[poky][master][PATCH] systemd: Fix codesonar warnings

[poky][master][PATCH] systemd: Fix codesonar warnings

[Amitanand N Chikorde]

[-- Attachment #1: Type: text/plain, Size: 6022 bytes --]

From: "Amitanand.Chikorde" <Amitanand.Chikorde@kpit.com>

Fixed below systemd codesonar warnings.
1. isprint() and isspace() is invoked here with an argument of signed
type char, but only has defined behavior for int arguments that are
either representable as unsigned char or equal to the value
of macro EOF(-1).

As per codesonar report, in a number of libc implementations, isprint()
and isspace() functions implemented using lookup tables (arrays):
passing in a negative value can result in a read underrun.

To avoid this unexpected behaviour, typecasted char type argument to
unsigned char type.

2. "seqnum" defined, not initialized & used in device-private.c
Intialized "seqnum" at definition.

Upstream-Status: Pending
Signed-off-by: Amitanand.Chikorde <amitanand.chikorde@kpit.com>
---
 .../files/systemd_codesonar_warnings_fix.patch      | 105 ++++++++++++++++++++
 5 files changed, 9 insertions(+), 9 deletions(-)
 create mode 100644 files/systemd_codesonar_warnings_fix.patch

diff --git a/files/systemd_codesonar_warnings_fix.patch b/files/systemd_codesonar_warnings_fix.patch
new file mode 100644
index 0000000..8138eba
--- /dev/null
+++ b/files/systemd_codesonar_warnings_fix.patch
@@ -0,0 +1,105 @@
+systemd: fix codesonar warnings
+
+Fixed below systemd codesonar warnings.
+1. isprint() and isspace() is invoked here with an argument of signed
+type char, but only has defined behavior for int arguments that are
+either representable as unsigned char or equal to the value
+of macro EOF(-1).
+
+As per codesonar report, in a number of libc implementations, isprint()
+and isspace() functions implemented using lookup tables (arrays):
+passing in a negative value can result in a read underrun.
+
+To avoid this unexpected behaviour, typecasted char type argument to
+unsigned char type.
+
+2. "seqnum" defined, not initialized & used in device-private.c
+Intialized "seqnum" at definition.
+
+Signed-off-by: Amitanand N. Chikorde <Amitanand.Chikorde@kpit.com>
+Upstream-Status: Pending
+
+--- origcode/src/libsystemd/sd-device/device-private.c 2020-07-09 18:05:13.744127907 +0530
++++ modifcode/src/libsystemd/sd-device/device-private.c        2020-07-09 18:01:56.494621945 +0530
+@@ -560,7 +560,7 @@
+         char **key;
+         const char *major = NULL, *minor = NULL;
+         DeviceAction action = _DEVICE_ACTION_INVALID;
+-        uint64_t seqnum;
++        uint64_t seqnum = 0;
+         int r;
+
+         assert(ret);
+--- origcode/src/libudev/libudev-util.c        2020-07-09 18:05:13.656049515 +0530
++++ modifcode/src/libudev/libudev-util.c       2020-07-09 18:02:32.563386414 +0530
+@@ -171,7 +171,7 @@
+
+         /* strip trailing whitespace */
+         len = strnlen(str, len);
+-        while (len && isspace(str[len-1]))
++        while (len && isspace((unsigned char) str[len-1]))
+                 len--;
+
+         /* strip leading whitespace */
+@@ -182,8 +182,8 @@
+         j = 0;
+         while (i < len) {
+                 /* substitute multiple whitespace with a single '_' */
+-                if (isspace(str[i])) {
+-                        while (isspace(str[i]))
++                if (isspace((unsigned char) str[i])) {
++                        while (isspace((unsigned char) str[i]))
+                                 i++;
+                         to[j++] = '_';
+                 }
+--- origcode/src/udev/udevadm-hwdb.c   2020-07-09 18:05:13.612010318 +0530
++++ modifcode/src/udev/udevadm-hwdb.c  2020-07-09 18:03:26.243530163 +0530
+@@ -487,7 +487,7 @@
+
+                 /* strip trailing whitespace */
+                 len = strlen(line);
+-                while (len > 0 && isspace(line[len-1]))
++                while (len > 0 && isspace((unsigned char) line[len-1]))
+                         len--;
+                 line[len] = '\0';
+
+--- origcode/src/udev/udevadm-info.c   2020-07-09 18:05:13.616013882 +0530
++++ modifcode/src/udev/udevadm-info.c  2020-07-09 18:03:41.621625782 +0530
+@@ -73,7 +73,7 @@
+
+                 /* skip nonprintable attributes */
+                 len = strlen(value);
+-                while (len > 0 && isprint(value[len-1]))
++                while (len > 0 && isprint((unsigned char) value[len-1]))
+                         len--;
+                 if (len > 0)
+                         continue;
+--- origcode/src/udev/udev-rules.c     2020-07-09 18:05:13.624021008 +0530
++++ modifcode/src/udev/udev-rules.c    2020-07-09 18:03:03.227995790 +0530
+@@ -726,7 +726,7 @@
+                 return -1;
+
+         /* skip whitespace */
+-        while (isspace(linepos[0]) || linepos[0] == ',')
++        while (isspace((unsigned char) linepos[0]) || linepos[0] == ',')
+                 linepos++;
+
+         /* get the key */
+@@ -738,7 +738,7 @@
+                 linepos++;
+                 if (linepos[0] == '\0')
+                         return -1;
+-                if (isspace(linepos[0]))
++                if (isspace((unsigned char) linepos[0]))
+                         break;
+                 if (linepos[0] == '=')
+                         break;
+@@ -751,7 +751,7 @@
+         temp = linepos;
+
+         /* skip whitespace after key */
+-        while (isspace(linepos[0]))
++        while (isspace((unsigned char) linepos[0]))
+                 linepos++;
+         if (linepos[0] == '\0')
+                 return -1;
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

[-- Attachment #2: Type: text/html, Size: 11751 bytes --]

Re: [OE-core] [poky][master][PATCH] systemd: Fix codesonar warnings

[Paul Barker]

On Fri, 10 Jul 2020 at 12:55, Amitanand N Chikorde
<Amitanand.Chikorde@kpit.com> wrote:
>
> From: "Amitanand.Chikorde" <Amitanand.Chikorde@kpit.com>
>
> Fixed below systemd codesonar warnings.
> 1. isprint() and isspace() is invoked here with an argument of signed
> type char, but only has defined behavior for int arguments that are
> either representable as unsigned char or equal to the value
> of macro EOF(-1).
>
> As per codesonar report, in a number of libc implementations, isprint()
> and isspace() functions implemented using lookup tables (arrays):
> passing in a negative value can result in a read underrun.
>
> To avoid this unexpected behaviour, typecasted char type argument to
> unsigned char type.
>
> 2. "seqnum" defined, not initialized & used in device-private.c
> Intialized "seqnum" at definition.
>
> Upstream-Status: Pending
> Signed-off-by: Amitanand.Chikorde <amitanand.chikorde@kpit.com>
> ---
>  .../files/systemd_codesonar_warnings_fix.patch      | 105 ++++++++++++++++++++
>  5 files changed, 9 insertions(+), 9 deletions(-)
>  create mode 100644 files/systemd_codesonar_warnings_fix.patch
>
> diff --git a/files/systemd_codesonar_warnings_fix.patch b/files/systemd_codesonar_warnings_fix.patch
> new file mode 100644
> index 0000000..8138eba
> --- /dev/null
> +++ b/files/systemd_codesonar_warnings_fix.patch
> @@ -0,0 +1,105 @@
> +systemd: fix codesonar warnings
> +
> +Fixed below systemd codesonar warnings.
> +1. isprint() and isspace() is invoked here with an argument of signed
> +type char, but only has defined behavior for int arguments that are
> +either representable as unsigned char or equal to the value
> +of macro EOF(-1).
> +
> +As per codesonar report, in a number of libc implementations, isprint()
> +and isspace() functions implemented using lookup tables (arrays):
> +passing in a negative value can result in a read underrun.
> +
> +To avoid this unexpected behaviour, typecasted char type argument to
> +unsigned char type.
> +
> +2. "seqnum" defined, not initialized & used in device-private.c
> +Intialized "seqnum" at definition.
> +
> +Signed-off-by: Amitanand N. Chikorde <Amitanand.Chikorde@kpit.com>
> +Upstream-Status: Pending
> +
> +--- origcode/src/libsystemd/sd-device/device-private.c 2020-07-09 18:05:13.744127907 +0530
> ++++ modifcode/src/libsystemd/sd-device/device-private.c        2020-07-09 18:01:56.494621945 +0530
> +@@ -560,7 +560,7 @@
> +         char **key;
> +         const char *major = NULL, *minor = NULL;
> +         DeviceAction action = _DEVICE_ACTION_INVALID;
> +-        uint64_t seqnum;
> ++        uint64_t seqnum = 0;
> +         int r;
> +
> +         assert(ret);
> +--- origcode/src/libudev/libudev-util.c        2020-07-09 18:05:13.656049515 +0530
> ++++ modifcode/src/libudev/libudev-util.c       2020-07-09 18:02:32.563386414 +0530
> +@@ -171,7 +171,7 @@
> +
> +         /* strip trailing whitespace */
> +         len = strnlen(str, len);
> +-        while (len && isspace(str[len-1]))
> ++        while (len && isspace((unsigned char) str[len-1]))
> +                 len--;
> +
> +         /* strip leading whitespace */
> +@@ -182,8 +182,8 @@
> +         j = 0;
> +         while (i < len) {
> +                 /* substitute multiple whitespace with a single '_' */
> +-                if (isspace(str[i])) {
> +-                        while (isspace(str[i]))
> ++                if (isspace((unsigned char) str[i])) {
> ++                        while (isspace((unsigned char) str[i]))
> +                                 i++;
> +                         to[j++] = '_';
> +                 }
> +--- origcode/src/udev/udevadm-hwdb.c   2020-07-09 18:05:13.612010318 +0530
> ++++ modifcode/src/udev/udevadm-hwdb.c  2020-07-09 18:03:26.243530163 +0530
> +@@ -487,7 +487,7 @@
> +
> +                 /* strip trailing whitespace */
> +                 len = strlen(line);
> +-                while (len > 0 && isspace(line[len-1]))
> ++                while (len > 0 && isspace((unsigned char) line[len-1]))
> +                         len--;
> +                 line[len] = '\0';
> +
> +--- origcode/src/udev/udevadm-info.c   2020-07-09 18:05:13.616013882 +0530
> ++++ modifcode/src/udev/udevadm-info.c  2020-07-09 18:03:41.621625782 +0530
> +@@ -73,7 +73,7 @@
> +
> +                 /* skip nonprintable attributes */
> +                 len = strlen(value);
> +-                while (len > 0 && isprint(value[len-1]))
> ++                while (len > 0 && isprint((unsigned char) value[len-1]))
> +                         len--;
> +                 if (len > 0)
> +                         continue;
> +--- origcode/src/udev/udev-rules.c     2020-07-09 18:05:13.624021008 +0530
> ++++ modifcode/src/udev/udev-rules.c    2020-07-09 18:03:03.227995790 +0530
> +@@ -726,7 +726,7 @@
> +                 return -1;
> +
> +         /* skip whitespace */
> +-        while (isspace(linepos[0]) || linepos[0] == ',')
> ++        while (isspace((unsigned char) linepos[0]) || linepos[0] == ',')
> +                 linepos++;
> +
> +         /* get the key */
> +@@ -738,7 +738,7 @@
> +                 linepos++;
> +                 if (linepos[0] == '\0')
> +                         return -1;
> +-                if (isspace(linepos[0]))
> ++                if (isspace((unsigned char) linepos[0]))
> +                         break;
> +                 if (linepos[0] == '=')
> +                         break;
> +@@ -751,7 +751,7 @@
> +         temp = linepos;
> +
> +         /* skip whitespace after key */
> +-        while (isspace(linepos[0]))
> ++        while (isspace((unsigned char) linepos[0]))
> +                 linepos++;
> +         if (linepos[0] == '\0')
> +                 return -1;

This patch seems to have got mangled by your email client, please
re-send via `git send-email`.

> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

I'm not comfortable seeing footers like this on patches, it suggests
that the code above is subject to additional restrictions which would
make it unsuitable for inclusion in an open source project.

-- 
Paul Barker
Konsulko Group

Re: [OE-core] [poky][master][PATCH] systemd: fix codesonar warnings

[Richard Purdie]

On Fri, 2020-08-07 at 14:45 +0000, Amitanand N Chikorde wrote:
> The patch is having 8 fixes of which only 1 is applicable to upstream
> systemd. 

This implies the issues are in patches that Yocto Project is applying?

If that is the case, why aren't we fixing those patches rather than
what amounts to patching of patches?

> The applicable fix is up-streamed to systemd project ( pull request  
> https://github.com/systemd/systemd/pull/16625 ), it is merged into
> upstream systemd master branch.
> 
> We need to upstream all of the systemd codesonar fixes.
> 
> Moved patch file to path "poky/meta/recipes-core/systemd/systemd/"
> and will be sending the patch file to openembedded-core mailing list.

Moving the patch is a good first step but lets fix the problematic
patches and have the changes included in the recipe too please.

Cheers,

Richard

Re: [OE-core] [poky][master][PATCH] systemd: fix codesonar warnings

[Amitanand N Chikorde]

[-- Attachment #1: Type: text/plain, Size: 2731 bytes --]

Hi Richard,

The patch is having 8 fixes of which only 1 is applicable to upstream systemd.

The applicable fix is up-streamed to systemd project ( pull request  https://github.com/systemd/systemd/pull/16625 ), it is merged into upstream systemd master branch.

We need to upstream all of the systemd codesonar fixes.

Moved patch file to path "poky/meta/recipes-core/systemd/systemd/" and will be sending the patch file to openembedded-core mailing list.


Regards,
Amit

________________________________
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Sent: Friday, August 7, 2020 2:51 PM
To: Amitanand N Chikorde <Amitanand.Chikorde@kpit.com>; openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>; raj.khem@gmail.com <raj.khem@gmail.com>
Cc: Nisha Parrakat <Nisha.Parrakat@kpit.com>; Anuj Chougule <Anuj.Chougule@kpit.com>; Aditya Tayade <Aditya.Tayade@kpit.com>
Subject: Re: [OE-core] [poky][master][PATCH] systemd: fix codesonar warnings

On Fri, 2020-08-07 at 14:27 +0530, Amitanand N Chikorde wrote:
> Fixed below systemd codesonar warnings.
> 1. isprint() and isspace() is invoked here with an argument of signed
> type char, but only has defined behavior for int arguments that are
> either representable as unsigned char or equal to the value
> of macro EOF(-1).
>
> As per codesonar report, in a number of libc implementations,
> isprint()
> and isspace() functions implemented using lookup tables (arrays):
> passing in a negative value can result in a read underrun.
>
> To avoid this unexpected behaviour, typecasted char type argument to
> unsigned char type.
>
> 2. "seqnum" defined, not initialized & used in device-private.c
> Intialized "seqnum" at definition.
>
> Signed-off-by: Amitanand <Amitanand.Chikorde@kpit.com>
> ---
>  files/systemd_codesonar_warnings_fix.patch | 106
> +++++++++++++++++++++++++++++
>  1 file changed, 106 insertions(+)
>  create mode 100644 files/systemd_codesonar_warnings_fix.patch

This patch simply creates a patch file. It doesn't get applied anywhere
and is in a generic files/ directory.

Shouldn't this go to upstream systemd?

Cheers,

Richard

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

[-- Attachment #2: Type: text/html, Size: 5354 bytes --]

Re: [OE-core] [poky][master][PATCH] systemd: fix codesonar warnings

[Richard Purdie]

On Fri, 2020-08-07 at 14:27 +0530, Amitanand N Chikorde wrote:
> Fixed below systemd codesonar warnings.
> 1. isprint() and isspace() is invoked here with an argument of signed
> type char, but only has defined behavior for int arguments that are
> either representable as unsigned char or equal to the value
> of macro EOF(-1).
> 
> As per codesonar report, in a number of libc implementations,
> isprint()
> and isspace() functions implemented using lookup tables (arrays):
> passing in a negative value can result in a read underrun.
> 
> To avoid this unexpected behaviour, typecasted char type argument to
> unsigned char type.
> 
> 2. "seqnum" defined, not initialized & used in device-private.c
> Intialized "seqnum" at definition.
> 
> Signed-off-by: Amitanand <Amitanand.Chikorde@kpit.com>
> ---
>  files/systemd_codesonar_warnings_fix.patch | 106
> +++++++++++++++++++++++++++++
>  1 file changed, 106 insertions(+)
>  create mode 100644 files/systemd_codesonar_warnings_fix.patch

This patch simply creates a patch file. It doesn't get applied anywhere
and is in a generic files/ directory.

Shouldn't this go to upstream systemd?

Cheers,

Richard