From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: zsh-workers-return-43790-ml=inbox.vuxu.org@zsh.org X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 9e2996d7 for ; Wed, 7 Nov 2018 13:11:56 +0000 (UTC) Received: (qmail 52 invoked by alias); 7 Nov 2018 13:11:46 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 43790 Received: (qmail 11649 invoked by uid 1010); 7 Nov 2018 13:11:46 -0000 X-Qmail-Scanner-Diagnostics: from mx1.redhat.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(209.132.183.28):SA:0(-6.9/5.0):. Processed in 0.802341 secs); 07 Nov 2018 13:11:46 -0000 X-Envelope-From: kdudka@redhat.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | From: Kamil Dudka To: zsh-workers@zsh.org Subject: [PATCH 5/5] Src/utils: fix memory leaks in mailstat() Date: Wed, 7 Nov 2018 14:04:56 +0100 Message-Id: <20181107130456.18901-5-kdudka@redhat.com> In-Reply-To: <20181107130456.18901-1-kdudka@redhat.com> References: <20181107130456.18901-1-kdudka@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Wed, 07 Nov 2018 13:05:01 +0000 (UTC) Detected by Coverity Analysis: Error: RESOURCE_LEAK (CWE-772): zsh-5.5.1/Src/utils.c:7406: alloc_fn: Storage is returned from allocation function "appstr". zsh-5.5.1/Src/string.c:200:5: alloc_fn: Storage is returned from allocation function "realloc". zsh-5.5.1/Src/string.c:200:5: identity_transfer: Passing "realloc(base, strlen(base) + strlen(append) + 1UL)" as argument 1 to function "strcat", which returns that argument. zsh-5.5.1/Src/string.c:200:5: return_alloc_fn: Directly returning storage allocated by "strcat". zsh-5.5.1/Src/utils.c:7406: var_assign: Assigning: "dir" = storage returned from "appstr(ztrdup(path), "/cur")". zsh-5.5.1/Src/utils.c:7407: noescape: Resource "dir" is not freed or pointed-to in "stat". zsh-5.5.1/Src/utils.c:7407: leaked_storage: Variable "dir" going out of scope leaks the storage it points to. 7405| /* See if cur/ is present */ 7406| dir = appstr(ztrdup(path), "/cur"); 7407|-> if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; 7408| st_ret.st_atime = st_tmp.st_atime; 7409| Error: RESOURCE_LEAK (CWE-772): zsh-5.5.1/Src/utils.c:7412: alloc_fn: Storage is returned from allocation function "appstr". zsh-5.5.1/Src/string.c:200:5: alloc_fn: Storage is returned from allocation function "realloc". zsh-5.5.1/Src/string.c:200:5: identity_transfer: Passing "realloc(base, strlen(base) + strlen(append) + 1UL)" as argument 1 to function "strcat", which returns that argument. zsh-5.5.1/Src/string.c:200:5: return_alloc_fn: Directly returning storage allocated by "strcat". zsh-5.5.1/Src/utils.c:7412: var_assign: Assigning: "dir" = storage returned from "appstr(dir, "/tmp")". zsh-5.5.1/Src/utils.c:7413: noescape: Resource "dir" is not freed or pointed-to in "stat". zsh-5.5.1/Src/utils.c:7413: leaked_storage: Variable "dir" going out of scope leaks the storage it points to. 7411| dir[plen] = 0; 7412| dir = appstr(dir, "/tmp"); 7413|-> if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; 7414| st_ret.st_mtime = st_tmp.st_mtime; 7415| Error: RESOURCE_LEAK (CWE-772): zsh-5.5.1/Src/utils.c:7418: alloc_fn: Storage is returned from allocation function "appstr". zsh-5.5.1/Src/string.c:200:5: alloc_fn: Storage is returned from allocation function "realloc". zsh-5.5.1/Src/string.c:200:5: identity_transfer: Passing "realloc(base, strlen(base) + strlen(append) + 1UL)" as argument 1 to function "strcat", which returns that argument. zsh-5.5.1/Src/string.c:200:5: return_alloc_fn: Directly returning storage allocated by "strcat". zsh-5.5.1/Src/utils.c:7418: var_assign: Assigning: "dir" = storage returned from "appstr(dir, "/new")". zsh-5.5.1/Src/utils.c:7419: noescape: Resource "dir" is not freed or pointed-to in "stat". zsh-5.5.1/Src/utils.c:7419: leaked_storage: Variable "dir" going out of scope leaks the storage it points to. 7417| dir[plen] = 0; 7418| dir = appstr(dir, "/new"); 7419|-> if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; 7420| st_ret.st_mtime = st_tmp.st_mtime; 7421| --- Src/utils.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Src/utils.c b/Src/utils.c index 914e30c5c..e43a3cdb4 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -7459,19 +7459,28 @@ mailstat(char *path, struct stat *st) /* See if cur/ is present */ dir = appstr(ztrdup(path), "/cur"); - if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; + if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) { + zsfree(dir); + return 0; + } st_ret.st_atime = st_tmp.st_atime; /* See if tmp/ is present */ dir[plen] = 0; dir = appstr(dir, "/tmp"); - if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; + if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) { + zsfree(dir); + return 0; + } st_ret.st_mtime = st_tmp.st_mtime; /* And new/ */ dir[plen] = 0; dir = appstr(dir, "/new"); - if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; + if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) { + zsfree(dir); + return 0; + } st_ret.st_mtime = st_tmp.st_mtime; #if THERE_IS_EXACTLY_ONE_MAILDIR_IN_MAILPATH @@ -7483,6 +7492,7 @@ mailstat(char *path, struct stat *st) st_tmp.st_atime == st_new_last.st_atime && st_tmp.st_mtime == st_new_last.st_mtime) { *st = st_ret_last; + zsfree(dir); return 0; } st_new_last = st_tmp; -- 2.17.2