Nelson Ferreira [Sun, 2 Oct 2011 21:14:11 +0000 (17:14 -0400)]
Coverity fixes
* src/ui/TTY/redisplay-tty.c (term_get_fkeys_1): check return of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:12:59 +0000 (17:12 -0400)]
Coverity fixes
* src/ui/X11/objects-x.c (x_print_color_instance): use write_fmt_str instead of snprintf
* src/ui/X11/objects-x.c (x_print_font_instance): ditto
* src/ui/X11/objects-x.c (truename_via_random_props): check result
of snprintf and remove not needed finalizer from strncpy.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:10:09 +0000 (17:10 -0400)]
Coverity fixes
* src/ui/TTY/objects-tty.c (Ffind_tty_color): check return of snprintf
* src/ui/TTY/objects-tty.c (Ftty_registered_color_list): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:08:56 +0000 (17:08 -0400)]
Coverity fixes
* src/ui/TTY/gpmevent.c (Fgpm_enabled_p): check return of snprintf
* src/ui/TTY/gpmevent.c (Fgpm_enable): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:06:55 +0000 (17:06 -0400)]
Coverity fixes
* src/ui/Gtk/ui-gtk.c (ffi_object_printer): use write_fmt_str
instead of sprintf.
* src/ui/Gtk/ui-gtk.c (emacs_gtk_object_printer): ditto.
* src/ui/Gtk/ui-gtk.c (object_getprop): use write fmt_string instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:04:49 +0000 (17:04 -0400)]
Coverity fixes
* src/ui/Gtk/objects-gtk.c (gtk_print_color_instance): use
write_fmt_str instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:03:44 +0000 (17:03 -0400)]
Coverity fixes
* src/ui/Gtk/gtk-xemacs.c (xemacs_gtk_convert_color): use snprint
instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:02:29 +0000 (17:02 -0400)]
Coverity fixes
* src/ui/Gtk/glyphs-gtk.c (gtk_print_image_instance): use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:32:52 +0000 (15:32 -0400)]
Coverity fixes
* src/ui/X11/xmu.c (XmuPrintDefaultErrorMessage): use snprint
instead of sprintf and strncpy instead of strcpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:16:45 +0000 (15:16 -0400)]
Coverity fixes
* src/ui/X11/ExternalShell.c (GetGeometry): use snprintf instead sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:15:26 +0000 (15:15 -0400)]
Coverity fixes
* src/ui/Gtk/frame-gtk.c (Fgtk_window_id): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:14:01 +0000 (15:14 -0400)]
Coverity fixes.
* src/ui/Gtk/event-gtk.c (gtk_keysym_to_emacs_keysym): use snprintf instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:12:46 +0000 (15:12 -0400)]
Coverity fixes
* src/rangetab.c (print_range_table): use write_fmt_str instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:11:19 +0000 (15:11 -0400)]
Coverity fixes
* src/mule/mule-charset.c (print_charset): use
write_fmt_str/write_fmt_string instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:07:04 +0000 (15:07 -0400)]
Coverity
* src/ui/glyphs-eimage.c: always use safer vsnprintf.
* src/ui/glyphs-eimage.c (tiff_error_func): always use safer vsnprintf.
* src/ui/glyphs-eimage.c (tiff_warning_func): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 18:54:22 +0000 (14:54 -0400)]
Coverity fixes
* src/mule/input-method-xlib.c (EmacsXtCvtStringToXIMStyles): use
snprintf instead of sprintf.
* src/mule/input-method-xlib.c (describe_Window): ditto. Also
check for the result of the system syscall.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 18:51:35 +0000 (14:51 -0400)]
Coverity fixes
* src/md5.c (Fmd5): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 18:48:45 +0000 (14:48 -0400)]
Coverity fixes
* src/search.c (compre_prfun): Use write_fmt_str instead of snprintf
* src/search.c (fast_string_match): safeguard alloca from being
used with a negative length.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 01:06:36 +0000 (21:06 -0400)]
Coverity fixes
* src/ui/glyphs.c (print_image_instance): Use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Sat, 1 Oct 2011 01:00:51 +0000 (11:00 +1000)]
Coverity fixes from Nelson
* merges: (43 commits)
Coverity fixes
Security fixes.
CID:295 SECURE_CODING
Security fixes
Coverity fixes
Coverity fixes
Coverity fixes.
Coverity fixes
Coverity fixes. SECURE_CODING CI:302,301
Coverity fixes CID:330
Coverity fixes. SECURE_CODING CID:329
Coverity fixes. SECURE_CODING CID:339,338,337
CID:327 SECURE_CODING
Coverity fixes
Coverity fixes
Coverity fixes
Secure coding
CID:428 UNUSED_VALUE
CID:294 SECURE_CODING
CID:291 SECURE_CODING
...
Nelson Ferreira [Sat, 1 Oct 2011 00:15:32 +0000 (20:15 -0400)]
Coverity fixes
* src/dired.c (dired_realpath): free the buffer if realpath fails. RESOURCE_LEAK
* src/dired.c (dfr_inner): only consider the canonname as fullname
if it could resolve the canonical name CID:205 REVERSE_INULL
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 1 Oct 2011 00:03:12 +0000 (20:03 -0400)]
Security fixes.
* src/ui/X11/device-x.c (read_locale_specific_resources): check
snprintf results and use sizeof instead of countof since we are
talking about chars...
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:54:51 +0000 (19:54 -0400)]
CID:295 SECURE_CODING
* src/marker.c (print_marker): use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:53:18 +0000 (19:53 -0400)]
Security fixes
* src/sheap.c (report_sheap_usage): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:51:57 +0000 (19:51 -0400)]
Coverity fixes
* src/effi.c: include sysdep.h for the async_timeout prototypes
* src/effi.c (Fffi_load_library): use strncpy and strncat instead of strcpy/strcat
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:47:55 +0000 (19:47 -0400)]
Coverity fixes
* src/ui/keymap.c (print_keymap): use write_fmt_str instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:46:22 +0000 (19:46 -0400)]
Coverity fixes.
* src/ui/X11/menubar-x.c
(command_builder_operate_menu_accelerator): use write_fmt_str
instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:44:33 +0000 (19:44 -0400)]
Coverity fixes
* src/skiplist.c (print_skiplist): use write_fmt_str instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:42:04 +0000 (19:42 -0400)]
Coverity fixes. SECURE_CODING CI:302,301
* src/objects.c (print_color_instance): use write_fmt_str instead of sprintf
* src/objects.c (print_fonr_instance): use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:39:44 +0000 (19:39 -0400)]
Coverity fixes CID:330
* src/ui/frame.c (print_frame): use write_fmt_str and write_fmt_string instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:38:16 +0000 (19:38 -0400)]
Coverity fixes. SECURE_CODING CID:329
* src/ui/device.c (print_device): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:33:37 +0000 (19:33 -0400)]
Coverity fixes. SECURE_CODING CID:339,338,337
* src/ui/lwlib/xlwgauge.c: include lwlib-internal.h
* src/ui/lwlib/xlwgauge.c (GaugeExpose): use snprintf instead of sprintf. small reformat of expressions to help human parsing...
* src/ui/lwlib/xlwgauge.c (GaugeSelect): use snprintf instead of sprintf
* src/ui/lwlib/xlwgauge.c (MaxLabel): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:28:38 +0000 (19:28 -0400)]
CID:327 SECURE_CODING
* src/ui/X11/scrollbar-x.c (x_create_scrollbar_instance): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:23:54 +0000 (19:23 -0400)]
Coverity fixes
* src/callproc.c: remove unused report_fork_error
* src/callproc.c (Fold_call_process_internal): check result from pipe (CID:152)
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:17:38 +0000 (19:17 -0400)]
Coverity fixes
* src/sysdep.c (init_system_name): use strncpy instead of strcpy
* src/sysdep.h: add start/stop async timeout prototypes.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:15:01 +0000 (19:15 -0400)]
Coverity fixes
* src/ui/redisplay.c (add_octal_runes): make a reference to
add_failed to "shutup" coverity.
* src/ui/redisplay.c (decode_mode_spec): make just enough room for
a long
* src/ui/redisplay.c (decode_mode_spec): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:09:41 +0000 (19:09 -0400)]
Secure coding
* src/bloom.c (print_bloom): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:07:37 +0000 (19:07 -0400)]
CID:428 UNUSED_VALUE
* src/ui/window.c (print_window): use write_fmt_str instead of snprintf
* src/ui/window.c (margin_width_internal): no need to check this return
* src/ui/window.c (print_window_config): use write_fmt_str instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:02:33 +0000 (19:02 -0400)]
CID:294 SECURE_CODING
* src/lstream.c (print_lstream): use write_fmt_string instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:00:30 +0000 (19:00 -0400)]
CID:291 SECURE_CODING
* src/fns.c (base16_encode_1): use snprintf instead of sprint,
needs addition parameter for buffer parameter...
* src/fns.c (Fbase16_encode_string): use base16_encode_1 with the new parameter
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:57:52 +0000 (18:57 -0400)]
CID:256 SECURE_CODING
* lib-src/ootags.c (main): avoid using sprintf just to build a 1 char string...
* lib-src/ootags.c (main): use snprintf instead of sprintf
* lib-src/ootags.c (main): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:53:33 +0000 (18:53 -0400)]
CID:150 Call result should be used
* lib-src/mmencode.c (from64): check result of fgets
* lib-src/mmencode.c (fromqp): ditto
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:47:11 +0000 (18:47 -0400)]
Misc security fixes
* lib-src/make-docfile.c (next_extra_elc): Make appropriate check on fgets
* lib-src/make-docfile.c (main): check for chdir success
* lib-src/make-docfile.c (scan_c_file): check for fscanf success
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:40:45 +0000 (18:40 -0400)]
CID:245,142,90 SECURE_CODING, CALL_RESULT_SHOULD_BE_CHECK, NEGATIVE_RETURN
* lib-src/gnuslib.c: include assert and remove RCS
* lib-src/gnuslib.c (connect_to_internet_server): use snprintf
instead of sprintf, and check result from write
* lib-src/gnuslib.c (disconnect_from_server): check for negative
length possible result from the read.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:34:32 +0000 (18:34 -0400)]
No CID yet...
* src/ui/lwlib/lwlib-Xm.c (make_dialog): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:32:13 +0000 (18:32 -0400)]
CID:328 SECURE_CODING
* src/ui/console.c (print_console): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:28:40 +0000 (18:28 -0400)]
CID:317
* src/ui/lwlib/lwlib.c (safe_strdup): use strncpy instead of strcpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:20:31 +0000 (18:20 -0400)]
Small type change
* lib-src/etags.c (argv): Use int instead of ssize_t as per manpage
* src/print.c (std_handle_out_va): ditto
* src/print.c (write_fmt_str): fix comment reference to function name
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:16:43 +0000 (18:16 -0400)]
SECURE_CODING
* src/ui/X11/glyphs-x.c (x_print_image_instance): use write_fmt_str instead of sprintf
* src/ui/X11/glyphs-x.c: removed #if 0 write_lisp_string_to_temp_file
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:14:24 +0000 (18:14 -0400)]
SECURE_CODING
* src/dumper.c (pdump): improve security on error message
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:11:40 +0000 (18:11 -0400)]
CID:336 SECURE_CODING
* src/ui/lwlib/lwlib-Xaw.c (make_dialog): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:05:42 +0000 (18:05 -0400)]
Misc coverity fixes (lost CID)
* src/ui/lwlib/xlwmenu.c: include lwlib-internal.h
* src/ui/lwlib/xlwmenu.c (resource_widget_value): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:00:39 +0000 (18:00 -0400)]
CID:57 FORWARD_NULL
* src/ui/glyphs-widget.c (layout_query_geometry): make sure to
test for width and height != NULL before dereference.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 21:33:09 +0000 (17:33 -0400)]
Fixup snprintf
* src/buffer.c (Fgenerate_new_buffer_name): check snprintf result
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 21:30:11 +0000 (17:30 -0400)]
CID:341 SECURE_CODING
* src/ui/lwlib/xlwtabs.c (XawTabsSetTop): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 06:25:03 +0000 (02:25 -0400)]
CID:143,144 Call result should be used
* lib-src/hexl.c (main): check result of fread
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 06:21:48 +0000 (02:21 -0400)]
CID:293 SECURE_CODING
* src/lread.c (Fload_internal): use strncpy instead of strcpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 06:18:40 +0000 (02:18 -0400)]
CID:151 Call result should be used
* lib-src/movemail.c (main): check the result of ftruncate
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 05:22:49 +0000 (01:22 -0400)]
Coverity related fixes.
* src/ui/specifier.c (print_specifier): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 05:17:43 +0000 (01:17 -0400)]
CID:154 - Call result should be used...
* src/emacs.c (main_1): Check for return of dup(0)
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 05:01:02 +0000 (01:01 -0400)]
CID:334
* src/ui/gui.c (print_gui_item): use write_fmt_string instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 00:05:34 +0000 (20:05 -0400)]
Coverity fixes. Several CID's related to use of sprintf and stack usage.
* src/print.c (std_handle_out_external): cleanup extranous scope
* src/print.c (std_handle_out_external): remove condition for
extlen == 0, since that is impossible. CID:23 DEADCODE
* src/print.c (std_handle_out_va): Lowered buffer from 16K to 1K
since most messages will be small and this could lead to heavy
stack usage (specially upon assert failure in
std_handle_out_external). CID:348,349 STACK_USE
* src/print.c (internal_object_printer): Use newly refactored
write_fmt_string instead of sprintf. CID:305 SECURE_CODING
* src/print.c (printing_major_badness): Use snprintf CID:240
SECURE_CODING
* src/print.c (default_object_printer): Use write_fmt_string
instead of sprintf CID:239 SECURE_CODING
* src/print.c (internal_object_printer): ditto.
* src/print.c (SXE_VSNPRINT_VA): Macro to do vsnprintf with
automatic buffer resizing.
* src/print.c (write_fmt_str): New function for small (like
integers) sprintf.
* src/print.c (write_fmt_string): Moved up and refactored to use
the macro which tries buffer reallocation.
* src/print.c (std_handle_out_va): Refactor to use macro which
tries buffer reallocation.
* src/print.c (stdout_out): minor indenting change
* src/print.c (fatal): Make sure not to do GETTEXT when in fatal error
* src/print.c (write_hex_ptr): New function to print a pointer value in hex
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Thu, 29 Sep 2011 23:27:48 +0000 (19:27 -0400)]
CID:241 SECURE_CODING
* lib-src/etags.c (main): use snprint and warn of truncate cmdline (and refuse to run)
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Sun, 18 Sep 2011 21:51:43 +0000 (07:51 +1000)]
Coverity fixes from Nelson
* merges:
CID:122 - NEGATIVE_RETURNS - Possible use of negative file descriptor
CID:123 - NEGATIVE_RETURNS - Possible use of negative file descriptor
CID:124 NEGATIVE_RETURNS - Possible use of negative file descriptor.
CID:125 - NEGATIVE RETURNS - Possible use of negative file descriptios
CID:135 - NULL RETURNS - Possible NULL pointer dereference
CID:182 - RESOURCE_LEAK - memory not freed inside Prolog_functions
CID:192 RESOURCE_LEAK - new argv is not freed
CID:226 SECURE_CODING - risky use of strcpy
CID:226 - SECURE_CODING risky usage of strcpy
CID:228 SECURE_CODING - risky usage of strcat
Fix last commit of CID:228 SECURE_CODING - risky usage of strcat
CID:230 SECURE_CODING - risky use of strcpy
CID:232 SECURE_CODING - risky usage of strcpy
CID:241 SECURE_CODING - risky usage of sprintf
CID:318 SECURE_CODING - risky usage of sprintf
CID:340 SECURE_CODING - risky usage of strcat
Added sxe-utils.h with several utilities from lisp.h
CID:475 USE AFTER FREE
CID:179 RESOURCE LEAK - free string in odd case
Nelson Ferreira [Sun, 18 Sep 2011 06:39:57 +0000 (02:39 -0400)]
CID:122 - NEGATIVE_RETURNS - Possible use of negative file descriptor
* src/ui/X11/event-Xt.c(emacs_Xt_select_console): Only call
select_filedesc if the descriptor is valid
Nelson Ferreira [Sun, 18 Sep 2011 06:38:37 +0000 (02:38 -0400)]
CID:123 - NEGATIVE_RETURNS - Possible use of negative file descriptor
* src/ui/X11/event-Xt.c(emacs_Xt_select_process): Only call
select_filedesc if the descriptor is valid
Nelson Ferreira [Sun, 18 Sep 2011 06:37:01 +0000 (02:37 -0400)]
CID:124 NEGATIVE_RETURNS - Possible use of negative file descriptor.
* src/ui/X11/event-Xt.c(emacs_Xt_unselect_console): Only call
unselect_filedesc if the descriptor is valid
Nelson Ferreira [Sun, 18 Sep 2011 06:35:16 +0000 (02:35 -0400)]
CID:125 - NEGATIVE RETURNS - Possible use of negative file descriptios
* src/ui/X11/event-Xt.c(emacs_Xt_unselect_process): only call
unselect_filedesc if indeed it is a valid one.
Nelson Ferreira [Sun, 18 Sep 2011 06:33:14 +0000 (02:33 -0400)]
CID:135 - NULL RETURNS - Possible NULL pointer dereference
* src/ui/X11/console-x.h(error_check_frame_type): make
assert also verify the pointer is not NULL before dereference.
Nelson Ferreira [Sun, 18 Sep 2011 06:28:42 +0000 (02:28 -0400)]
CID:182 - RESOURCE_LEAK - memory not freed inside Prolog_functions
* lib-src/ootags.c(Prolog_functions): free last before returning
Nelson Ferreira [Sun, 18 Sep 2011 06:25:34 +0000 (02:25 -0400)]
CID:192 RESOURCE_LEAK - new argv is not freed
* src/emacs.c(make_docfile): free newargv after the return of
execv (which will be never if successful, but, if execv fails no
memory will be leaked.)
Nelson Ferreira [Sun, 18 Sep 2011 06:20:33 +0000 (02:20 -0400)]
CID:226 SECURE_CODING - risky use of strcpy
* lib-src/etags.c(concat): use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 06:19:36 +0000 (02:19 -0400)]
CID:226 - SECURE_CODING risky usage of strcpy
* lib-src/movemail.c(concat): Use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 06:15:59 +0000 (02:15 -0400)]
CID:228 SECURE_CODING - risky usage of strcat
* lib-src/etags.c (relative_filename): actually define res_left
Nelson Ferreira [Sun, 18 Sep 2011 06:13:44 +0000 (02:13 -0400)]
Fix last commit of CID:228 SECURE_CODING - risky usage of strcat
* lib-src/ootags.c (relative_filename): actually define res_left
Nelson Ferreira [Sun, 18 Sep 2011 06:06:06 +0000 (02:06 -0400)]
CID:230 SECURE_CODING - risky use of strcpy
* lib-src/etags.c (write_classname): Use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 04:24:47 +0000 (00:24 -0400)]
CID:232 SECURE_CODING - risky usage of strcpy
* lib-src/ootags.c (inf;): Use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 04:22:17 +0000 (00:22 -0400)]
CID:241 SECURE_CODING - risky usage of sprintf
* lib-src/etags.c (argv): use snprintf
Nelson Ferreira [Sun, 18 Sep 2011 04:19:53 +0000 (00:19 -0400)]
CID:318 SECURE_CODING - risky usage of sprintf
* src/ui/X11/event-Xt.c (describe_event): Use snprint
Nelson Ferreira [Sun, 18 Sep 2011 04:04:47 +0000 (00:04 -0400)]
CID:340 SECURE_CODING - risky usage of strcat
* src/ui/lwlib/xlwmenu.c (parameterize_string): use strncat
instead of strcat and keep the space available checked...
Nelson Ferreira [Sun, 18 Sep 2011 04:00:56 +0000 (00:00 -0400)]
Added sxe-utils.h with several utilities from lisp.h
* src/sxe-utils.h: added code from lisp.h related to stuff like min, max, UNUSED, UNLIKELY, etc
* src/lisp.h: remove code moved to sxe-utils.h and added include to it
* src/sxemacs.h: added include to sxe-utils.h
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 21:07:34 +0000 (17:07 -0400)]
CID:475 USE AFTER FREE
* lib-src/etags.c (stream;): Make sure to reset name to NULL after the free
Nelson Ferreira [Sat, 17 Sep 2011 19:21:21 +0000 (15:21 -0400)]
CID:179 RESOURCE LEAK - free string in odd case
* lib-src/make-docfile.c (scan_lisp_file): Free string before returning from function.
This would happend only if there was a dynamic doc string with no next expression.
Steve Youngs [Sat, 17 Sep 2011 05:24:09 +0000 (15:24 +1000)]
Coverity fixes from Nelson
* merges:
Several fixes to dumper. CID:107,108,206 NEGATIVE_RETURNS, REVERSE_INULL
CID:61 INFINITE_LOOP - Let's make the "infinite" loop very evident until we teach coverity about Fsignal...
CID:190 RESOURCE_LEAK free the rune when not needed...
CID:170,172 PW.INCLUDE_RECURSION - Avoid recursive includes
CID:174 RESOURCE LEAK - memory not freed
CID:377 STRING OVERFLOW - use strncpy to avoid possible string overflow
Nelson Ferreira [Sat, 17 Sep 2011 03:38:49 +0000 (23:38 -0400)]
Merge http://git.nelsonferreira.com/sxemacs
Nelson Ferreira [Sat, 17 Sep 2011 03:33:22 +0000 (23:33 -0400)]
Several fixes to dumper. CID:107,108,206
NEGATIVE_RETURNS, REVERSE_INULL
* src/dumper.c: Make pdump_length an off_t to fix CID:108
* src/dumper.c (pdump_register_sub): move strlen inside the if to only do it when str!=NULL CID:206
* src/dumper.c (pdump): Make sure the fds are >=0 and abort otherwise due to the early nature of the call.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 03:26:57 +0000 (23:26 -0400)]
CID:61 INFINITE_LOOP - Let's make the "infinite" loop very evident until we teach coverity about Fsignal...
* src/ui/X11/device-x.c (signal_if_x_error): Make infinite loop real clear.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 03:22:53 +0000 (23:22 -0400)]
Merge branch 'master' of git.sxemacs.org/sxemacs
Nelson Ferreira [Sat, 17 Sep 2011 03:20:18 +0000 (23:20 -0400)]
CID:190 RESOURCE_LEAK free the rune when not needed...
* src/ui/redisplay.c (create_text_block): use add_glyph_rune_noret
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 03:12:57 +0000 (23:12 -0400)]
CID:170,172 PW.INCLUDE_RECURSION - Avoid recursive includes
* src/ui/lwlib/xlwmenu.h: Conditionally include lwlib.h
* src/ui/lwlib/lwlib.h: Conditionally include xlwmenu.h
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 03:08:57 +0000 (23:08 -0400)]
CID:174 RESOURCE LEAK - memory not freed
* lib-src/etags.c (stream;): free memory in the case where it is not used
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 03:02:59 +0000 (23:02 -0400)]
Merge branch 'master' of git.sxemacs.org/sxemacs
Nelson Ferreira [Sat, 17 Sep 2011 03:01:46 +0000 (23:01 -0400)]
CID:377 STRING OVERFLOW - use strncpy to avoid possible string overflow
* lib-src/gnuclient.c (main): Use strncpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Sat, 17 Sep 2011 02:33:22 +0000 (12:33 +1000)]
Coverity fixes from Nelson
* merges:
CID:395 UNINIT - Fix uninitalized use of a member of struct gb
CID:456 FORWARD NULL - possible crash on dereference
Nelson Ferreira [Sat, 17 Sep 2011 02:25:36 +0000 (22:25 -0400)]
CID:395 UNINIT - Fix uninitalized use of a member of struct gb
* src/extents.c (extent_fragment_update): initialize width to 0, which seems better than some random value...
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Sat, 17 Sep 2011 02:14:03 +0000 (12:14 +1000)]
Coverity fixes from Nelson
* merges:
CID:468 MISSING_LOCK
CID:469 PW.BAD_MACRO_REDEF
CID:469 PW.BAD_MACRO_REDEF
CID:462 RESOURCE LEAK
Add missing semi-color Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 02:09:06 +0000 (22:09 -0400)]
CID:456 FORWARD NULL - possible crash on dereference
* src/media/media-ffmpeg.c (media_ffmpeg_analyse_audio): Only switch on avcc->sample_fmt if avcc != NULL
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 01:56:13 +0000 (21:56 -0400)]
CID:468 MISSING_LOCK
* src/media/sound-alsa.c (sound_alsa_play): Add the lock around aj->play_state
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 01:53:29 +0000 (21:53 -0400)]
CID:469 PW.BAD_MACRO_REDEF
* src/media/media-sox.c: undef UNUSED before including media-sox.h
because sox.h conflicts with lisp.h definition. This should have
as proper fix a SXE_UNUSED macro... For a later time.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 17 Sep 2011 01:52:53 +0000 (21:52 -0400)]
CID:469 PW.BAD_MACRO_REDEF
* src/media/media-sox.c: undef UNUSED before including media-sox.h
because sox.h conflicts with lisp.h definition. This should have
as proper fix a SXE_UNUSED macro... For a later time.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>