Nelson Ferreira [Mon, 10 Oct 2011 23:42:58 +0000 (19:42 -0400)]
Coverity fixes CID:45 FORWARD_NULL
* src/dired.c (dfr_inner): Make sure bufp is not NULL before
calling pathname_matches_p
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Mon, 10 Oct 2011 18:16:49 +0000 (14:16 -0400)]
Coverity fix: CID 121 NEGATIVE_RETURNS
* src/ui/TTY/objects-tty.c (tty_font_spec_matches_charset): make
sure length is updated by fixup_internal_substring.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Mon, 10 Oct 2011 18:15:09 +0000 (14:15 -0400)]
Coverity fix: CID:126 NEGATIVE_RETURNS
* src/ui/X11/objects-x.c (x_font_spec_matches_charset): make sure
that fixup_internal_substring updated the_length.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Mon, 10 Oct 2011 15:31:45 +0000 (11:31 -0400)]
Fix solaris crash
* src/ent/ent-float.c (vars_of_ent_float): Make sure to use a
buffer since some implementations of snprintf will refuse a NULL
buffer and not return the characters that would be written.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Mon, 10 Oct 2011 13:51:43 +0000 (09:51 -0400)]
Coverity fix: USE_AFTER_FREE CID:438
* src/sysdep.c (sys_fclose): loop with close on fd, not fclose
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Mon, 10 Oct 2011 03:42:29 +0000 (13:42 +1000)]
Coverity inspired security fixes from Nelson
* merges:
SECURE_CODING: Use snprintf/write_fmt_str instead of sprintf
Nelson Ferreira [Mon, 10 Oct 2011 02:56:14 +0000 (22:56 -0400)]
SECURE_CODING: Use snprintf/write_fmt_str instead of sprintf
* etc/tests/external-widget/test-ew-motif.c (ScaleValueChangedCB):
Use snprintf instead of sprintf.
* etc/tests/external-widget/test-ew-motif.c (main): ditto.
* etc/tests/external-widget/test-ew-motif.c (main): ditto.
* etc/tests/external-widget/test-ew-xlib.c (draw_text): ditto
* lib-src/gnuclient.c (tell_emacs_to_resume): ditto.
* lib-src/gnuclient.c (main): ditto.
* lib-src/gnuserv.c (ipc_init): ditto.
* lib-src/gnuserv.c (unix_init): ditto.
* lib-src/gnuslib.c (connect_to_ipc_server): ditto.
* lib-src/gnuslib.c (connect_to_unix_server): ditto.
* lib-src/make-po.c (buf_print): ditto.
* lib-src/movemail.c (lock_dot): ditto.
* lib-src/pop.c (pop_open): ditto.
* lib-src/profile.c (get_time): ditto.
* lib-src/yow.c (main): ditto.
* src/bytecode.c (invalid_byte_code_error): ditto.
* src/extents.c (print_extent_1): ditto.
* src/m/cydra5.h (PTY_NAME_SPRINTF): ditto.
* src/m/cydra5.h (PTY_TTY_NAME_SPRINTF): ditto.
* src/media/media-ffmpeg.c (media_ffmpeg_streaminfo): ditto.
* src/media/sound-hpplay.c (player_error_internal): ditto.
* src/media/sound-sunplay.c (init_device): ditto.
* src/media/sound-sunplay.c (play_sound_file): ditto.
* src/media/sound-sunplay.c (play_sound_data): ditto.
* src/media/sound-sunplay.c (sound_native_audio_init): ditto.
* src/process.c (make_process_internal): ditto.
* src/ui/Gtk/menubar-gtk.c (menu_descriptor_to_widget_1): ditto.
* src/print.c: fix comment
* modules/ase/ase-resclass.h (resc_rng_to_string): check return of
snprintf.
* modules/ase/ase-resclass.c (_ase_resc_rng_to_string): ditto.
* modules/ase/ase-resclass.c (_ase_resc_elm_to_string): ditto.
* src/media/sound-jack.c (sound_jack_subthread_create): ditto.
* src/effi.c (WRITE_FMT_STRING): new macro to use
write_fmt_string.
* src/lisp.h (PRIVATE_EXTERNAL_LIST_LOOP_6): Finally fix the
computed value not used warning.
* src/events/events.c (print_event): remove unneeded buf
* modules/ase/ase-cartesian.c (ase_cartesian_prnt): Use
write_fmt_str instead of sprintf.
* modules/ase/ase-heap.c (ase_yheap_prnt): ditto.
* modules/ase/ase-heap.c (ase_dheap_prnt): ditto.
* modules/ase/ase-heap.c (ase_wheap_prnt): ditto.
* modules/ase/ase-metric.c (ase_metric_prnt): ditto.
* modules/ase/ase-permutation.c (_ase_permutation_prnt_cyc): ditto.
* src/bytecode.c (print_compiled_function): ditto.
* src/chartab.c (print_chartab_two_byte_charset): ditto.
* src/chartab.c (print_char_table): ditto.
* src/database/database.c (print_database): ditto.
* src/database/eldap.c (print_ldap): ditto.
* src/database/postgresql.c (print_pgconn): ditto.
* src/database/postgresql.c (print_pgresult): ditto.
* src/effi.c (print_ffiobject): ditto.
* src/effi.c (print_ffi_job): ditto.
* src/emacs.c (fatal_error_signal): ditto.
* src/extents.c (print_extent_1): ditto.
* src/extents.c (print_extent): ditto.
* src/media/media.c (media_substream_print_audio): ditto.
* src/media/media.c (media_substream_print_video): ditto.
* src/media/sound-alsa.c (sound_alsa_print): ditto.
* src/media/sound-pulse.c (sound_pulse_print): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Tue, 4 Oct 2011 05:56:10 +0000 (15:56 +1000)]
Coverity inspired security fixes from Nelson
* merges:
Quick typo fix (missing semi-colon)
Security fixes
Steve Youngs [Tue, 4 Oct 2011 05:55:35 +0000 (15:55 +1000)]
Quick typo fix (missing semi-colon)
* src/filelock.c (lock_file_1): Add missing semi-colon.
Signed-off-by: Steve Youngs <steve@sxemacs.org>
Nelson Ferreira [Tue, 4 Oct 2011 05:16:11 +0000 (01:16 -0400)]
Security fixes
* src/alloc.c (garbage-collect): check return of snprintf
* src/doprnt.c (emacs_doprnt_smZ): ditto
* src/dumper.c (pdump_file_try): ditto
* src/dumper.c (pdump_load): ditto
* src/editfns.c (Fencode_time): ditto
* src/editfns.c (Fencode_btime): ditto
* src/editfns.c (current_time_zone): ditto
* src/ent/ent-float.c (vars_of_ent_float): ditto
* src/filelock.c (lock_file_1): ditto
* src/media/sound-arts.c (sound_arts_play): ditto
* src/mule/mule-ccl.c (ccl_driver): ditto
* src/opaque.c (print_opaque_ptr): ditto
* src/strftime.c (add_num_time_t): ditto
* src/casetab.c (print_case_table): use write_fmt_str instead of sprintf
* src/elhash.c (print_hash_table): ditto
* src/events/event-stream.c (print_timeout): ditto
* src/events/events.c (print_event): ditto
* src/media/sound-nas.c (sound_nas_print): ditto
* src/media/sound.c (print_audio_job): ditto
* src/opaque.c (print_opaque): ditto
* src/openssl.c (print_evp_pkey): ditto
* src/symbols.c (print_symbol_value_magic): ditto
* src/filelock.c (lock_file): Use snprintf instead of sprintf
* src/libsst.c (sst_set_ger): ditto
* src/libsst.c (sst_set_gr): ditto
* src/libsst.c (sst_set_gx): ditto
* src/libsst.c (sst_tones): ditto
* src/libsst.c (sst_dmtf): ditto
* src/print.c (float_to_string): ditto
* src/process-unix.c (allocate_pty_the_old_fashioned_way): ditto
* src/process-unix.c (unix_open_network_stream): ditto
* src/s/hpux.h (PTY_TTY_NAME_SPRINTF): ditto
* src/s/rtu.h (PTY_TTY_NAME_SPRINTF): ditto
* src/s/sco4.h (PTY_TTY_NAME_SPRINTF): ditto
* src/s/sco5.h (PTY_TTY_NAME_SPRINTF): ditto
* src/data.c (Fnumber_to_string): correct arguments to new buffer
size aware float_to_string and long_to_string
* src/doprnt.c (emacs_doprnt_number): correct arguments to new
buffer size aware long_to_string
* src/print.c (print_internal): ditto
* src/ui/redisplay.c (window_line_number): ditto
* src/ui/redisplay.c (decode_mode_spec): ditto
* src/ent/ent-float.c (print_float): correct arguments to new
buffer size aware float_to_string
* src/ent/ent-float.h: define new argument for float_to_string
* src/lisp.h: define new argument for long_to_string
* src/emacs.c (assert_failed): flush stderr to make sure assertion is written.
* src/print.c (float_to_string): rewrite so that it knows size and
does not overflow buf. Also uses snprintf instead of sprintf
* src/print.c (long_to_string): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Mon, 3 Oct 2011 02:01:04 +0000 (12:01 +1000)]
Coverity fixes from Nelson
* merges: (27 commits)
Coverity fixes. Replace UNUSED with SXE_UNUSED since some system includes (like sox.h) define it in an incompatible fashion
Coverity fixes
[ Replace this line with a one-line summary of the changes ]
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity changes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes
Coverity fixes.
...
Nelson Ferreira [Sun, 2 Oct 2011 23:14:00 +0000 (19:14 -0400)]
Coverity fixes. Replace UNUSED with SXE_UNUSED since some system includes (like sox.h) define it in an incompatible fashion
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:26:45 +0000 (17:26 -0400)]
Coverity fixes
* src/lisp.h (PRIVATE_EXTERNAL_LIST_LOOP_6): silence value
computed not used warning.
* src/lisp.h: add prototypes for write_hex_ptr, write_fmt_str and
write_fmt_sting.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:23:23 +0000 (17:23 -0400)]
[ Replace this line with a one-line summary of the changes ]
* src/emodules-ng.c (__emodng_find): only get module info if on debug mode
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:22:10 +0000 (17:22 -0400)]
Coverity fixes
* src/doc.c (unparesseuxify_doc_string): decrease stack usage
* src/doc.c (Fsnarf_documentation): check return of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:20:05 +0000 (17:20 -0400)]
Coverity fixes
* src/ui/X11/frame-x.c (color_to_string): use snprintf instead of sprintf
* src/ui/X11/frame-x.c (x_set_initial_frame_size): ditto.
* src/ui/X11/frame-x.c (Fx_window_id): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:18:08 +0000 (17:18 -0400)]
Coverity fixes
* src/ui/X11/event-Xt.c (x_keysym_to_emacs_keysym): check result of snprintf
* src/ui/X11/event-Xt.c (describe_event_window): ditto.
* src/ui/X11/event-Xt.c (describe_event): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:16:05 +0000 (17:16 -0400)]
Coverity fixes
* src/ui/X11/dialog-x.c (dbox_descriptor_to_widget_value): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:15:03 +0000 (17:15 -0400)]
Coverity changes
* src/ui/TTY/terminfo.c (emacs_tparam): use strncpy instead of strcpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:14:11 +0000 (17:14 -0400)]
Coverity fixes
* src/ui/TTY/redisplay-tty.c (term_get_fkeys_1): check return of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:12:59 +0000 (17:12 -0400)]
Coverity fixes
* src/ui/X11/objects-x.c (x_print_color_instance): use write_fmt_str instead of snprintf
* src/ui/X11/objects-x.c (x_print_font_instance): ditto
* src/ui/X11/objects-x.c (truename_via_random_props): check result
of snprintf and remove not needed finalizer from strncpy.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:10:09 +0000 (17:10 -0400)]
Coverity fixes
* src/ui/TTY/objects-tty.c (Ffind_tty_color): check return of snprintf
* src/ui/TTY/objects-tty.c (Ftty_registered_color_list): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:08:56 +0000 (17:08 -0400)]
Coverity fixes
* src/ui/TTY/gpmevent.c (Fgpm_enabled_p): check return of snprintf
* src/ui/TTY/gpmevent.c (Fgpm_enable): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:06:55 +0000 (17:06 -0400)]
Coverity fixes
* src/ui/Gtk/ui-gtk.c (ffi_object_printer): use write_fmt_str
instead of sprintf.
* src/ui/Gtk/ui-gtk.c (emacs_gtk_object_printer): ditto.
* src/ui/Gtk/ui-gtk.c (object_getprop): use write fmt_string instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:04:49 +0000 (17:04 -0400)]
Coverity fixes
* src/ui/Gtk/objects-gtk.c (gtk_print_color_instance): use
write_fmt_str instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:03:44 +0000 (17:03 -0400)]
Coverity fixes
* src/ui/Gtk/gtk-xemacs.c (xemacs_gtk_convert_color): use snprint
instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 21:02:29 +0000 (17:02 -0400)]
Coverity fixes
* src/ui/Gtk/glyphs-gtk.c (gtk_print_image_instance): use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:32:52 +0000 (15:32 -0400)]
Coverity fixes
* src/ui/X11/xmu.c (XmuPrintDefaultErrorMessage): use snprint
instead of sprintf and strncpy instead of strcpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:16:45 +0000 (15:16 -0400)]
Coverity fixes
* src/ui/X11/ExternalShell.c (GetGeometry): use snprintf instead sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:15:26 +0000 (15:15 -0400)]
Coverity fixes
* src/ui/Gtk/frame-gtk.c (Fgtk_window_id): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:14:01 +0000 (15:14 -0400)]
Coverity fixes.
* src/ui/Gtk/event-gtk.c (gtk_keysym_to_emacs_keysym): use snprintf instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:12:46 +0000 (15:12 -0400)]
Coverity fixes
* src/rangetab.c (print_range_table): use write_fmt_str instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:11:19 +0000 (15:11 -0400)]
Coverity fixes
* src/mule/mule-charset.c (print_charset): use
write_fmt_str/write_fmt_string instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 19:07:04 +0000 (15:07 -0400)]
Coverity
* src/ui/glyphs-eimage.c: always use safer vsnprintf.
* src/ui/glyphs-eimage.c (tiff_error_func): always use safer vsnprintf.
* src/ui/glyphs-eimage.c (tiff_warning_func): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 18:54:22 +0000 (14:54 -0400)]
Coverity fixes
* src/mule/input-method-xlib.c (EmacsXtCvtStringToXIMStyles): use
snprintf instead of sprintf.
* src/mule/input-method-xlib.c (describe_Window): ditto. Also
check for the result of the system syscall.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 18:51:35 +0000 (14:51 -0400)]
Coverity fixes
* src/md5.c (Fmd5): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 18:48:45 +0000 (14:48 -0400)]
Coverity fixes
* src/search.c (compre_prfun): Use write_fmt_str instead of snprintf
* src/search.c (fast_string_match): safeguard alloca from being
used with a negative length.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sun, 2 Oct 2011 01:06:36 +0000 (21:06 -0400)]
Coverity fixes
* src/ui/glyphs.c (print_image_instance): Use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Sat, 1 Oct 2011 01:00:51 +0000 (11:00 +1000)]
Coverity fixes from Nelson
* merges: (43 commits)
Coverity fixes
Security fixes.
CID:295 SECURE_CODING
Security fixes
Coverity fixes
Coverity fixes
Coverity fixes.
Coverity fixes
Coverity fixes. SECURE_CODING CI:302,301
Coverity fixes CID:330
Coverity fixes. SECURE_CODING CID:329
Coverity fixes. SECURE_CODING CID:339,338,337
CID:327 SECURE_CODING
Coverity fixes
Coverity fixes
Coverity fixes
Secure coding
CID:428 UNUSED_VALUE
CID:294 SECURE_CODING
CID:291 SECURE_CODING
...
Nelson Ferreira [Sat, 1 Oct 2011 00:15:32 +0000 (20:15 -0400)]
Coverity fixes
* src/dired.c (dired_realpath): free the buffer if realpath fails. RESOURCE_LEAK
* src/dired.c (dfr_inner): only consider the canonname as fullname
if it could resolve the canonical name CID:205 REVERSE_INULL
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Sat, 1 Oct 2011 00:03:12 +0000 (20:03 -0400)]
Security fixes.
* src/ui/X11/device-x.c (read_locale_specific_resources): check
snprintf results and use sizeof instead of countof since we are
talking about chars...
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:54:51 +0000 (19:54 -0400)]
CID:295 SECURE_CODING
* src/marker.c (print_marker): use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:53:18 +0000 (19:53 -0400)]
Security fixes
* src/sheap.c (report_sheap_usage): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:51:57 +0000 (19:51 -0400)]
Coverity fixes
* src/effi.c: include sysdep.h for the async_timeout prototypes
* src/effi.c (Fffi_load_library): use strncpy and strncat instead of strcpy/strcat
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:47:55 +0000 (19:47 -0400)]
Coverity fixes
* src/ui/keymap.c (print_keymap): use write_fmt_str instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:46:22 +0000 (19:46 -0400)]
Coverity fixes.
* src/ui/X11/menubar-x.c
(command_builder_operate_menu_accelerator): use write_fmt_str
instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:44:33 +0000 (19:44 -0400)]
Coverity fixes
* src/skiplist.c (print_skiplist): use write_fmt_str instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:42:04 +0000 (19:42 -0400)]
Coverity fixes. SECURE_CODING CI:302,301
* src/objects.c (print_color_instance): use write_fmt_str instead of sprintf
* src/objects.c (print_fonr_instance): use write_fmt_str instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:39:44 +0000 (19:39 -0400)]
Coverity fixes CID:330
* src/ui/frame.c (print_frame): use write_fmt_str and write_fmt_string instead of sprintf.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:38:16 +0000 (19:38 -0400)]
Coverity fixes. SECURE_CODING CID:329
* src/ui/device.c (print_device): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:33:37 +0000 (19:33 -0400)]
Coverity fixes. SECURE_CODING CID:339,338,337
* src/ui/lwlib/xlwgauge.c: include lwlib-internal.h
* src/ui/lwlib/xlwgauge.c (GaugeExpose): use snprintf instead of sprintf. small reformat of expressions to help human parsing...
* src/ui/lwlib/xlwgauge.c (GaugeSelect): use snprintf instead of sprintf
* src/ui/lwlib/xlwgauge.c (MaxLabel): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:28:38 +0000 (19:28 -0400)]
CID:327 SECURE_CODING
* src/ui/X11/scrollbar-x.c (x_create_scrollbar_instance): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:23:54 +0000 (19:23 -0400)]
Coverity fixes
* src/callproc.c: remove unused report_fork_error
* src/callproc.c (Fold_call_process_internal): check result from pipe (CID:152)
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:17:38 +0000 (19:17 -0400)]
Coverity fixes
* src/sysdep.c (init_system_name): use strncpy instead of strcpy
* src/sysdep.h: add start/stop async timeout prototypes.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:15:01 +0000 (19:15 -0400)]
Coverity fixes
* src/ui/redisplay.c (add_octal_runes): make a reference to
add_failed to "shutup" coverity.
* src/ui/redisplay.c (decode_mode_spec): make just enough room for
a long
* src/ui/redisplay.c (decode_mode_spec): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:09:41 +0000 (19:09 -0400)]
Secure coding
* src/bloom.c (print_bloom): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:07:37 +0000 (19:07 -0400)]
CID:428 UNUSED_VALUE
* src/ui/window.c (print_window): use write_fmt_str instead of snprintf
* src/ui/window.c (margin_width_internal): no need to check this return
* src/ui/window.c (print_window_config): use write_fmt_str instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:02:33 +0000 (19:02 -0400)]
CID:294 SECURE_CODING
* src/lstream.c (print_lstream): use write_fmt_string instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 23:00:30 +0000 (19:00 -0400)]
CID:291 SECURE_CODING
* src/fns.c (base16_encode_1): use snprintf instead of sprint,
needs addition parameter for buffer parameter...
* src/fns.c (Fbase16_encode_string): use base16_encode_1 with the new parameter
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:57:52 +0000 (18:57 -0400)]
CID:256 SECURE_CODING
* lib-src/ootags.c (main): avoid using sprintf just to build a 1 char string...
* lib-src/ootags.c (main): use snprintf instead of sprintf
* lib-src/ootags.c (main): ditto.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:53:33 +0000 (18:53 -0400)]
CID:150 Call result should be used
* lib-src/mmencode.c (from64): check result of fgets
* lib-src/mmencode.c (fromqp): ditto
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:47:11 +0000 (18:47 -0400)]
Misc security fixes
* lib-src/make-docfile.c (next_extra_elc): Make appropriate check on fgets
* lib-src/make-docfile.c (main): check for chdir success
* lib-src/make-docfile.c (scan_c_file): check for fscanf success
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:40:45 +0000 (18:40 -0400)]
CID:245,142,90 SECURE_CODING, CALL_RESULT_SHOULD_BE_CHECK, NEGATIVE_RETURN
* lib-src/gnuslib.c: include assert and remove RCS
* lib-src/gnuslib.c (connect_to_internet_server): use snprintf
instead of sprintf, and check result from write
* lib-src/gnuslib.c (disconnect_from_server): check for negative
length possible result from the read.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:34:32 +0000 (18:34 -0400)]
No CID yet...
* src/ui/lwlib/lwlib-Xm.c (make_dialog): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:32:13 +0000 (18:32 -0400)]
CID:328 SECURE_CODING
* src/ui/console.c (print_console): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:28:40 +0000 (18:28 -0400)]
CID:317
* src/ui/lwlib/lwlib.c (safe_strdup): use strncpy instead of strcpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:20:31 +0000 (18:20 -0400)]
Small type change
* lib-src/etags.c (argv): Use int instead of ssize_t as per manpage
* src/print.c (std_handle_out_va): ditto
* src/print.c (write_fmt_str): fix comment reference to function name
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:16:43 +0000 (18:16 -0400)]
SECURE_CODING
* src/ui/X11/glyphs-x.c (x_print_image_instance): use write_fmt_str instead of sprintf
* src/ui/X11/glyphs-x.c: removed #if 0 write_lisp_string_to_temp_file
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:14:24 +0000 (18:14 -0400)]
SECURE_CODING
* src/dumper.c (pdump): improve security on error message
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:11:40 +0000 (18:11 -0400)]
CID:336 SECURE_CODING
* src/ui/lwlib/lwlib-Xaw.c (make_dialog): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:05:42 +0000 (18:05 -0400)]
Misc coverity fixes (lost CID)
* src/ui/lwlib/xlwmenu.c: include lwlib-internal.h
* src/ui/lwlib/xlwmenu.c (resource_widget_value): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 22:00:39 +0000 (18:00 -0400)]
CID:57 FORWARD_NULL
* src/ui/glyphs-widget.c (layout_query_geometry): make sure to
test for width and height != NULL before dereference.
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 21:33:09 +0000 (17:33 -0400)]
Fixup snprintf
* src/buffer.c (Fgenerate_new_buffer_name): check snprintf result
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 21:30:11 +0000 (17:30 -0400)]
CID:341 SECURE_CODING
* src/ui/lwlib/xlwtabs.c (XawTabsSetTop): use snprintf instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 06:25:03 +0000 (02:25 -0400)]
CID:143,144 Call result should be used
* lib-src/hexl.c (main): check result of fread
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 06:21:48 +0000 (02:21 -0400)]
CID:293 SECURE_CODING
* src/lread.c (Fload_internal): use strncpy instead of strcpy
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 06:18:40 +0000 (02:18 -0400)]
CID:151 Call result should be used
* lib-src/movemail.c (main): check the result of ftruncate
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 05:22:49 +0000 (01:22 -0400)]
Coverity related fixes.
* src/ui/specifier.c (print_specifier): use write_fmt_string instead of snprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 05:17:43 +0000 (01:17 -0400)]
CID:154 - Call result should be used...
* src/emacs.c (main_1): Check for return of dup(0)
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 05:01:02 +0000 (01:01 -0400)]
CID:334
* src/ui/gui.c (print_gui_item): use write_fmt_string instead of sprintf
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Fri, 30 Sep 2011 00:05:34 +0000 (20:05 -0400)]
Coverity fixes. Several CID's related to use of sprintf and stack usage.
* src/print.c (std_handle_out_external): cleanup extranous scope
* src/print.c (std_handle_out_external): remove condition for
extlen == 0, since that is impossible. CID:23 DEADCODE
* src/print.c (std_handle_out_va): Lowered buffer from 16K to 1K
since most messages will be small and this could lead to heavy
stack usage (specially upon assert failure in
std_handle_out_external). CID:348,349 STACK_USE
* src/print.c (internal_object_printer): Use newly refactored
write_fmt_string instead of sprintf. CID:305 SECURE_CODING
* src/print.c (printing_major_badness): Use snprintf CID:240
SECURE_CODING
* src/print.c (default_object_printer): Use write_fmt_string
instead of sprintf CID:239 SECURE_CODING
* src/print.c (internal_object_printer): ditto.
* src/print.c (SXE_VSNPRINT_VA): Macro to do vsnprintf with
automatic buffer resizing.
* src/print.c (write_fmt_str): New function for small (like
integers) sprintf.
* src/print.c (write_fmt_string): Moved up and refactored to use
the macro which tries buffer reallocation.
* src/print.c (std_handle_out_va): Refactor to use macro which
tries buffer reallocation.
* src/print.c (stdout_out): minor indenting change
* src/print.c (fatal): Make sure not to do GETTEXT when in fatal error
* src/print.c (write_hex_ptr): New function to print a pointer value in hex
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Nelson Ferreira [Thu, 29 Sep 2011 23:27:48 +0000 (19:27 -0400)]
CID:241 SECURE_CODING
* lib-src/etags.c (main): use snprint and warn of truncate cmdline (and refuse to run)
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
Steve Youngs [Sun, 18 Sep 2011 21:51:43 +0000 (07:51 +1000)]
Coverity fixes from Nelson
* merges:
CID:122 - NEGATIVE_RETURNS - Possible use of negative file descriptor
CID:123 - NEGATIVE_RETURNS - Possible use of negative file descriptor
CID:124 NEGATIVE_RETURNS - Possible use of negative file descriptor.
CID:125 - NEGATIVE RETURNS - Possible use of negative file descriptios
CID:135 - NULL RETURNS - Possible NULL pointer dereference
CID:182 - RESOURCE_LEAK - memory not freed inside Prolog_functions
CID:192 RESOURCE_LEAK - new argv is not freed
CID:226 SECURE_CODING - risky use of strcpy
CID:226 - SECURE_CODING risky usage of strcpy
CID:228 SECURE_CODING - risky usage of strcat
Fix last commit of CID:228 SECURE_CODING - risky usage of strcat
CID:230 SECURE_CODING - risky use of strcpy
CID:232 SECURE_CODING - risky usage of strcpy
CID:241 SECURE_CODING - risky usage of sprintf
CID:318 SECURE_CODING - risky usage of sprintf
CID:340 SECURE_CODING - risky usage of strcat
Added sxe-utils.h with several utilities from lisp.h
CID:475 USE AFTER FREE
CID:179 RESOURCE LEAK - free string in odd case
Nelson Ferreira [Sun, 18 Sep 2011 06:39:57 +0000 (02:39 -0400)]
CID:122 - NEGATIVE_RETURNS - Possible use of negative file descriptor
* src/ui/X11/event-Xt.c(emacs_Xt_select_console): Only call
select_filedesc if the descriptor is valid
Nelson Ferreira [Sun, 18 Sep 2011 06:38:37 +0000 (02:38 -0400)]
CID:123 - NEGATIVE_RETURNS - Possible use of negative file descriptor
* src/ui/X11/event-Xt.c(emacs_Xt_select_process): Only call
select_filedesc if the descriptor is valid
Nelson Ferreira [Sun, 18 Sep 2011 06:37:01 +0000 (02:37 -0400)]
CID:124 NEGATIVE_RETURNS - Possible use of negative file descriptor.
* src/ui/X11/event-Xt.c(emacs_Xt_unselect_console): Only call
unselect_filedesc if the descriptor is valid
Nelson Ferreira [Sun, 18 Sep 2011 06:35:16 +0000 (02:35 -0400)]
CID:125 - NEGATIVE RETURNS - Possible use of negative file descriptios
* src/ui/X11/event-Xt.c(emacs_Xt_unselect_process): only call
unselect_filedesc if indeed it is a valid one.
Nelson Ferreira [Sun, 18 Sep 2011 06:33:14 +0000 (02:33 -0400)]
CID:135 - NULL RETURNS - Possible NULL pointer dereference
* src/ui/X11/console-x.h(error_check_frame_type): make
assert also verify the pointer is not NULL before dereference.
Nelson Ferreira [Sun, 18 Sep 2011 06:28:42 +0000 (02:28 -0400)]
CID:182 - RESOURCE_LEAK - memory not freed inside Prolog_functions
* lib-src/ootags.c(Prolog_functions): free last before returning
Nelson Ferreira [Sun, 18 Sep 2011 06:25:34 +0000 (02:25 -0400)]
CID:192 RESOURCE_LEAK - new argv is not freed
* src/emacs.c(make_docfile): free newargv after the return of
execv (which will be never if successful, but, if execv fails no
memory will be leaked.)
Nelson Ferreira [Sun, 18 Sep 2011 06:20:33 +0000 (02:20 -0400)]
CID:226 SECURE_CODING - risky use of strcpy
* lib-src/etags.c(concat): use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 06:19:36 +0000 (02:19 -0400)]
CID:226 - SECURE_CODING risky usage of strcpy
* lib-src/movemail.c(concat): Use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 06:15:59 +0000 (02:15 -0400)]
CID:228 SECURE_CODING - risky usage of strcat
* lib-src/etags.c (relative_filename): actually define res_left
Nelson Ferreira [Sun, 18 Sep 2011 06:13:44 +0000 (02:13 -0400)]
Fix last commit of CID:228 SECURE_CODING - risky usage of strcat
* lib-src/ootags.c (relative_filename): actually define res_left
Nelson Ferreira [Sun, 18 Sep 2011 06:06:06 +0000 (02:06 -0400)]
CID:230 SECURE_CODING - risky use of strcpy
* lib-src/etags.c (write_classname): Use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 04:24:47 +0000 (00:24 -0400)]
CID:232 SECURE_CODING - risky usage of strcpy
* lib-src/ootags.c (inf;): Use strncpy
Nelson Ferreira [Sun, 18 Sep 2011 04:22:17 +0000 (00:22 -0400)]
CID:241 SECURE_CODING - risky usage of sprintf
* lib-src/etags.c (argv): use snprintf
Nelson Ferreira [Sun, 18 Sep 2011 04:19:53 +0000 (00:19 -0400)]
CID:318 SECURE_CODING - risky usage of sprintf
* src/ui/X11/event-Xt.c (describe_event): Use snprint
Nelson Ferreira [Sun, 18 Sep 2011 04:04:47 +0000 (00:04 -0400)]
CID:340 SECURE_CODING - risky usage of strcat
* src/ui/lwlib/xlwmenu.c (parameterize_string): use strncat
instead of strcat and keep the space available checked...
Nelson Ferreira [Sun, 18 Sep 2011 04:00:56 +0000 (00:00 -0400)]
Added sxe-utils.h with several utilities from lisp.h
* src/sxe-utils.h: added code from lisp.h related to stuff like min, max, UNUSED, UNLIKELY, etc
* src/lisp.h: remove code moved to sxe-utils.h and added include to it
* src/sxemacs.h: added include to sxe-utils.h
Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>