From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id AC3941F5AE for ; Sat, 5 Jun 2021 13:47:16 +0000 (UTC) Received: from localhost ([::1]:42438 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lpWdv-00061u-D7 for normalperson@yhbt.net; Sat, 05 Jun 2021 09:47:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53138) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lpWdr-00061g-VX; Sat, 05 Jun 2021 09:47:12 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.20]:23031) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lpWdp-0002sh-EM; Sat, 05 Jun 2021 09:47:11 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1622900824; cv=none; d=strato.com; s=strato-dkim-0002; b=CljEMx2YjXdHs3Rg/e4P1/+H3UCr3ssxpG35Y0U2hu8mXnYb1zruShWynH9FY2S6sI P499noJLDN/8rQzU7Nec4nKG4gaseILAInk6j/mYgTeflUz9KhaGGkNWal2AsYnFp7EB BvQ20h2h67NNaHzqZ6//rICXm1BTFDKWrHxKUk6RQKfa9MpMDwSl42mhatvyx28tPpVJ PU/4rO0PW/6tieJnd/hEIJYeJ/2vah9iYuM/v3qwBQscZUPhhake4SZmV071xaNi80+v i3PQlGg6eC5LRXTICm+4i+L+r5JNLD3+wrBBZwl/dN9B/WCMVsOxlxLqeLGGykcdmr6s nXcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1622900824; s=strato-dkim-0002; d=strato.com; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=+moH/5lBXjYM3KttpVQSqaxod6NF8KY14x9MiGqak9U=; b=W4Q2gIlkBJSh7NUmLiCPsXlI/K4sBez/t+mb6rrrJjbuucfNx6gG3hq211Cdv16DMw Su5rWz8JQGpK363X/pdVewYON/dRMwuHBq/obfhyEnLh1BoZX8WaPWpcq9Qy2mKdhgSu ppcI34kyKy2c+4MhIpDtJrIeSjrBI7wc1J7tVinm1ZPbU8Jez5Xex/MbXLfMhMrPgxxx iDPnD0BZocdC8SfHhNlUwcMKUKp0TIIpup8RZKoysvuWxEur+TEpwfBtVq+dugEYEPhB GUqGJQ5BiKxbEFfso/NRfLtu3zu7+1dYYOyRWwBlkiaXfTX+n5g2Wffr13nijUOv9/kh vHGA== ARC-Authentication-Results: i=1; strato.com; dkim=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1622900824; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=+moH/5lBXjYM3KttpVQSqaxod6NF8KY14x9MiGqak9U=; b=YjA4auhsfiUMzoo7v/Up2JYbdxy8C4VOfU3u0IlBw5yTDO+oUzZqIbZSTSDnbfTYn8 1P+LZVCrsg40qwyCzLC+fQLQkzQanNCdg8bjnRnjM3PUcxFW8xiwZ72boIPflJmbo0bN GqOSTra4hA6nqQ+no/qRSegYFgtkuokMPNzn2SN2aUsAFHQlXPnuzE/Rxrh98seX/2HA pNa/eIJMMqbNHU4JORrcS+FV+qdYPcAAiBWieblK7IAj4uTwkl0yuEH6H/WJFsOKd2Zj E3LwanBmyGafLXGG/ZDaCO6RRft0DE7KAud6jposkA2OZaftO1X3MPlGezVVNelmaVN5 ELHQ== Authentication-Results: strato.com; dkim=none X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH+AHjwLuWOHqf3z5NW" X-RZG-CLASS-ID: mo00 Received: from bruno.haible.de by smtp.strato.de (RZmta 47.27.2 DYNA|AUTH) with ESMTPSA id q0869dx55Dl4HLk (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (curve X9_62_prime256v1 with 256 ECDH bits, eq. 3072 bits RSA)) (Client did not present a certificate); Sat, 5 Jun 2021 15:47:04 +0200 (CEST) From: Bruno Haible To: Mike FABIAN Subject: Re: coverity scan shows 4 problems in bundled gnulib Date: Sat, 05 Jun 2021 15:47:03 +0200 Message-ID: <2158401.uxHaktr3c5@omega> User-Agent: KMail/5.1.3 (Linux/4.4.0-210-generic; KDE/5.18.0; x86_64; ; ) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Received-SPF: none client-ip=85.215.255.20; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.59, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: bug-libunistring@gnu.org, bug-gnulib@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" Mike FABIAN wrote in > A coverity scan of libunistring showed the following 4 problems in the bu= ndled gnulib: >=20 >=20 > Error: RESOURCE_LEAK (CWE-772): > libunistring-0.9.10/lib/vasnprintf.c:2123: alloc_fn: Storage is retur= ned from allocation function "u8_to_u32". > libunistring-0.9.10/lib/vasnprintf.c:2123: var_assign: Assigning: "co= nverted" =3D storage returned from "u8_to_u32(arg, arg_end - arg, converted= , &converted_len)". > libunistring-0.9.10/lib/vasnprintf.c:2140: leaked_storage: Variable "= converted" going out of scope leaks the storage it points to. > # 2138| if (converted !=3D result + length) > # 2139| { > # 2140|-> ENSURE_ALLOCATION (xsum (length= , converted_len)); > # 2141| DCHAR_CPY (result + length, con= verted, converted_len); > # 2142| free (converted); >=20 > Here in the ENSURE_ALLOCATION macro, if malloc or realloc fails, the macro > does a =E2=80=9Cgoto out_of_memory;=E2=80=9D and then =E2=80=9Cconverted= =E2=80=9D goes out of scope and is not freed anymore. >=20 > The other 3 reported problems are the same: >=20 > Error: RESOURCE_LEAK (CWE-772): > libunistring-0.9.10/lib/vasnprintf.c:2249: alloc_fn: Storage is retur= ned from allocation function "u16_to_u32". > libunistring-0.9.10/lib/vasnprintf.c:2249: var_assign: Assigning: "co= nverted" =3D storage returned from "u16_to_u32(arg, arg_end - arg, converte= d, &converted_len)". > libunistring-0.9.10/lib/vasnprintf.c:2266: leaked_storage: Variable "= converted" going out of scope leaks the storage it points to. > # 2264| if (converted !=3D result + length) > # 2265| { > # 2266|-> ENSURE_ALLOCATION (xsum (length= , converted_len)); > # 2267| DCHAR_CPY (result + length, con= verted, converted_len); > # 2268| free (converted); > =20 > Error: RESOURCE_LEAK (CWE-772): > libunistring-0.9.10/lib/vasnprintf.c:2375: alloc_fn: Storage is retur= ned from allocation function "u32_to_u16". > libunistring-0.9.10/lib/vasnprintf.c:2375: var_assign: Assigning: "co= nverted" =3D storage returned from "u32_to_u16(arg, arg_end - arg, converte= d, &converted_len)". > libunistring-0.9.10/lib/vasnprintf.c:2392: leaked_storage: Variable "= converted" going out of scope leaks the storage it points to. > # 2390| if (converted !=3D result + length) > # 2391| { > # 2392|-> ENSURE_ALLOCATION (xsum (length= , converted_len)); > # 2393| DCHAR_CPY (result + length, con= verted, converted_len); > # 2394| free (converted); > =20 > Error: RESOURCE_LEAK (CWE-772): > libunistring-0.9.10/lib/vasnprintf.c:5354: alloc_fn: Storage is retur= ned from allocation function "u8_conv_from_encoding". > libunistring-0.9.10/lib/vasnprintf.c:5354: var_assign: Assigning: "tm= pdst" =3D storage returned from "u8_conv_from_encoding(locale_charset(), ic= onveh_question_mark, tmpsrc, count, NULL, NULL, &tmpdst_len)". > libunistring-0.9.10/lib/vasnprintf.c:5371: leaked_storage: Variable "= tmpdst" going out of scope leaks the storage it points to. > # 5369| return NULL; > # 5370| } > # 5371|-> ENSURE_ALLOCATION (xsum (length, tm= pdst_len)); > # 5372| DCHAR_CPY (result + length, tmpdst,= tmpdst_len); > # 5373| free (tmpdst); Thanks for the report. Fixed through this patch (in gnulib). 2021-06-05 Bruno Haible vasnprintf: Don't leak memory when memory allocation fails. Found by Coverity. Reported by Mike Fabian in . * lib/vasnprintf.c (VASNPRINTF): In places where a local variable points to heap-allocated storage, free that storage before doing 'goto out_of_memory;'. diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c index f859fc4..089c113 100644 =2D-- a/lib/vasnprintf.c +++ b/lib/vasnprintf.c @@ -1924,7 +1924,7 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, =20 /* Ensures that allocated >=3D needed. Aborts through a jump to out_of_memory if needed is SIZE_MAX or otherwise too big. */ =2D#define ENSURE_ALLOCATION(needed) \ +#define ENSURE_ALLOCATION_ELSE(needed, oom_statement) \ if ((needed) > allocated) = \ { = \ size_t memory_size; = \ @@ -1935,17 +1935,19 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, allocated =3D (needed); = \ memory_size =3D xtimes (allocated, sizeof (DCHAR_T)); = \ if (size_overflow_p (memory_size)) = \ =2D goto out_of_memory; = \ + oom_statement = \ if (result =3D=3D resultbuf || result =3D=3D NULL) = \ memory =3D (DCHAR_T *) malloc (memory_size); = \ else = \ memory =3D (DCHAR_T *) realloc (result, memory_size); = \ if (memory =3D=3D NULL) = \ =2D goto out_of_memory; = \ + oom_statement = \ if (result =3D=3D resultbuf && length > 0) = \ DCHAR_CPY (memory, result, length); = \ result =3D memory; = \ } +#define ENSURE_ALLOCATION(needed) \ + ENSURE_ALLOCATION_ELSE((needed), goto out_of_memory; ) =20 for (cp =3D format, i =3D 0, dp =3D &d.dir[0]; ; cp =3D dp->dir_end, i= ++, dp++) { @@ -2193,7 +2195,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, } if (converted !=3D result + length) { =2D ENSURE_ALLOCATION (xsum (length, converted_l= en)); + ENSURE_ALLOCATION_ELSE (xsum (length, converte= d_len), + { free (converted); go= to out_of_memory; }); DCHAR_CPY (result + length, converted, convert= ed_len); free (converted); } @@ -2317,7 +2320,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, } if (converted !=3D result + length) { =2D ENSURE_ALLOCATION (xsum (length, converted_l= en)); + ENSURE_ALLOCATION_ELSE (xsum (length, converte= d_len), + { free (converted); go= to out_of_memory; }); DCHAR_CPY (result + length, converted, convert= ed_len); free (converted); } @@ -2441,7 +2445,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, } if (converted !=3D result + length) { =2D ENSURE_ALLOCATION (xsum (length, converted_l= en)); + ENSURE_ALLOCATION_ELSE (xsum (length, converte= d_len), + { free (converted); go= to out_of_memory; }); DCHAR_CPY (result + length, converted, convert= ed_len); free (converted); } @@ -2944,7 +2949,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, } } # else =2D ENSURE_ALLOCATION (xsum (length, tmpdst_len)); + ENSURE_ALLOCATION_ELSE (xsum (length, tmpdst_len), + { free (tmpdst); goto out_of_mem= ory; }); DCHAR_CPY (result + length, tmpdst, tmpdst_len); free (tmpdst); length +=3D tmpdst_len; @@ -3147,7 +3153,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, } } # else =2D ENSURE_ALLOCATION (xsum (length, tmpdst_len)); + ENSURE_ALLOCATION_ELSE (xsum (length, tmpdst_len), + { free (tmpdst); goto out_of_mem= ory; }); DCHAR_CPY (result + length, tmpdst, tmpdst_len); free (tmpdst); length +=3D tmpdst_len; @@ -5598,7 +5605,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, CLEANUP (); return NULL; } =2D ENSURE_ALLOCATION (xsum (length, tmpdst_len)); + ENSURE_ALLOCATION_ELSE (xsum (length, tmpdst_len), + { free (tmpdst); goto out_= of_memory; }); DCHAR_CPY (result + length, tmpdst, tmpdst_len); free (tmpdst); count =3D tmpdst_len;