After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 731990 - Various static analysis fixes
Various static analysis fixes
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
2.7.8
Other All
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2014-06-20 20:51 UTC by Philip Withnall
Modified: 2014-07-26 20:44 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
HTMLparser: Correctly initialise a stack allocated structure (957 bytes, patch)
2014-06-20 20:52 UTC, Philip Withnall
none Details | Review
xmlcatalog: Fix a memory leak on quit (987 bytes, patch)
2014-06-20 20:53 UTC, Philip Withnall
none Details | Review
xmlIO: Fix an FD leak on gzdopen() failure (1.46 KB, patch)
2014-06-20 20:53 UTC, Philip Withnall
none Details | Review
runtest: Fix a memory leak on parse failure (1002 bytes, patch)
2014-06-20 20:53 UTC, Philip Withnall
none Details | Review
xmlschemastypes: Fix potential array overflow (1.08 KB, patch)
2014-06-20 20:53 UTC, Philip Withnall
none Details | Review
xpath: Prevent a read overflow from a buffer in a large-input case (1011 bytes, patch)
2014-06-20 20:53 UTC, Philip Withnall
none Details | Review

Description Philip Withnall 2014-06-20 20:51:28 UTC
Patches coming to fix various issues found by static analysis. They have not been thoroughly tested.

If you want access to the Coverity account for libxml2, please let me know.
Comment 1 Philip Withnall 2014-06-20 20:52:58 UTC
Created attachment 278872 [details] [review]
HTMLparser: Correctly initialise a stack allocated structure

If not initialised, the ‘node’ member remains undefined.

Coverity issue: #60466
Comment 2 Philip Withnall 2014-06-20 20:53:01 UTC
Created attachment 278873 [details] [review]
xmlcatalog: Fix a memory leak on quit

Coverity issue: #60442
Comment 3 Philip Withnall 2014-06-20 20:53:04 UTC
Created attachment 278874 [details] [review]
xmlIO: Fix an FD leak on gzdopen() failure

According to the documentation, gzdopen() does not close the FD on
failure (but does effectively close it on success, since gzclose()
closes it).

Coverity issues: #60440, #60441
Comment 4 Philip Withnall 2014-06-20 20:53:07 UTC
Created attachment 278875 [details] [review]
runtest: Fix a memory leak on parse failure

Coverity issue: #60439
Comment 5 Philip Withnall 2014-06-20 20:53:10 UTC
Created attachment 278876 [details] [review]
xmlschemastypes: Fix potential array overflow

The year and month need validating before being put into the
MAX_DAYINMONTH macro.

Coverity issue: #60436
Comment 6 Philip Withnall 2014-06-20 20:53:12 UTC
Created attachment 278877 [details] [review]
xpath: Prevent a read overflow from a buffer in a large-input case

If (len >= XML_MAX_NAMELEN), the memcpy() call would end up reading off
the end of buf. Limit it to the length of buf.

Coverity issue: #60435
Comment 7 Daniel Veillard 2014-07-26 20:44:35 UTC
 All fine and commited except the last one as we have a guard
   if (len > XML_MAX_NAMELEN)
a couple of lines above on the same block, and the case of equality is
covered by the buffer being allocated larger. That patch is also wrong
as it would generate a huge cost penalty unnecessarily to anybody using
non ASCII names for markup and XPath.

  But all others patches were just fine, and are pushed to git head :-)

    thanks a lot

Daniel