* [PATCH 1/6] scripts/run-scan-build: update
@ 2021-07-14 18:13 Christian Göttsche
2021-07-14 18:13 ` [PATCH 2/6] secilc: fix memory leaks in secilc Christian Göttsche
` (5 more replies)
0 siblings, 6 replies; 8+ messages in thread
From: Christian Göttsche @ 2021-07-14 18:13 UTC (permalink / raw)
To: selinux
- use multiple jobs
- define _FORTIFY_SOURCE=2 to enable checks on standard string handling
functions due to macro/intrinsic overloads or function attributes
- allow to override clang and scan-build binaries, i.e. for using
versioned ones
- set PYTHON_SETUP_ARGS accordingly on Debian
- enable common warning -Wextra
- print build result
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
scripts/run-scan-build | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/scripts/run-scan-build b/scripts/run-scan-build
index ae5aa48b..ef07fefc 100755
--- a/scripts/run-scan-build
+++ b/scripts/run-scan-build
@@ -1,6 +1,10 @@
#!/bin/sh
# Run clang's static analyzer (scan-build) and record its output in output-scan-build/
+# Allow overriding binariy names, like clang-12
+export CC=${CC:-clang}
+SCAN_BUILD=${SCAN_BUILD:-scan-build}
+
# Ensure the current directory is where this script is
cd "$(dirname -- "$0")" || exit $?
@@ -20,14 +24,24 @@ export PATH="$DESTDIR/usr/sbin:$DESTDIR/usr/bin:$DESTDIR/sbin:$DESTDIR/bin:$PATH
export PYTHONPATH="$DESTDIR$(${PYTHON:-python3} -c "from distutils.sysconfig import *;print(get_python_lib(prefix='/usr'))")"
export RUBYLIB="$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorlibdir"]'):$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorarchdir"]')"
+if [ -f /etc/debian_version ]; then
+ export PYTHON_SETUP_ARGS='--install-layout=deb'
+fi
+
# Build and analyze
-make -C .. CC=clang clean distclean -j"$(nproc)"
-scan-build -analyze-headers -o "$OUTPUTDIR" make -C .. \
- CC=clang \
+make -C .. clean distclean -j"$(nproc)"
+$SCAN_BUILD -analyze-headers -o "$OUTPUTDIR" make -C .. \
DESTDIR="$DESTDIR" \
- CFLAGS="-O2 -Wall -D__CHECKER__ -I$DESTDIR/usr/include" \
+ CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=2 -D__CHECKER__ -I$DESTDIR/usr/include" \
+ -j"$(nproc)" \
install install-pywrap install-rubywrap all test
+if [ $? -eq 0 ]; then
+ echo "++ Build succeeded"
+else
+ echo "++ Build failed"
+fi
+
# Reduce the verbosity in order to keep the message from scan-build saying
# "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.
set +x
--
2.32.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/6] secilc: fix memory leaks in secilc
2021-07-14 18:13 [PATCH 1/6] scripts/run-scan-build: update Christian Göttsche
@ 2021-07-14 18:13 ` Christian Göttsche
2021-07-14 18:13 ` [PATCH 3/6] secilc: fix memory leaks in secilc2conf Christian Göttsche
` (4 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Christian Göttsche @ 2021-07-14 18:13 UTC (permalink / raw)
To: selinux
When specifying -o or -f more than once, the previous allocations leak.
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
secilc/secilc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/secilc/secilc.c b/secilc/secilc.c
index 1c4f1ca0..80d3583d 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -199,9 +199,11 @@ int main(int argc, char *argv[])
qualified_names = 1;
break;
case 'o':
+ free(output);
output = strdup(optarg);
break;
case 'f':
+ free(filecontexts);
filecontexts = strdup(optarg);
break;
case 'G':
--
2.32.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/6] secilc: fix memory leaks in secilc2conf
2021-07-14 18:13 [PATCH 1/6] scripts/run-scan-build: update Christian Göttsche
2021-07-14 18:13 ` [PATCH 2/6] secilc: fix memory leaks in secilc Christian Göttsche
@ 2021-07-14 18:13 ` Christian Göttsche
2021-07-14 18:13 ` [PATCH 4/6] policycoreutils: free memory on lstat failure in sestatus Christian Göttsche
` (3 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Christian Göttsche @ 2021-07-14 18:13 UTC (permalink / raw)
To: selinux
When specifying -o more than once, the previous allocation leaks.
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
secilc/secil2conf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/secilc/secil2conf.c b/secilc/secil2conf.c
index d4103777..c49522e5 100644
--- a/secilc/secil2conf.c
+++ b/secilc/secil2conf.c
@@ -111,6 +111,7 @@ int main(int argc, char *argv[])
qualified_names = 1;
break;
case 'o':
+ free(output);
output = strdup(optarg);
break;
case 'h':
--
2.32.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 4/6] policycoreutils: free memory on lstat failure in sestatus
2021-07-14 18:13 [PATCH 1/6] scripts/run-scan-build: update Christian Göttsche
2021-07-14 18:13 ` [PATCH 2/6] secilc: fix memory leaks in secilc Christian Göttsche
2021-07-14 18:13 ` [PATCH 3/6] secilc: fix memory leaks in secilc2conf Christian Göttsche
@ 2021-07-14 18:13 ` Christian Göttsche
2021-07-14 18:13 ` [PATCH 5/6] policycoreutils: free memory of allocated context in run_init Christian Göttsche
` (2 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Christian Göttsche @ 2021-07-14 18:13 UTC (permalink / raw)
To: selinux
In case lstat(3) fails the memory is not free'd at the end of the for
loop, due to the control flow change by continue.
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/sestatus/sestatus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
index b37f0353..ceee0d52 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -461,6 +461,7 @@ int main(int argc, char **argv)
("%s (could not check link status (%s)!)\n",
context, strerror(errno));
freecon(context);
+ free(fc[i]);
continue;
}
if (S_ISLNK(m.st_mode)) {
--
2.32.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 5/6] policycoreutils: free memory of allocated context in run_init
2021-07-14 18:13 [PATCH 1/6] scripts/run-scan-build: update Christian Göttsche
` (2 preceding siblings ...)
2021-07-14 18:13 ` [PATCH 4/6] policycoreutils: free memory on lstat failure in sestatus Christian Göttsche
@ 2021-07-14 18:13 ` Christian Göttsche
2021-07-14 18:13 ` [PATCH 6/6] policycoreutils: free memory of allocated context in newrole Christian Göttsche
2021-07-19 16:58 ` [PATCH 1/6] scripts/run-scan-build: update James Carter
5 siblings, 0 replies; 8+ messages in thread
From: Christian Göttsche @ 2021-07-14 18:13 UTC (permalink / raw)
To: selinux
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/run_init/run_init.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
index 1c5eb68e..545490a2 100644
--- a/policycoreutils/run_init/run_init.c
+++ b/policycoreutils/run_init/run_init.c
@@ -406,14 +406,19 @@ int main(int argc, char *argv[])
if (chdir("/")) {
perror("chdir");
+ free(new_context);
exit(-1);
}
if (setexeccon(new_context) < 0) {
fprintf(stderr, _("Could not set exec context to %s.\n"),
new_context);
+ free(new_context);
exit(-1);
}
+
+ free(new_context);
+
if (access("/usr/sbin/open_init_pty", X_OK) != 0) {
if (execvp(argv[1], argv + 1)) {
perror("execvp");
--
2.32.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 6/6] policycoreutils: free memory of allocated context in newrole
2021-07-14 18:13 [PATCH 1/6] scripts/run-scan-build: update Christian Göttsche
` (3 preceding siblings ...)
2021-07-14 18:13 ` [PATCH 5/6] policycoreutils: free memory of allocated context in run_init Christian Göttsche
@ 2021-07-14 18:13 ` Christian Göttsche
2021-07-19 16:58 ` [PATCH 1/6] scripts/run-scan-build: update James Carter
5 siblings, 0 replies; 8+ messages in thread
From: Christian Göttsche @ 2021-07-14 18:13 UTC (permalink / raw)
To: selinux
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/newrole/newrole.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 0264531a..7c1f062f 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -1239,6 +1239,7 @@ int main(int argc, char *argv[])
free(pw.pw_dir);
free(pw.pw_shell);
free(shell_argv0);
+ free(new_context);
return exit_code;
}
--
2.32.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/6] scripts/run-scan-build: update
2021-07-14 18:13 [PATCH 1/6] scripts/run-scan-build: update Christian Göttsche
` (4 preceding siblings ...)
2021-07-14 18:13 ` [PATCH 6/6] policycoreutils: free memory of allocated context in newrole Christian Göttsche
@ 2021-07-19 16:58 ` James Carter
2021-07-22 13:18 ` James Carter
5 siblings, 1 reply; 8+ messages in thread
From: James Carter @ 2021-07-19 16:58 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Wed, Jul 14, 2021 at 2:16 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> - use multiple jobs
> - define _FORTIFY_SOURCE=2 to enable checks on standard string handling
> functions due to macro/intrinsic overloads or function attributes
> - allow to override clang and scan-build binaries, i.e. for using
> versioned ones
> - set PYTHON_SETUP_ARGS accordingly on Debian
> - enable common warning -Wextra
> - print build result
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
For all six patches:
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> scripts/run-scan-build | 22 ++++++++++++++++++----
> 1 file changed, 18 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/run-scan-build b/scripts/run-scan-build
> index ae5aa48b..ef07fefc 100755
> --- a/scripts/run-scan-build
> +++ b/scripts/run-scan-build
> @@ -1,6 +1,10 @@
> #!/bin/sh
> # Run clang's static analyzer (scan-build) and record its output in output-scan-build/
>
> +# Allow overriding binariy names, like clang-12
> +export CC=${CC:-clang}
> +SCAN_BUILD=${SCAN_BUILD:-scan-build}
> +
> # Ensure the current directory is where this script is
> cd "$(dirname -- "$0")" || exit $?
>
> @@ -20,14 +24,24 @@ export PATH="$DESTDIR/usr/sbin:$DESTDIR/usr/bin:$DESTDIR/sbin:$DESTDIR/bin:$PATH
> export PYTHONPATH="$DESTDIR$(${PYTHON:-python3} -c "from distutils.sysconfig import *;print(get_python_lib(prefix='/usr'))")"
> export RUBYLIB="$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorlibdir"]'):$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorarchdir"]')"
>
> +if [ -f /etc/debian_version ]; then
> + export PYTHON_SETUP_ARGS='--install-layout=deb'
> +fi
> +
> # Build and analyze
> -make -C .. CC=clang clean distclean -j"$(nproc)"
> -scan-build -analyze-headers -o "$OUTPUTDIR" make -C .. \
> - CC=clang \
> +make -C .. clean distclean -j"$(nproc)"
> +$SCAN_BUILD -analyze-headers -o "$OUTPUTDIR" make -C .. \
> DESTDIR="$DESTDIR" \
> - CFLAGS="-O2 -Wall -D__CHECKER__ -I$DESTDIR/usr/include" \
> + CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=2 -D__CHECKER__ -I$DESTDIR/usr/include" \
> + -j"$(nproc)" \
> install install-pywrap install-rubywrap all test
>
> +if [ $? -eq 0 ]; then
> + echo "++ Build succeeded"
> +else
> + echo "++ Build failed"
> +fi
> +
> # Reduce the verbosity in order to keep the message from scan-build saying
> # "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.
> set +x
> --
> 2.32.0
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/6] scripts/run-scan-build: update
2021-07-19 16:58 ` [PATCH 1/6] scripts/run-scan-build: update James Carter
@ 2021-07-22 13:18 ` James Carter
0 siblings, 0 replies; 8+ messages in thread
From: James Carter @ 2021-07-22 13:18 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Mon, Jul 19, 2021 at 12:58 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, Jul 14, 2021 at 2:16 PM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > - use multiple jobs
> > - define _FORTIFY_SOURCE=2 to enable checks on standard string handling
> > functions due to macro/intrinsic overloads or function attributes
> > - allow to override clang and scan-build binaries, i.e. for using
> > versioned ones
> > - set PYTHON_SETUP_ARGS accordingly on Debian
> > - enable common warning -Wextra
> > - print build result
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For all six patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>
This series has been merged.
Thanks,
Jim
> > ---
> > scripts/run-scan-build | 22 ++++++++++++++++++----
> > 1 file changed, 18 insertions(+), 4 deletions(-)
> >
> > diff --git a/scripts/run-scan-build b/scripts/run-scan-build
> > index ae5aa48b..ef07fefc 100755
> > --- a/scripts/run-scan-build
> > +++ b/scripts/run-scan-build
> > @@ -1,6 +1,10 @@
> > #!/bin/sh
> > # Run clang's static analyzer (scan-build) and record its output in output-scan-build/
> >
> > +# Allow overriding binariy names, like clang-12
> > +export CC=${CC:-clang}
> > +SCAN_BUILD=${SCAN_BUILD:-scan-build}
> > +
> > # Ensure the current directory is where this script is
> > cd "$(dirname -- "$0")" || exit $?
> >
> > @@ -20,14 +24,24 @@ export PATH="$DESTDIR/usr/sbin:$DESTDIR/usr/bin:$DESTDIR/sbin:$DESTDIR/bin:$PATH
> > export PYTHONPATH="$DESTDIR$(${PYTHON:-python3} -c "from distutils.sysconfig import *;print(get_python_lib(prefix='/usr'))")"
> > export RUBYLIB="$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorlibdir"]'):$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorarchdir"]')"
> >
> > +if [ -f /etc/debian_version ]; then
> > + export PYTHON_SETUP_ARGS='--install-layout=deb'
> > +fi
> > +
> > # Build and analyze
> > -make -C .. CC=clang clean distclean -j"$(nproc)"
> > -scan-build -analyze-headers -o "$OUTPUTDIR" make -C .. \
> > - CC=clang \
> > +make -C .. clean distclean -j"$(nproc)"
> > +$SCAN_BUILD -analyze-headers -o "$OUTPUTDIR" make -C .. \
> > DESTDIR="$DESTDIR" \
> > - CFLAGS="-O2 -Wall -D__CHECKER__ -I$DESTDIR/usr/include" \
> > + CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=2 -D__CHECKER__ -I$DESTDIR/usr/include" \
> > + -j"$(nproc)" \
> > install install-pywrap install-rubywrap all test
> >
> > +if [ $? -eq 0 ]; then
> > + echo "++ Build succeeded"
> > +else
> > + echo "++ Build failed"
> > +fi
> > +
> > # Reduce the verbosity in order to keep the message from scan-build saying
> > # "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.
> > set +x
> > --
> > 2.32.0
> >
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-07-22 13:18 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-14 18:13 [PATCH 1/6] scripts/run-scan-build: update Christian Göttsche
2021-07-14 18:13 ` [PATCH 2/6] secilc: fix memory leaks in secilc Christian Göttsche
2021-07-14 18:13 ` [PATCH 3/6] secilc: fix memory leaks in secilc2conf Christian Göttsche
2021-07-14 18:13 ` [PATCH 4/6] policycoreutils: free memory on lstat failure in sestatus Christian Göttsche
2021-07-14 18:13 ` [PATCH 5/6] policycoreutils: free memory of allocated context in run_init Christian Göttsche
2021-07-14 18:13 ` [PATCH 6/6] policycoreutils: free memory of allocated context in newrole Christian Göttsche
2021-07-19 16:58 ` [PATCH 1/6] scripts/run-scan-build: update James Carter
2021-07-22 13:18 ` James Carter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).