From 0e13c05d9d5ce4e2b14bc14d273420d6c08c1eda Mon Sep 17 00:00:00 2001 From: David Tardon Date: Wed, 2 Mar 2016 10:20:04 +0100 Subject: [PATCH] add a bunch of fixes for problems found by coverity --- ...-coverity-avoid-possible-memory-leak.patch | 25 ++++++ ...verity-avoid-possible-null-ptr-deref.patch | 36 ++++++++ ...verity-avoid-possible-null-ptr-deref.patch | 34 +++++++ 0030-coverity-likely-intent.patch | 25 ++++++ 0031-coverity-honor-exception-specs.patch | 88 +++++++++++++++++++ 0032-coverity-honor-exception-specs.patch | 34 +++++++ 0034-coverity-honor-exception-specs.patch | 50 +++++++++++ 0035-coverity-honor-exception-specs.patch | 48 ++++++++++ libcmis.spec | 13 ++- 9 files changed, 352 insertions(+), 1 deletion(-) create mode 100644 0003-coverity-avoid-possible-memory-leak.patch create mode 100644 0028-coverity-avoid-possible-null-ptr-deref.patch create mode 100644 0029-coverity-avoid-possible-null-ptr-deref.patch create mode 100644 0030-coverity-likely-intent.patch create mode 100644 0031-coverity-honor-exception-specs.patch create mode 100644 0032-coverity-honor-exception-specs.patch create mode 100644 0034-coverity-honor-exception-specs.patch create mode 100644 0035-coverity-honor-exception-specs.patch diff --git a/0003-coverity-avoid-possible-memory-leak.patch b/0003-coverity-avoid-possible-memory-leak.patch new file mode 100644 index 0000000..ccf5d82 --- /dev/null +++ b/0003-coverity-avoid-possible-memory-leak.patch @@ -0,0 +1,25 @@ +From b65d92d8e3e53f4fe16f7d6be3fec1525bdb4ee0 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 1 Mar 2016 10:06:48 +0100 +Subject: [PATCH 03/37] coverity: avoid possible memory leak + +--- + qa/mockup/mockup-config.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/qa/mockup/mockup-config.cxx b/qa/mockup/mockup-config.cxx +index 043b03e..f830fff 100644 +--- a/qa/mockup/mockup-config.cxx ++++ b/qa/mockup/mockup-config.cxx +@@ -353,7 +353,7 @@ char* curl_mockup_HttpRequest_getHeader( const struct HttpRequest* request, cons + { + char* value = NULL; + size_t i = 0; +- while ( request->headers[i] != NULL ) ++ while ( request->headers[i] != NULL && value == NULL ) + { + string header = request->headers[i]; + const string prefix = string( name ) + ":"; +-- +2.5.0 + diff --git a/0028-coverity-avoid-possible-null-ptr-deref.patch b/0028-coverity-avoid-possible-null-ptr-deref.patch new file mode 100644 index 0000000..4f480d2 --- /dev/null +++ b/0028-coverity-avoid-possible-null-ptr-deref.patch @@ -0,0 +1,36 @@ +From 66c23c95db133bd616e2e35eb49e0993270add9e Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 1 Mar 2016 20:20:00 +0100 +Subject: [PATCH 28/37] coverity: avoid possible null ptr deref + +This way dynamic_cast will throw an exception if the dynamic type does +not match. +--- + src/libcmis/atom-object.cxx | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/libcmis/atom-object.cxx b/src/libcmis/atom-object.cxx +index b7832d6..1eb33fa 100644 +--- a/src/libcmis/atom-object.cxx ++++ b/src/libcmis/atom-object.cxx +@@ -106,13 +106,13 @@ libcmis::ObjectPtr AtomObject::updateProperties( const PropertyPtrMap& propertie + libcmis::ObjectPtr object; + if ( getBaseType( ) == "cmis:document" ) + { +- AtomDocument* thisDoc = dynamic_cast< AtomDocument* >( this ); +- object.reset( new AtomDocument( *thisDoc ) ); ++ const AtomDocument& thisDoc = dynamic_cast< const AtomDocument& >( *this ); ++ object.reset( new AtomDocument( thisDoc ) ); + } + else if ( getBaseType( ) == "cmis:folder" ) + { +- AtomFolder* thisFolder = dynamic_cast< AtomFolder* >( this ); +- object.reset( new AtomFolder( *thisFolder ) ); ++ const AtomFolder& thisFolder = dynamic_cast< const AtomFolder& >( *this ); ++ object.reset( new AtomFolder( thisFolder ) ); + } + return object; + } +-- +2.5.0 + diff --git a/0029-coverity-avoid-possible-null-ptr-deref.patch b/0029-coverity-avoid-possible-null-ptr-deref.patch new file mode 100644 index 0000000..f817ed2 --- /dev/null +++ b/0029-coverity-avoid-possible-null-ptr-deref.patch @@ -0,0 +1,34 @@ +From 913ff7df2c13517282e3de85fc717e44f88f72d0 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 1 Mar 2016 20:21:32 +0100 +Subject: [PATCH 29/37] coverity: avoid possible null ptr deref + +--- + src/libcmis/ws-object.cxx | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/libcmis/ws-object.cxx b/src/libcmis/ws-object.cxx +index b771aed..0eee69f 100644 +--- a/src/libcmis/ws-object.cxx ++++ b/src/libcmis/ws-object.cxx +@@ -87,13 +87,13 @@ libcmis::ObjectPtr WSObject::updateProperties( + libcmis::ObjectPtr object; + if ( getBaseType( ) == "cmis:document" ) + { +- WSDocument* thisDoc = dynamic_cast< WSDocument* >( this ); +- object.reset( new WSDocument( *thisDoc ) ); ++ const WSDocument& thisDoc = dynamic_cast< const WSDocument& >( *this ); ++ object.reset( new WSDocument( thisDoc ) ); + } + else if ( getBaseType( ) == "cmis:folder" ) + { +- WSFolder* thisFolder = dynamic_cast< WSFolder* >( this ); +- object.reset( new WSFolder( *thisFolder ) ); ++ const WSFolder& thisFolder = dynamic_cast< const WSFolder& >( *this ); ++ object.reset( new WSFolder( thisFolder ) ); + } + return object; + } +-- +2.5.0 + diff --git a/0030-coverity-likely-intent.patch b/0030-coverity-likely-intent.patch new file mode 100644 index 0000000..7bc1257 --- /dev/null +++ b/0030-coverity-likely-intent.patch @@ -0,0 +1,25 @@ +From 203f5aec0c7021343adb298dbaf5d9c288ae8f41 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 2 Mar 2016 07:23:27 +0100 +Subject: [PATCH 30/37] coverity: likely intent + +--- + qa/mockup/mockup-config.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/qa/mockup/mockup-config.cxx b/qa/mockup/mockup-config.cxx +index f830fff..f6b84ad 100644 +--- a/qa/mockup/mockup-config.cxx ++++ b/qa/mockup/mockup-config.cxx +@@ -331,7 +331,7 @@ int curl_mockup_getRequestsCount( const char* urlBase, + ( url.find( urlBaseString ) == 0 ); + bool matchParams = matchParamString.empty( ) || + ( params.find( matchParamString ) != string::npos ); +- bool matchBodyPart = !matchBody || ++ bool matchBodyPart = matchBodyStr.empty() || + ( it->m_body.find( matchBodyStr ) != string::npos ); + + if ( matchBaseUrl && matchParams && matchBodyPart ) +-- +2.5.0 + diff --git a/0031-coverity-honor-exception-specs.patch b/0031-coverity-honor-exception-specs.patch new file mode 100644 index 0000000..febcaae --- /dev/null +++ b/0031-coverity-honor-exception-specs.patch @@ -0,0 +1,88 @@ +From a9351aa0e6744cdb4c5b6ce426f3b394804677f2 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 2 Mar 2016 07:24:10 +0100 +Subject: [PATCH 31/37] coverity: honor exception specs + +--- + src/libcmis/sharepoint-session.cxx | 26 +++++++++++++++----------- + src/libcmis/sharepoint-session.hxx | 2 ++ + 2 files changed, 17 insertions(+), 11 deletions(-) + +diff --git a/src/libcmis/sharepoint-session.cxx b/src/libcmis/sharepoint-session.cxx +index d19868b..5310f4e 100644 +--- a/src/libcmis/sharepoint-session.cxx ++++ b/src/libcmis/sharepoint-session.cxx +@@ -379,7 +379,7 @@ libcmis::HttpResponsePtr SharePointSession::httpPutRequest( std::string url, + } + catch ( const CurlException& e ) + { +- fetchDigestCode( ); ++ fetchDigestCodeCurl( ); + response = HttpSession::httpPutRequest( url, is, headers ); + } + return response; +@@ -398,7 +398,7 @@ libcmis::HttpResponsePtr SharePointSession::httpPostRequest( const std::string& + } + catch ( const CurlException& e ) + { +- fetchDigestCode( ); ++ fetchDigestCodeCurl( ); + response = HttpSession::httpPostRequest( url, is, contentType, redirect ); + } + return response; +@@ -413,26 +413,30 @@ void SharePointSession::httpDeleteRequest( std::string url ) + } + catch ( const CurlException& e ) + { +- fetchDigestCode( ); ++ fetchDigestCodeCurl( ); + HttpSession::httpDeleteRequest( url ); + } + } + + void SharePointSession::fetchDigestCode( ) + throw ( libcmis::Exception ) ++try ++{ ++ fetchDigestCodeCurl( ); ++} ++catch ( const CurlException& e ) ++{ ++ throw e.getCmisException( ); ++} ++ ++void SharePointSession::fetchDigestCodeCurl( ) ++ throw ( CurlException ) + { + istringstream is( "empty" ); + libcmis::HttpResponsePtr response; + // url = http://host/_api/contextinfo, first we remove the '/web' part + string url = m_bindingUrl.substr( 0, m_bindingUrl.size( ) - 4 ) + "/contextinfo"; +- try +- { +- response = HttpSession::httpPostRequest( url, is, "" ); +- } +- catch ( const CurlException& e ) +- { +- throw e.getCmisException( ); +- } ++ response = HttpSession::httpPostRequest( url, is, "" ); + string res = response->getStream( )->str( ); + Json jsonRes = Json::parse( res ); + m_digestCode = jsonRes["d"]["GetContextWebInformation"]["FormDigestValue"].toString( ); +diff --git a/src/libcmis/sharepoint-session.hxx b/src/libcmis/sharepoint-session.hxx +index de365c5..d11a5d5 100644 +--- a/src/libcmis/sharepoint-session.hxx ++++ b/src/libcmis/sharepoint-session.hxx +@@ -95,6 +95,8 @@ class SharePointSession : public BaseSession + + private: + SharePointSession( ); ++ void fetchDigestCodeCurl( ) ++ throw ( CurlException ); + std::string m_digestCode; + }; + +-- +2.5.0 + diff --git a/0032-coverity-honor-exception-specs.patch b/0032-coverity-honor-exception-specs.patch new file mode 100644 index 0000000..eb9e594 --- /dev/null +++ b/0032-coverity-honor-exception-specs.patch @@ -0,0 +1,34 @@ +From a6bb2256802b53d481261f24439c9bc9de7f4136 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 2 Mar 2016 07:35:05 +0100 +Subject: [PATCH 32/37] coverity: honor exception specs + +--- + src/libcmis/http-session.cxx | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/libcmis/http-session.cxx b/src/libcmis/http-session.cxx +index 47fff50..79b5f86 100644 +--- a/src/libcmis/http-session.cxx ++++ b/src/libcmis/http-session.cxx +@@ -699,13 +699,12 @@ void HttpSession::oauth2Authenticate( ) throw ( libcmis::Exception ) + + m_inOAuth2Authentication = true; + +- // Try to get the authentication code using the given provider. +- authCode = m_oauth2Handler->oauth2Authenticate( ); +- +- +- // If that didn't work, call the fallback provider from SessionFactory + try + { ++ // Try to get the authentication code using the given provider. ++ authCode = m_oauth2Handler->oauth2Authenticate( ); ++ ++ // If that didn't work, call the fallback provider from SessionFactory + if ( authCode.empty( ) ) + { + libcmis::OAuth2AuthCodeProvider fallbackProvider = libcmis::SessionFactory::getOAuth2AuthCodeProvider( ); +-- +2.5.0 + diff --git a/0034-coverity-honor-exception-specs.patch b/0034-coverity-honor-exception-specs.patch new file mode 100644 index 0000000..dab8284 --- /dev/null +++ b/0034-coverity-honor-exception-specs.patch @@ -0,0 +1,50 @@ +From 60a728ff002d71215b4573d5a32c440cd4a5a094 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 2 Mar 2016 07:48:09 +0100 +Subject: [PATCH 34/37] coverity: honor exception specs + +--- + src/libcmis/http-session.cxx | 6 ++++++ + src/libcmis/http-session.hxx | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/libcmis/http-session.cxx b/src/libcmis/http-session.cxx +index 9b6c460..2a5d6b2 100644 +--- a/src/libcmis/http-session.cxx ++++ b/src/libcmis/http-session.cxx +@@ -692,6 +692,8 @@ void HttpSession::httpRunRequest( string url, vector< string > headers, bool red + + + void HttpSession::checkOAuth2( string url ) ++ throw ( CurlException ) ++try + { + if ( m_oauth2Handler ) + { +@@ -700,6 +702,10 @@ void HttpSession::checkOAuth2( string url ) + oauth2Authenticate( ); + } + } ++catch ( const libcmis::Exception& e ) ++{ ++ throw CurlException( e.what( ) ); ++} + + long HttpSession::getHttpStatus( ) + { +diff --git a/src/libcmis/http-session.hxx b/src/libcmis/http-session.hxx +index eadd455..245e00b 100644 +--- a/src/libcmis/http-session.hxx ++++ b/src/libcmis/http-session.hxx +@@ -168,7 +168,7 @@ class HttpSession + + private: + void checkCredentials( ) throw ( CurlException ); +- void checkOAuth2( std::string url ); ++ void checkOAuth2( std::string url ) throw ( CurlException ); + void oauth2Refresh( ); + void initProtocols( ); + }; +-- +2.5.0 + diff --git a/0035-coverity-honor-exception-specs.patch b/0035-coverity-honor-exception-specs.patch new file mode 100644 index 0000000..55bfa58 --- /dev/null +++ b/0035-coverity-honor-exception-specs.patch @@ -0,0 +1,48 @@ +From fd2bd50813350811c9882d81117152f5cad5d9b5 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 2 Mar 2016 07:52:10 +0100 +Subject: [PATCH 35/37] coverity: honor exception specs + +--- + src/libcmis/http-session.cxx | 6 ++++++ + src/libcmis/http-session.hxx | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/libcmis/http-session.cxx b/src/libcmis/http-session.cxx +index 2a5d6b2..9bbb9bd 100644 +--- a/src/libcmis/http-session.cxx ++++ b/src/libcmis/http-session.cxx +@@ -773,11 +773,17 @@ string HttpSession::getRefreshToken( ) throw ( libcmis::Exception ) + } + + void HttpSession::oauth2Refresh( ) ++ throw ( CurlException ) ++try + { + m_inOAuth2Authentication = true; + m_oauth2Handler->refresh( ); + m_inOAuth2Authentication = false; + } ++catch ( const libcmis::Exception& e ) ++{ ++ throw CurlException( e.what() ); ++} + + void HttpSession::initProtocols( ) + { +diff --git a/src/libcmis/http-session.hxx b/src/libcmis/http-session.hxx +index 245e00b..22827db 100644 +--- a/src/libcmis/http-session.hxx ++++ b/src/libcmis/http-session.hxx +@@ -169,7 +169,7 @@ class HttpSession + private: + void checkCredentials( ) throw ( CurlException ); + void checkOAuth2( std::string url ) throw ( CurlException ); +- void oauth2Refresh( ); ++ void oauth2Refresh( ) throw ( CurlException ); + void initProtocols( ); + }; + +-- +2.5.0 + diff --git a/libcmis.spec b/libcmis.spec index 8d0d608..3b7023f 100644 --- a/libcmis.spec +++ b/libcmis.spec @@ -2,7 +2,7 @@ Name: libcmis Version: 0.5.0 -Release: 11%{?dist} +Release: 12%{?dist} Summary: A C++ client library for CM interfaces License: GPLv2+ or LGPLv2+ or MPLv1.1 @@ -22,6 +22,14 @@ Patch0: 0001-fix-boost-configuration-with-gcc-5.patch Patch1: 0001-avoid-use-after-delete.patch # https://sourceforge.net/p/libcmis/tickets/13/ Patch2: 0005-Remove-invalid-comments-from-test-JSON-file.patch +Patch3: 0003-coverity-avoid-possible-memory-leak.patch +Patch4: 0028-coverity-avoid-possible-null-ptr-deref.patch +Patch5: 0029-coverity-avoid-possible-null-ptr-deref.patch +Patch6: 0030-coverity-likely-intent.patch +Patch7: 0031-coverity-honor-exception-specs.patch +Patch8: 0032-coverity-honor-exception-specs.patch +Patch9: 0034-coverity-honor-exception-specs.patch +Patch10: 0035-coverity-honor-exception-specs.patch %description LibCMIS is a C++ client library for working with CM (content management) @@ -90,6 +98,9 @@ make check %{_mandir}/man1/cmis-client.1* %changelog +* Wed Mar 02 2016 David Tardon - 0.5.0-12 +- add a bunch of fixes for problems found by coverity + * Thu Feb 04 2016 Fedora Release Engineering - 0.5.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild