diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-17 08:03:38 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-18 07:56:01 +0200 |
commit | eb8f5859b1349f8147ba47a1da8032df192f2370 (patch) | |
tree | a2fab941c7e96f641f99805ed701bded9366b9e2 | |
parent | ab1caffd9e09fd4d6ab92713de29436db0da6dea (diff) |
Fix various issues highlighted by coverity scanner
Among others fix possible usage of large stack allocation.
-rw-r--r-- | common/hash.c | 1 | ||||
-rw-r--r-- | common/lexer.c | 3 | ||||
-rw-r--r-- | p11-kit/iter.c | 12 | ||||
-rw-r--r-- | p11-kit/p11-kit.c | 6 | ||||
-rw-r--r-- | p11-kit/tests/test-init.c | 3 | ||||
-rw-r--r-- | trust/extract.c | 20 | ||||
-rw-r--r-- | trust/index.c | 18 | ||||
-rw-r--r-- | trust/parser.c | 2 | ||||
-rw-r--r-- | trust/tests/frob-nss-trust.c | 1 | ||||
-rw-r--r-- | trust/tests/test-index.c | 7 |
10 files changed, 43 insertions, 30 deletions
diff --git a/common/hash.c b/common/hash.c index 68a6d40..5572085 100644 --- a/common/hash.c +++ b/common/hash.c @@ -143,6 +143,7 @@ p11_hash_murmur3 (void *hash, h1 = rotl (h1, 13); h1 = h1 * 5 + 0xe6546b64; } + va_end (va); /* tail */ diff --git a/common/lexer.c b/common/lexer.c index 329881f..6253492 100644 --- a/common/lexer.c +++ b/common/lexer.c @@ -102,7 +102,8 @@ p11_lexer_next (p11_lexer *lexer, return_val_if_fail (lexer != NULL, false); clear_state (lexer); - *failed = false; + if (failed) + *failed = false; /* Go through lines and process them */ while (lexer->remaining != 0) { diff --git a/p11-kit/iter.c b/p11-kit/iter.c index a59944a..124d990 100644 --- a/p11-kit/iter.c +++ b/p11-kit/iter.c @@ -87,12 +87,12 @@ struct p11_kit_iter { CK_OBJECT_HANDLE object; /* And various flags */ - int searching : 1; - int searched : 1; - int iterating : 1; - int match_nothing : 1; - int keep_session : 1; - int preload_results : 1; + unsigned int searching : 1; + unsigned int searched : 1; + unsigned int iterating : 1; + unsigned int match_nothing : 1; + unsigned int keep_session : 1; + unsigned int preload_results : 1; }; /** diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c index 28c6f4a..34b9476 100644 --- a/p11-kit/p11-kit.c +++ b/p11-kit/p11-kit.c @@ -84,6 +84,9 @@ p11_kit_external (int argc, /* At this point we have no command */ p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]); + + free (filename); + free (path); return 2; } @@ -109,6 +112,9 @@ p11_kit_extract (int argc, /* At this point we have no command */ p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]); + + free (path); + free (args); return 2; } diff --git a/p11-kit/tests/test-init.c b/p11-kit/tests/test-init.c index 76805ee..ebc0666 100644 --- a/p11-kit/tests/test-init.c +++ b/p11-kit/tests/test-init.c @@ -233,8 +233,11 @@ test_threaded_initialization (void) module.C_Finalize = mock_C_Finalize__threaded_race; memset (&data, 0, sizeof (data)); + + p11_mutex_lock (&race_mutex); initialization_count = 0; finalization_count = 0; + p11_mutex_unlock (&race_mutex); p11_lock (); diff --git a/trust/extract.c b/trust/extract.c index b80fd80..1aec3e6 100644 --- a/trust/extract.c +++ b/trust/extract.c @@ -353,39 +353,39 @@ p11_trust_extract (int argc, break; case opt_filter: if (!filter_argument (optarg, &uri, &match, &ex.flags)) - return 2; + exit (2); break; case opt_purpose: if (!purpose_argument (optarg, &ex)) - return 2; + exit (2); break; case opt_format: if (!format_argument (optarg, &format)) - return 2; + exit (2); break; case 'h': p11_tool_usage (usages, options); - return 0; + exit (0); case '?': - return 2; + exit (2); default: assert_not_reached (); break; } - } while (opt != -1); + } argc -= optind; argv += optind; if (argc != 1) { p11_message ("specify one destination file or directory"); - return 2; + exit (2); } ex.destination = argv[0]; if (!format) { p11_message ("no output format specified"); - return 2; + exit (2); } /* If nothing that was useful to enumerate was specified, then bail */ @@ -395,7 +395,7 @@ p11_trust_extract (int argc, } if (!validate_filter_and_format (&ex, format, match)) - return 1; + exit (1); if (uri && p11_kit_uri_any_unrecognized (uri)) p11_message ("uri contained unrecognized components, nothing will be extracted"); @@ -410,7 +410,7 @@ p11_trust_extract (int argc, modules = p11_kit_modules_load_and_initialize (flags); if (!modules) - return 1; + exit (1); if (modules[0] == NULL) p11_message ("no modules containing trust policy are registered"); diff --git a/trust/index.c b/trust/index.c index 5707714..83f0dc0 100644 --- a/trust/index.c +++ b/trust/index.c @@ -728,7 +728,7 @@ index_select (p11_index *index, index_sink sink, void *data) { - index_bucket *buckets[NUM_BUCKETS]; + index_bucket *selected[MAX_SELECT]; CK_OBJECT_HANDLE handle; index_object *obj; unsigned int hash; @@ -741,10 +741,10 @@ index_select (p11_index *index, for (n = 0, num = 0; n < count && num < MAX_SELECT; n++) { if (is_indexable (index, match[n].type)) { hash = p11_attr_hash (match + n); - buckets[num] = index->buckets + (hash % NUM_BUCKETS); + selected[num] = index->buckets + (hash % NUM_BUCKETS); /* If any index is empty, then obviously no match */ - if (!buckets[num]->num) + if (!selected[num]->num) return; num++; @@ -761,15 +761,15 @@ index_select (p11_index *index, return; } - for (i = 0; i < buckets[0]->num; i++) { + for (i = 0; i < selected[0]->num; i++) { /* A candidate match from first bucket */ - handle = buckets[0]->elem[i]; + handle = selected[0]->elem[i]; /* Check if the candidate is in other buckets */ for (j = 1; j < num; j++) { - assert (buckets[j]->elem); /* checked above */ - at = binary_search (buckets[j]->elem, 0, buckets[j]->num, handle); - if (at >= buckets[j]->num || buckets[j]->elem[at] != handle) { + assert (selected[j]->elem); /* checked above */ + at = binary_search (selected[j]->elem, 0, selected[j]->num, handle); + if (at >= selected[j]->num || selected[j]->elem[at] != handle) { handle = 0; break; } @@ -874,7 +874,7 @@ p11_index_snapshot (p11_index *index, return_val_if_fail (index != NULL, NULL); - if (count < 0) + if (count < (CK_ULONG)0UL) count = p11_attrs_count (attrs); index_select (index, attrs, count, sink_any, &handles); diff --git a/trust/parser.c b/trust/parser.c index 97f549d..b433508 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -454,7 +454,7 @@ build_openssl_extensions (p11_parser *parser, * Otherwise a 'TRUSTED CERTIFICATE' in an input directory is enough to * mark this as a trusted certificate. */ - } else if (p11_dict_size (trust) > 0) { + } else if (trust && p11_dict_size (trust) > 0) { trusted = CK_TRUE; distrust = CK_FALSE; } diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c index fd74db7..fd69573 100644 --- a/trust/tests/frob-nss-trust.c +++ b/trust/tests/frob-nss-trust.c @@ -73,6 +73,7 @@ dump_object (P11KitIter *iter, free (string); free (label.pValue); + free (name); } static int diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c index cf856ee..074ab2d 100644 --- a/trust/tests/test-index.c +++ b/trust/tests/test-index.c @@ -397,6 +397,7 @@ handles_are (CK_OBJECT_HANDLE *handles, ...) { CK_OBJECT_HANDLE handle; + bool matched = true; int count; int num; va_list va; @@ -410,7 +411,7 @@ handles_are (CK_OBJECT_HANDLE *handles, va_start (va, handles); - for (count = 0; true; count++) { + for (count = 0; matched; count++) { handle = va_arg (va, CK_OBJECT_HANDLE); if (handle == 0) break; @@ -421,12 +422,12 @@ handles_are (CK_OBJECT_HANDLE *handles, } if (handles[i] != handle) - return false; + matched = false; } va_end (va); - return (count == num); + return matched && (count == num); } static void |