Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 May 2017 08:21:27 -0700
From:      Conrad Meyer <cem@freebsd.org>
To:        Martin Matuska <mm@freebsd.org>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,  svn-src-head@freebsd.org
Subject:   Re: svn commit: r317782 - in head: contrib/libarchive/cpio contrib/libarchive/cpio/test contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libarchive/test_utils lib/libarchive/tests
Message-ID:  <CAG6CVpWSKbYmscrB9cNn4BF5X9v7RmAuP2zaMJrBb%2BS-axKSYQ@mail.gmail.com>
In-Reply-To: <201705040004.v4404Hru044263@repo.freebsd.org>
References:  <201705040004.v4404Hru044263@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Martin,

One minor Coverity nit below:

On Wed, May 3, 2017 at 5:04 PM, Martin Matuska <mm@freebsd.org> wrote:
> Author: mm
> Date: Thu May  4 00:04:17 2017
> New Revision: 317782
> URL: https://svnweb.freebsd.org/changeset/base/317782
>
> Log:
>   MFV r317781:
>   Sync libarchive with vendor
>
>   Vendor changes (FreeBSD-related):
>     PR 897: add test for ZIP archives with invalid EOCD headers
>     PR 901: fix invalid renaming of sparse files
>     OSS-Fuzz issue 497: remove fallback tree in LZX decoder
>     OSS-Fuzz issue 527: rewrite expressions in lz4 filter
>     OSS-Fuzz issue 577: fix integer overflow in cpio reader
>     OSS-Fuzz issue 862: fix numerc parsing in mtree reader
>     OSS-Fuzz issue 1097: fix undefined shift in rar reader
>     cpio: various optimizations and memory leak fixes
>
>   MFC after:    1 week
>
> ...
> Modified: head/contrib/libarchive/cpio/test/test_option_lz4.c
> ==============================================================================
> --- head/contrib/libarchive/cpio/test/test_option_lz4.c Wed May  3 23:55:12 2017        (r317781)
> +++ head/contrib/libarchive/cpio/test/test_option_lz4.c Thu May  4 00:04:17 2017        (r317782)
> ...
> @@ -68,14 +71,18 @@ DEFINE_TEST(test_option_lz4)
>                 if (strstr(p, "Error closing") != NULL && !canLz4()) {
>                         skipping("This version of bsdcpio uses an external lz4 program "
>                             "but no such program is available on this system.");
> +                       free(p);
>                         return;
>                 }
> +               free(p);
>                 failure("--lz4 option is broken: %s", p);

p is used after free here.  Coverity CID 1374948.

Best,
Conrad

>                 assertEqualInt(r, 0);
>                 return;
>         }
> +       free(p);
>         /* Check that the archive file has an lz4 signature. */
>         p = slurpfile(&s, "archive.out");
>         assert(s > 2);
>         assertEqualMem(p, "\x04\x22\x4d\x18", 4);
> +       free(p);
>  }
> ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpWSKbYmscrB9cNn4BF5X9v7RmAuP2zaMJrBb%2BS-axKSYQ>