| Message ID | 20190901180636.31586-1-nicolas.iooss@m4x.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | Fix issues found by static analyzers | expand |
On 9/1/19 2:06 PM, Nicolas Iooss wrote: > Hi, > > In August I ran several free static analyzers in order to find new > issues in the userspace code. I used: > > * clang's static analyzer (with scripts/run-scan-build) > * https://lgtm.com/ (I wrote a simple configuration file to analyze the > C code, the results are available on > https://lgtm.com/projects/g/fishilico/selinux-for-lgtm/ ) > * Facebook's Infer (https://fbinfer.com/, I wrote a script to invoke it > like clang's static analyzer) > > Each analyzer gave many results, with several true bugs in them. Here > are patches that fix some of them. I will post the configuration files > and scripts I used separately. > > Thanks, > Nicolas > > Nicolas Iooss (9): > semodule-utils: fix comparison with argc > libsepol/cil: help static analyzers by aborting when an allocation > fails > libsepol: do not dereference a failed allocated pointer > libsepol: do not dereference scope if it can be NULL > libsepol: reset *p to NULL if sepol_module_package_create fails > libsepol/cil: do not dereference perm_value_to_cil when it has not > been allocated > python/chcat: remove unnecessary assignment > python/sepolicy: remove unnecessary pass statement > libsepol/tests: do not dereference a NULL pointer > > libsepol/cil/src/cil_binary.c | 10 ++++++---- > libsepol/cil/src/cil_mem.c | 5 +++++ > libsepol/src/avrule_block.c | 3 ++- > libsepol/src/kernel_to_cil.c | 8 +++++--- > libsepol/src/kernel_to_conf.c | 8 +++++--- > libsepol/src/module.c | 4 +++- > libsepol/tests/test-common.c | 11 +++++++---- > python/chcat/chcat | 1 - > python/sepolicy/sepolicy/__init__.py | 1 - > semodule-utils/semodule_package/semodule_unpackage.c | 2 +- > 10 files changed, 34 insertions(+), 19 deletions(-) > I forgot to mention this when I commented on patches 2 and 3, but patches 1 and 4-9 all look good to me. I plan on merging these, my take on your patch 2, and your updated patch 3 tomorrow, unless there are any objections. Jim
On 9/16/19 12:46 PM, jwcart2 wrote: > On 9/1/19 2:06 PM, Nicolas Iooss wrote: >> Hi, >> >> In August I ran several free static analyzers in order to find new >> issues in the userspace code. I used: >> >> * clang's static analyzer (with scripts/run-scan-build) >> * https://lgtm.com/ (I wrote a simple configuration file to analyze the >> C code, the results are available on >> https://lgtm.com/projects/g/fishilico/selinux-for-lgtm/ ) >> * Facebook's Infer (https://fbinfer.com/, I wrote a script to invoke it >> like clang's static analyzer) >> >> Each analyzer gave many results, with several true bugs in them. Here >> are patches that fix some of them. I will post the configuration files >> and scripts I used separately. >> >> Thanks, >> Nicolas >> >> Nicolas Iooss (9): >> semodule-utils: fix comparison with argc >> libsepol/cil: help static analyzers by aborting when an allocation >> fails >> libsepol: do not dereference a failed allocated pointer >> libsepol: do not dereference scope if it can be NULL >> libsepol: reset *p to NULL if sepol_module_package_create fails >> libsepol/cil: do not dereference perm_value_to_cil when it has not >> been allocated >> python/chcat: remove unnecessary assignment >> python/sepolicy: remove unnecessary pass statement >> libsepol/tests: do not dereference a NULL pointer >> >> libsepol/cil/src/cil_binary.c | 10 ++++++---- >> libsepol/cil/src/cil_mem.c | 5 +++++ >> libsepol/src/avrule_block.c | 3 ++- >> libsepol/src/kernel_to_cil.c | 8 +++++--- >> libsepol/src/kernel_to_conf.c | 8 +++++--- >> libsepol/src/module.c | 4 +++- >> libsepol/tests/test-common.c | 11 +++++++---- >> python/chcat/chcat | 1 - >> python/sepolicy/sepolicy/__init__.py | 1 - >> semodule-utils/semodule_package/semodule_unpackage.c | 2 +- >> 10 files changed, 34 insertions(+), 19 deletions(-) >> > > I forgot to mention this when I commented on patches 2 and 3, but patches 1 and > 4-9 all look good to me. > > I plan on merging these, my take on your patch 2, and your updated patch 3 > tomorrow, unless there are any objections. > I have indeed merged your patches 1 and 4-9 along with my take on your patch 2 and your updated patch 3. Thanks, Jim > Jim > >
Hi, In August I ran several free static analyzers in order to find new issues in the userspace code. I used: * clang's static analyzer (with scripts/run-scan-build) * https://lgtm.com/ (I wrote a simple configuration file to analyze the C code, the results are available on https://lgtm.com/projects/g/fishilico/selinux-for-lgtm/ ) * Facebook's Infer (https://fbinfer.com/, I wrote a script to invoke it like clang's static analyzer) Each analyzer gave many results, with several true bugs in them. Here are patches that fix some of them. I will post the configuration files and scripts I used separately. Thanks, Nicolas Nicolas Iooss (9): semodule-utils: fix comparison with argc libsepol/cil: help static analyzers by aborting when an allocation fails libsepol: do not dereference a failed allocated pointer libsepol: do not dereference scope if it can be NULL libsepol: reset *p to NULL if sepol_module_package_create fails libsepol/cil: do not dereference perm_value_to_cil when it has not been allocated python/chcat: remove unnecessary assignment python/sepolicy: remove unnecessary pass statement libsepol/tests: do not dereference a NULL pointer libsepol/cil/src/cil_binary.c | 10 ++++++---- libsepol/cil/src/cil_mem.c | 5 +++++ libsepol/src/avrule_block.c | 3 ++- libsepol/src/kernel_to_cil.c | 8 +++++--- libsepol/src/kernel_to_conf.c | 8 +++++--- libsepol/src/module.c | 4 +++- libsepol/tests/test-common.c | 11 +++++++---- python/chcat/chcat | 1 - python/sepolicy/sepolicy/__init__.py | 1 - semodule-utils/semodule_package/semodule_unpackage.c | 2 +- 10 files changed, 34 insertions(+), 19 deletions(-)