After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 781785 - Coverity complains about the possibility of 'close (-1)'
Coverity complains about the possibility of 'close (-1)'
Status: RESOLVED FIXED
Product: gnome-keyring
Classification: Core
Component: general
3.20.x
Other All
: Normal normal
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2017-04-26 17:25 UTC by Debarshi Ray
Modified: 2017-05-02 12:31 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
This should help, but it's untested. (1.06 KB, patch)
2017-04-26 17:37 UTC, Cosimo Cecchi 		none Details | Review

Description Debarshi Ray 2017-04-26 17:25:13 UTC 
Coverity says:

4. gnome-keyring-3.20.0/daemon/gkd-main.c:916: negative_return_fn:
    Function "fork_and_print_environment()" returns a negative number.
6. gnome-keyring-3.20.0/daemon/gkd-main.c:637:3: return_negative_constant:
    Explicitly returning negative value "-1".
7. gnome-keyring-3.20.0/daemon/gkd-main.c:916: var_assign: Assigning:
    signed variable "parent_wakeup_fd" = "fork_and_print_environment".
18. gnome-keyring-3.20.0/daemon/gkd-main.c:978: negative_returns:
    "parent_wakeup_fd" is passed to a parameter that cannot be negative.
#   976|   	/* Print the environment and tell the parent we're done */
#   977|   	print_environment ();
#   978|-> 	close (parent_wakeup_fd);
#   979|   
#   980|   	if (!run_foreground)

This code originates from:

commit 6040bdb2a0ee9ee1f8e308b8cdede6d3fe5c94bf
Author: Ray Strode <rstrode@redhat.com>
Date:   Thu Oct 15 14:37:33 2015 -0400

    daemon: fork before threads are spawned
    
    It's not really a good idea to fork after glib has initialized,
    since it has helper threads that may have taken locks etc.
    
    This commit forks really early to prevent locks from leaking
    and causing deadlock.
    
    Signed-off-by: Cosimo Cecchi <cosimoc@gnome.org>
     * Split out separate function
     * Check return value of g_unix_open_pipe()
     * Don't fork when running foreground
     * Read login password before fork()
    
    Signed-off-by: Stef Walter <stefw@gnome.org>
     * Since stdout is open, just print evironment directly
    
    https://bugzilla.gnome.org/show_bug.cgi?id=756059

I think the problem arises with the --foreground option. run_foreground == TRUE and fork_and_print_environment() returns -1. Hence parent_wakeup_fd == -1, and close might be called with a negative value.

Even though close(-1) might not be a problem in practice, it will be nice to not rely on that to avoid exercising lesser-used code paths in libc and the kernel.
Comment 1 Cosimo Cecchi 2017-04-26 17:37:38 UTC 
Created attachment 350499 [details] [review]
This should help, but it's untested.

--

main: don't call close() with a negative value

When run_foreground = TRUE, fork_and_print_environment() will return -1,
which is assigned to parent_wakeup_fd.
Since we don't want to call close(-1), only close(parent_wakeup_fd) when
run_foreground = FALSE.
Comment 2 Stef Walter 2017-04-27 07:56:15 UTC 
Looks goood. But I'm going to run this for a few days before merging it. If I forget about it, please ping me.
Comment 3 Stef Walter 2017-05-02 12:31:20 UTC 
Fixed.