GNOME Bugzilla – Bug 731990
Various static analysis fixes
Last modified: 2014-07-26 20:44:35 UTC
Patches coming to fix various issues found by static analysis. They have not been thoroughly tested. If you want access to the Coverity account for libxml2, please let me know.
Created attachment 278872 [details] [review] HTMLparser: Correctly initialise a stack allocated structure If not initialised, the ‘node’ member remains undefined. Coverity issue: #60466
Created attachment 278873 [details] [review] xmlcatalog: Fix a memory leak on quit Coverity issue: #60442
Created attachment 278874 [details] [review] xmlIO: Fix an FD leak on gzdopen() failure According to the documentation, gzdopen() does not close the FD on failure (but does effectively close it on success, since gzclose() closes it). Coverity issues: #60440, #60441
Created attachment 278875 [details] [review] runtest: Fix a memory leak on parse failure Coverity issue: #60439
Created attachment 278876 [details] [review] xmlschemastypes: Fix potential array overflow The year and month need validating before being put into the MAX_DAYINMONTH macro. Coverity issue: #60436
Created attachment 278877 [details] [review] xpath: Prevent a read overflow from a buffer in a large-input case If (len >= XML_MAX_NAMELEN), the memcpy() call would end up reading off the end of buf. Limit it to the length of buf. Coverity issue: #60435
All fine and commited except the last one as we have a guard if (len > XML_MAX_NAMELEN) a couple of lines above on the same block, and the case of equality is covered by the buffer being allocated larger. That patch is also wrong as it would generate a huge cost penalty unnecessarily to anybody using non ASCII names for markup and XPath. But all others patches were just fine, and are pushed to git head :-) thanks a lot Daniel