Re: [Non-DoD Source] [PATCH 0/9] Fix issues found by static analyzers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/16/19 12:46 PM, jwcart2 wrote:

On 9/1/19 2:06 PM, Nicolas Iooss wrote:

Hi,

In August I ran several free static analyzers in order to find new
issues in the userspace code. I used:

* clang's static analyzer (with scripts/run-scan-build)
* https://lgtm.com/ (I wrote a simple configuration file to analyze the
   C code, the results are available on
   https://lgtm.com/projects/g/fishilico/selinux-for-lgtm/ )
* Facebook's Infer (https://fbinfer.com/, I wrote a script to invoke it
   like clang's static analyzer)

Each analyzer gave many results, with several true bugs in them. Here
are patches that fix some of them. I will post the configuration files
and scripts I used separately.

Thanks,
Nicolas

Nicolas Iooss (9):
   semodule-utils: fix comparison with argc
   libsepol/cil: help static analyzers by aborting when an allocation
     fails
   libsepol: do not dereference a failed allocated pointer
   libsepol: do not dereference scope if it can be NULL
   libsepol: reset *p to NULL if sepol_module_package_create fails
   libsepol/cil: do not dereference perm_value_to_cil when it has not
     been allocated
   python/chcat: remove unnecessary assignment
   python/sepolicy: remove unnecessary pass statement
   libsepol/tests: do not dereference a NULL pointer

  libsepol/cil/src/cil_binary.c                        | 10 ++++++----
  libsepol/cil/src/cil_mem.c                           |  5 +++++
  libsepol/src/avrule_block.c                          |  3 ++-
  libsepol/src/kernel_to_cil.c                         |  8 +++++---
  libsepol/src/kernel_to_conf.c                        |  8 +++++---
  libsepol/src/module.c                                |  4 +++-
  libsepol/tests/test-common.c                         | 11 +++++++----
  python/chcat/chcat                                   |  1 -
  python/sepolicy/sepolicy/__init__.py                 |  1 -
  semodule-utils/semodule_package/semodule_unpackage.c |  2 +-
  10 files changed, 34 insertions(+), 19 deletions(-)
I forgot to mention this when I commented on patches 2 and 3, but patches 1 and 4-9 all look good to me.
I plan on merging these, my take on your patch 2, and your updated patch 3 tomorrow, unless there are any objections.
I have indeed merged your patches 1 and 4-9 along with my take on your patch 2 and your updated patch 3. 

Thanks,
Jim


Jim





--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux