From: "Fabian Groffen" <grobian@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/portage-utils:master commit in: libq/
Date: Sun, 26 Jan 2020 19:31:19 +0000 (UTC) [thread overview]
Message-ID: <1580067045.982ea6b9dcea2a86d3772c99cff9ada0c400bf29.grobian@gentoo> (raw)
commit: 982ea6b9dcea2a86d3772c99cff9ada0c400bf29
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 26 19:30:45 2020 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Jan 26 19:30:45 2020 +0000
URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=982ea6b9
libq/xpak: fix Coverity 125939 Time of check time of use
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
libq/xpak.c | 38 +++++++++++++++++++++++---------------
1 file changed, 23 insertions(+), 15 deletions(-)
diff --git a/libq/xpak.c b/libq/xpak.c
index 90a3570..59c541d 100644
--- a/libq/xpak.c
+++ b/libq/xpak.c
@@ -223,7 +223,7 @@ xpak_process(
static void
_xpak_add_file(
- int dir_fd,
+ int fd,
const char *filename,
struct stat *st,
FILE *findex,
@@ -236,7 +236,7 @@ _xpak_add_file(
unsigned char intbuf[4];
unsigned char *p = intbuf;
const char *basefile;
- int fd, in_len;
+ int in_len;
basefile = basename(filename);
@@ -259,28 +259,24 @@ _xpak_add_file(
/* now open the file, get (data_len),
* and append the file to the data file */
- fd = openat(dir_fd, filename, O_RDONLY|O_CLOEXEC);
- if (fd < 0) {
- open_fail:
+ if ((fin = fdopen(fd, "r")) == NULL) {
warnp("could not open for reading: %s", filename);
- fake_data_len:
WRITE_BE_INT32(p, 0);
fwrite(p, 1, 4, findex);
return;
}
- fin = fdopen(fd, "r");
- if (!fin) {
- close(fd);
- goto open_fail;
- }
+
in_len = st->st_size;
/* the xpak format can only store files whose size is a 32bit int
* so we have to make sure we don't store a big file */
if (in_len != st->st_size) {
warnf("File is too big: %zu", (size_t)st->st_size);
fclose(fin);
- goto fake_data_len;
+ WRITE_BE_INT32(p, 0);
+ fwrite(p, 1, 4, findex);
+ return;
}
+
WRITE_BE_INT32(p, in_len);
fwrite(p, 1, 4, findex);
copy_file(fin, fdata);
@@ -333,6 +329,8 @@ xpak_create(
index_len = data_len = 0;
for (i = 0; i < argc; ++i) {
+ int fd;
+
if (fstatat(dir_fd, argv[i], &st, 0)) {
warnp("fstatat(%s) failed", argv[i]);
continue;
@@ -344,22 +342,32 @@ xpak_create(
for (fidx = 0; fidx < numfiles; ++fidx) {
int ret = snprintf(path, sizeof(path), "%s/%s",
argv[i], dir[fidx]->d_name);
+
if (ret < 0 || (size_t)ret >= sizeof(path)) {
warn("skipping path too long: %s/%s",
argv[i], dir[fidx]->d_name);
continue;
}
- if (stat(path, &st) < 0) {
+
+ fd = openat(dir_fd, path, O_RDONLY|O_CLOEXEC);
+ if (fd < 0 || fstat(fd, &st) < 0) {
warnp("could not read %s", path);
continue;
}
- _xpak_add_file(dir_fd, path, &st,
+ _xpak_add_file(fd, path, &st,
findex, &index_len, fdata, &data_len, verbose);
+ close(fd);
}
scandir_free(dir, numfiles);
} else if (S_ISREG(st.st_mode)) {
- _xpak_add_file(dir_fd, argv[i], &st,
+ fd = openat(dir_fd, argv[i], O_RDONLY|O_CLOEXEC);
+ if (fd < 0 || fstat(fd, &st) < 0) {
+ warnp("could not read %s", path);
+ continue;
+ }
+ _xpak_add_file(fd, argv[i], &st,
findex, &index_len, fdata, &data_len, verbose);
+ close(fd);
} else
warn("Skipping non file/directory '%s'", argv[i]);
}
next reply other threads:[~2020-01-26 19:31 UTC|newest]
Thread overview: 196+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-26 19:31 Fabian Groffen [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-07-03 19:44 [gentoo-commits] proj/portage-utils:master commit in: libq/ Fabian Groffen
2024-04-08 19:27 Fabian Groffen
2024-02-01 8:21 Fabian Groffen
2024-02-01 8:21 Fabian Groffen
2024-01-31 20:41 Fabian Groffen
2024-01-31 19:30 Fabian Groffen
2024-01-31 19:29 Fabian Groffen
2024-01-27 13:28 Fabian Groffen
2023-04-21 19:11 Fabian Groffen
2023-01-30 14:14 Fabian Groffen
2022-05-26 14:36 Fabian Groffen
2022-05-26 14:36 Fabian Groffen
2022-05-20 17:15 Fabian Groffen
2022-05-20 17:15 Fabian Groffen
2022-05-19 8:32 Fabian Groffen
2022-05-19 8:16 Fabian Groffen
2022-05-19 7:45 Fabian Groffen
2022-02-12 17:13 Fabian Groffen
2022-02-12 17:13 Fabian Groffen
2022-02-06 14:51 Fabian Groffen
2022-02-06 14:29 Fabian Groffen
2022-02-06 13:27 Fabian Groffen
2022-02-06 13:27 Fabian Groffen
2022-02-06 12:22 Fabian Groffen
2021-12-29 12:20 Fabian Groffen
2021-12-26 13:59 Fabian Groffen
2021-12-26 13:59 Fabian Groffen
2021-12-26 13:59 Fabian Groffen
2021-12-26 13:59 Fabian Groffen
2021-12-13 8:39 Fabian Groffen
2021-12-13 8:39 Fabian Groffen
2021-11-13 14:27 Fabian Groffen
2021-10-09 12:13 Fabian Groffen
2021-10-04 6:28 Fabian Groffen
2021-10-04 6:28 Fabian Groffen
2021-10-03 10:49 Fabian Groffen
2021-06-23 7:14 Fabian Groffen
2021-06-14 9:34 Fabian Groffen
2021-06-14 9:34 Fabian Groffen
2021-06-14 9:34 Fabian Groffen
2021-06-14 9:34 Fabian Groffen
2021-06-14 9:34 Fabian Groffen
2021-06-14 9:34 Fabian Groffen
2021-06-01 19:43 Fabian Groffen
2021-05-23 10:54 Fabian Groffen
2021-05-10 9:15 Fabian Groffen
2021-04-29 15:04 Fabian Groffen
2021-04-29 13:47 Fabian Groffen
2021-04-29 13:24 Fabian Groffen
2021-03-13 12:44 Fabian Groffen
2021-02-20 12:06 Fabian Groffen
2021-02-20 11:44 Fabian Groffen
2021-02-17 20:23 Fabian Groffen
2021-02-17 20:23 Fabian Groffen
2021-01-15 20:05 Fabian Groffen
2020-06-27 9:38 Fabian Groffen
2020-06-07 10:41 Fabian Groffen
2020-05-25 18:19 Fabian Groffen
2020-05-25 18:02 Fabian Groffen
2020-05-25 13:26 Fabian Groffen
2020-05-25 11:20 Fabian Groffen
2020-05-25 11:06 Fabian Groffen
2020-05-25 10:43 Fabian Groffen
2020-05-25 10:43 Fabian Groffen
2020-05-25 10:43 Fabian Groffen
2020-05-25 10:43 Fabian Groffen
2020-05-25 10:43 Fabian Groffen
2020-05-17 12:35 Fabian Groffen
2020-05-17 12:35 Fabian Groffen
2020-02-03 13:17 Fabian Groffen
2020-02-03 13:09 Fabian Groffen
2020-01-22 19:54 Fabian Groffen
2020-01-22 19:54 Fabian Groffen
2020-01-20 19:54 Fabian Groffen
2020-01-20 19:34 Fabian Groffen
2020-01-19 19:36 Fabian Groffen
2020-01-19 19:09 Fabian Groffen
2020-01-19 19:09 Fabian Groffen
2020-01-19 19:09 Fabian Groffen
2020-01-19 19:09 Fabian Groffen
2020-01-19 16:37 Fabian Groffen
2020-01-19 12:37 Fabian Groffen
2020-01-19 10:05 Fabian Groffen
2020-01-19 9:49 Fabian Groffen
2020-01-19 9:49 Fabian Groffen
2020-01-17 8:22 Fabian Groffen
2020-01-05 16:08 Fabian Groffen
2020-01-05 16:08 Fabian Groffen
2020-01-05 16:08 Fabian Groffen
2020-01-02 15:09 Fabian Groffen
2020-01-02 14:07 Fabian Groffen
2020-01-02 14:07 Fabian Groffen
2020-01-02 14:07 Fabian Groffen
2020-01-02 11:55 Fabian Groffen
2020-01-02 11:19 Fabian Groffen
2019-12-30 17:24 Fabian Groffen
2019-12-27 21:19 Fabian Groffen
2019-12-27 16:57 Fabian Groffen
2019-12-27 16:57 Fabian Groffen
2019-11-29 13:22 Fabian Groffen
2019-11-20 17:23 Fabian Groffen
2019-11-19 20:28 Fabian Groffen
2019-11-17 15:12 Fabian Groffen
2019-11-17 15:12 Fabian Groffen
2019-11-13 18:19 Fabian Groffen
2019-11-13 15:48 Fabian Groffen
2019-11-13 15:20 Fabian Groffen
2019-11-09 10:29 Fabian Groffen
2019-09-26 14:06 Fabian Groffen
2019-09-26 14:06 Fabian Groffen
2019-09-26 14:06 Fabian Groffen
2019-09-26 14:06 Fabian Groffen
2019-09-26 13:00 Fabian Groffen
2019-09-25 15:05 Fabian Groffen
2019-09-21 19:53 Fabian Groffen
2019-09-21 19:53 Fabian Groffen
2019-07-14 18:51 Fabian Groffen
2019-07-13 15:37 Fabian Groffen
2019-07-13 9:50 Fabian Groffen
2019-07-12 18:04 Fabian Groffen
2019-06-19 7:41 Fabian Groffen
2019-06-10 10:09 Fabian Groffen
2019-06-05 7:57 Fabian Groffen
2019-05-21 14:12 Fabian Groffen
2019-05-14 20:19 Fabian Groffen
2019-05-14 20:19 Fabian Groffen
2019-05-11 11:11 Fabian Groffen
2019-05-11 7:14 Fabian Groffen
2019-05-11 7:14 Fabian Groffen
2019-05-10 15:32 Fabian Groffen
2019-05-10 15:32 Fabian Groffen
2019-05-10 15:32 Fabian Groffen
2019-05-07 6:19 Fabian Groffen
2019-05-06 16:04 Fabian Groffen
2019-05-06 16:04 Fabian Groffen
2019-05-05 20:05 Fabian Groffen
2019-05-05 18:13 Fabian Groffen
2019-05-05 8:58 Fabian Groffen
2019-05-04 11:53 Fabian Groffen
2019-05-03 11:45 Fabian Groffen
2019-05-02 15:17 Fabian Groffen
2019-05-01 19:09 Fabian Groffen
2019-04-30 8:20 Fabian Groffen
2019-04-30 7:54 Fabian Groffen
2019-04-28 17:10 Fabian Groffen
2019-04-28 16:21 Fabian Groffen
2019-04-28 16:02 Fabian Groffen
2019-04-27 8:38 Fabian Groffen
2019-04-25 17:36 Fabian Groffen
2019-04-25 9:22 Fabian Groffen
2019-04-25 9:22 Fabian Groffen
2019-04-25 9:22 Fabian Groffen
2019-04-25 9:22 Fabian Groffen
2019-04-19 11:47 Fabian Groffen
2019-03-27 10:55 Fabian Groffen
2019-03-11 20:55 Fabian Groffen
2019-03-09 18:58 Fabian Groffen
2019-02-27 20:53 Fabian Groffen
2019-02-27 20:53 Fabian Groffen
2019-02-05 14:19 Fabian Groffen
2018-12-20 20:02 Fabian Groffen
2018-12-20 20:02 Fabian Groffen
2018-12-20 18:24 Fabian Groffen
2018-04-09 7:15 Fabian Groffen
2018-04-05 13:31 Fabian Groffen
2018-04-05 12:46 Fabian Groffen
2018-04-03 20:00 Fabian Groffen
2018-03-26 18:41 Fabian Groffen
2018-03-25 14:13 Fabian Groffen
2018-03-25 14:00 Fabian Groffen
2018-03-23 20:17 Fabian Groffen
2018-03-23 11:56 Fabian Groffen
2018-03-23 11:29 Fabian Groffen
2017-12-29 11:45 Fabian Groffen
2017-12-29 11:45 Fabian Groffen
2017-12-29 11:45 Fabian Groffen
2016-12-29 2:25 Mike Frysinger
2016-11-12 17:23 Mike Frysinger
2016-02-14 1:26 Mike Frysinger
2016-02-14 1:26 Mike Frysinger
2015-11-26 8:43 Mike Frysinger
2015-10-15 22:00 Mike Frysinger
2015-10-15 22:00 Mike Frysinger
2015-05-31 8:31 Mike Frysinger
2015-05-19 17:37 Mike Frysinger
2015-02-24 1:26 Mike Frysinger
2015-02-24 1:26 Mike Frysinger
2015-02-24 1:26 Mike Frysinger
2015-02-21 18:06 Mike Frysinger
2015-02-16 11:47 Mike Frysinger
2014-03-11 4:53 Mike Frysinger
2014-03-08 5:51 Mike Frysinger
2014-03-08 5:51 Mike Frysinger
2014-03-08 5:51 Mike Frysinger
2014-03-08 5:51 Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1580067045.982ea6b9dcea2a86d3772c99cff9ada0c400bf29.grobian@gentoo \
--to=grobian@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox