socksreq + 8);
}
