Blame SOURCES/elinks-0.12pre6-static-analysis.patch

b07f02
From 0bfe44b6e0041210859c91e1589d5dc45c3991de Mon Sep 17 00:00:00 2001
b07f02
From: Kamil Dudka <kdudka@redhat.com>
b07f02
Date: Tue, 6 Nov 2018 18:35:19 +0100
b07f02
Subject: [PATCH] elinks: fix programming mistakes detected by static analysis
b07f02
b07f02
---
b07f02
 src/bfu/menu.c                |  1 +
b07f02
 src/bfu/msgbox.c              |  1 +
b07f02
 src/config/conf.c             |  5 ++++-
b07f02
 src/dialogs/options.c         |  3 ++-
b07f02
 src/intl/gettext/loadmsgcat.c | 14 ++++++++++++--
b07f02
 src/protocol/ftp/ftp.c        |  8 +++++++-
b07f02
 src/scripting/lua/core.c      |  8 ++++++--
b07f02
 src/terminal/event.c          |  2 +-
b07f02
 src/util/string.c             |  2 +-
b07f02
 9 files changed, 35 insertions(+), 9 deletions(-)
b07f02
b07f02
diff --git a/src/bfu/menu.c b/src/bfu/menu.c
b07f02
index 74b60d7..07285b7 100644
b07f02
--- a/src/bfu/menu.c
b07f02
+++ b/src/bfu/menu.c
b07f02
@@ -125,6 +125,7 @@ do_menu_selected(struct terminal *term, struct menu_item *items,
b07f02
 		refresh_hotkeys(term, menu);
b07f02
 		add_window(term, menu_handler, menu);
b07f02
 	} else {
b07f02
+		/* FIXME: This will cause BAD_FREE when called from do_setup_menu() */
b07f02
 		free_menu_items(items);
b07f02
 	}
b07f02
 }
b07f02
diff --git a/src/bfu/msgbox.c b/src/bfu/msgbox.c
b07f02
index d7af62b..f272459 100644
b07f02
--- a/src/bfu/msgbox.c
b07f02
+++ b/src/bfu/msgbox.c
b07f02
@@ -103,6 +103,7 @@ msg_text_do(unsigned char *format, va_list ap)
b07f02
 	VA_COPY(ap2, ap);
b07f02
 
b07f02
 	infolen = vsnprintf(NULL, 0, format, ap2);
b07f02
+	va_end(ap2);
b07f02
 	info = mem_alloc(infolen + 1);
b07f02
 	if (!info) return NULL;
b07f02
 
b07f02
diff --git a/src/config/conf.c b/src/config/conf.c
b07f02
index 12bba7c..e879ea5 100644
b07f02
--- a/src/config/conf.c
b07f02
+++ b/src/config/conf.c
b07f02
@@ -702,7 +702,10 @@ read_config_file(unsigned char *name)
b07f02
 	if (fd < 0) return NULL;
b07f02
 	set_bin(fd);
b07f02
 
b07f02
-	if (!init_string(&string)) return NULL;
b07f02
+	if (!init_string(&string)) {
b07f02
+		close(fd);
b07f02
+		return NULL;
b07f02
+	}
b07f02
 
b07f02
 	while ((r = safe_read(fd, cfg_buffer, FILE_BUF)) > 0) {
b07f02
 		int i;
b07f02
diff --git a/src/dialogs/options.c b/src/dialogs/options.c
b07f02
index f40d07d..a3a0a8b 100644
b07f02
--- a/src/dialogs/options.c
b07f02
+++ b/src/dialogs/options.c
b07f02
@@ -125,8 +125,9 @@ push_ok_button(struct dialog_data *dlg_data, struct widget_data *button)
b07f02
 static widget_handler_status_T
b07f02
 push_save_button(struct dialog_data *dlg_data, struct widget_data *button)
b07f02
 {
b07f02
+	struct terminal *term = dlg_data->win->term;
b07f02
 	push_ok_button(dlg_data, button);
b07f02
-	write_config(dlg_data->win->term);
b07f02
+	write_config(term);
b07f02
 
b07f02
 	return EVENT_PROCESSED;
b07f02
 }
b07f02
diff --git a/src/intl/gettext/loadmsgcat.c b/src/intl/gettext/loadmsgcat.c
b07f02
index 0eac283..1be7b2b 100644
b07f02
--- a/src/intl/gettext/loadmsgcat.c
b07f02
+++ b/src/intl/gettext/loadmsgcat.c
b07f02
@@ -312,8 +312,10 @@ source_success:
b07f02
 		unsigned char *read_ptr;
b07f02
 
b07f02
 		data = (struct mo_file_header *) malloc(size);
b07f02
-		if (data == NULL)
b07f02
+		if (data == NULL) {
b07f02
+			close(fd);
b07f02
 			return;
b07f02
+		}
b07f02
 
b07f02
 		to_read = size;
b07f02
 		read_ptr = (unsigned char *) data;
b07f02
@@ -321,6 +323,7 @@ source_success:
b07f02
 			ssize_t nb = safe_read(fd, read_ptr, to_read);
b07f02
 
b07f02
 			if (nb <= 0) {
b07f02
+				free(data);
b07f02
 				close(fd);
b07f02
 				return;
b07f02
 			}
b07f02
@@ -345,8 +348,15 @@ source_success:
b07f02
 	}
b07f02
 
b07f02
 	domain = (struct loaded_domain *) malloc(sizeof(struct loaded_domain));
b07f02
-	if (domain == NULL)
b07f02
+	if (domain == NULL) {
b07f02
+#ifdef LOADMSGCAT_USE_MMAP
b07f02
+		if (use_mmap)
b07f02
+			munmap((void *) data, size);
b07f02
+		else
b07f02
+#endif
b07f02
+			free(data);
b07f02
 		return;
b07f02
+	}
b07f02
 	domain_file->data = domain;
b07f02
 
b07f02
 	domain->data = (unsigned char *) data;
b07f02
diff --git a/src/protocol/ftp/ftp.c b/src/protocol/ftp/ftp.c
b07f02
index 10c9e28..fe3b7f0 100644
b07f02
--- a/src/protocol/ftp/ftp.c
b07f02
+++ b/src/protocol/ftp/ftp.c
b07f02
@@ -926,11 +926,17 @@ ftp_data_connect(struct connection *conn, int pf, struct sockaddr_storage *sa,
b07f02
 	}
b07f02
 
b07f02
 	fd = socket(pf, SOCK_STREAM, 0);
b07f02
-	if (fd < 0 || set_nonblocking_fd(fd) < 0) {
b07f02
+	if (fd < 0) {
b07f02
 		abort_connection(conn, connection_state(S_FTP_ERROR));
b07f02
 		return -1;
b07f02
 	}
b07f02
 
b07f02
+	if (set_nonblocking_fd(fd) < 0) {
b07f02
+		abort_connection(conn, connection_state(S_FTP_ERROR));
b07f02
+		close(fd);
b07f02
+		return -1;
b07f02
+	}
b07f02
+
b07f02
 	set_ip_tos_throughput(fd);
b07f02
 
b07f02
 	conn->data_socket->fd = fd;
b07f02
diff --git a/src/scripting/lua/core.c b/src/scripting/lua/core.c
b07f02
index 1c4dbbc..f86bf0d 100644
b07f02
--- a/src/scripting/lua/core.c
b07f02
+++ b/src/scripting/lua/core.c
b07f02
@@ -207,12 +207,16 @@ l_pipe_read(LS)
b07f02
 		if (l > 0) {
b07f02
 			unsigned char *news = mem_realloc(s, len + l);
b07f02
 
b07f02
-			if (!news) goto lua_error;
b07f02
+			if (!news) {
b07f02
+				pclose(fp);
b07f02
+				goto lua_error;
b07f02
+			}
b07f02
 			s = news;
b07f02
 			memcpy(s + len, buf, l);
b07f02
 			len += l;
b07f02
 
b07f02
-		} else if (l < 0) {
b07f02
+		} else {
b07f02
+			pclose(fp);
b07f02
 			goto lua_error;
b07f02
 		}
b07f02
 	}
b07f02
diff --git a/src/terminal/event.c b/src/terminal/event.c
b07f02
index 9ad90df..d0de6f0 100644
b07f02
--- a/src/terminal/event.c
b07f02
+++ b/src/terminal/event.c
b07f02
@@ -251,13 +251,13 @@ handle_interlink_event(struct terminal *term, struct interlink_event *ilev)
b07f02
 		/* Either the initialization of the first session failed or we
b07f02
 		 * are doing a remote session so quit.*/
b07f02
 		if (!decode_session_info(term, info)) {
b07f02
-			destroy_terminal(term);
b07f02
 			/* Make sure the user is notified if the initialization
b07f02
 			 * of the first session fails. */
b07f02
 			if (program.terminate) {
b07f02
 				usrerror(_("Failed to create session.", term));
b07f02
 				program.retval = RET_FATAL;
b07f02
 			}
b07f02
+			destroy_terminal(term);
b07f02
 			return 0;
b07f02
 		}
b07f02
 
b07f02
diff --git a/src/util/string.c b/src/util/string.c
b07f02
index 604a00d..833fb9b 100644
b07f02
--- a/src/util/string.c
b07f02
+++ b/src/util/string.c
b07f02
@@ -417,10 +417,10 @@ add_file_to_string(struct string *string, const unsigned char *filename)
b07f02
 	string->length += fread(string->source + string->length, 1,
b07f02
 	                        (size_t) filelen, file);
b07f02
 	string->source[string->length] = 0;
b07f02
-	fclose(file);
b07f02
 
b07f02
 	if (string->length != newlength) goto err;
b07f02
 
b07f02
+	fclose(file);
b07f02
 	return string;
b07f02
 
b07f02
 err:
b07f02
-- 
b07f02
2.17.2
b07f02