From unknown Sun Jul 27 07:31:12 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47362: important potential issues found by covscan in diffutils-3.7 on fedora
Resent-From: than <than@redhat.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-diffutils@gnu.org
Resent-Date: Wed, 24 Mar 2021 14:10:01 +0000
Resent-Message-ID: <handler.47362.B.161659496826175@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 47362
X-GNU-PR-Package: diffutils
X-GNU-PR-Keywords: 
To: 47362@debbugs.gnu.org
X-Debbugs-Original-To: bug-diffutils@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.161659496826175
          (code B ref -1); Wed, 24 Mar 2021 14:10:01 +0000
Received: (at submit) by debbugs.gnu.org; 24 Mar 2021 14:09:28 +0000
Received: from localhost ([127.0.0.1]:35741 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lP4CN-0006o6-3U
	for submit@debbugs.gnu.org; Wed, 24 Mar 2021 10:09:27 -0400
Received: from lists.gnu.org ([209.51.188.17]:42540)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <than@redhat.com>) id 1lP4C6-0006ni-Ku
 for submit@debbugs.gnu.org; Wed, 24 Mar 2021 10:09:25 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46346)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <than@redhat.com>) id 1lP4C6-0000ot-3w
 for bug-diffutils@gnu.org; Wed, 24 Mar 2021 10:09:10 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:55123)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <than@redhat.com>) id 1lP4By-0002ug-Ez
 for bug-diffutils@gnu.org; Wed, 24 Mar 2021 10:09:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1616594940;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=0zmU/ETeCcvQMwuHNTwwHCm5fQdJ7o5kT9JEkMxwfOM=;
 b=D672xzDHu+XCEtxCADhEkfJOjRbCOTykwtnYzK1B5z0p8QPo1SNQWxRbutAUQkIv3yB5Vm
 Y3a7sQpEBuozw6IzJIJ4nTXPlswhfrGvFQDDbfCLeUUwBQs7mttmEVvXXyWVo5X2kTrBBT
 TwkXRRvs7lHQ0e2VBczEQlHmaAtF/8k=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-170-giKU9I-WPMm32pQ1-AYmAQ-1; Wed, 24 Mar 2021 10:07:17 -0400
X-MC-Unique: giKU9I-WPMm32pQ1-AYmAQ-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C7CCF107ACCD
 for <bug-diffutils@gnu.org>; Wed, 24 Mar 2021 14:07:16 +0000 (UTC)
Received: from [10.36.115.217] (ovpn-115-217.ams2.redhat.com [10.36.115.217])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 2BEAA5C257
 for <bug-diffutils@gnu.org>; Wed, 24 Mar 2021 14:07:15 +0000 (UTC)
From: than <than@redhat.com>
Message-ID: <ea88f606-9b20-b874-6da8-4b599bff7b3d@redhat.com>
Date: Wed, 24 Mar 2021 15:07:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.1
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=than@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/alternative;
 boundary="------------5120BA540EC80A4B7CD88FF1"
Content-Language: en-US
Received-SPF: pass client-ip=170.10.133.124; envelope-from=than@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001,
 RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

This is a multi-part message in MIME format.
--------------5120BA540EC80A4B7CD88FF1
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Dear diffutil devs,

Covscan found 10important potentialin diffutils-3.7 on fedora. The 
Coverity covscan result is attached below. It could be that some of them 
are false positive but it's worth checking the coverity covscan result.

Thanks!

Best Regards,

Than

List of Defects:
Error: COMPILER_WARNING (CWE-758): [#def1]
diffutils-3.7/lib/exclude.c:636:18: warning[-Wstringop-overflow=]: 
writing 1 byte into a region of size 0
#  636 |   buf[buf_count] = line_end;
#      |                  ^
#  634|
#  635|     buf = xrealloc (buf, buf_count + 1);
#  636|->   buf[buf_count] = line_end;
#  637|     lim = buf + buf_count + ! (buf_count == 0 || buf[buf_count - 
1] == line_end);
#  638|

Error: RESOURCE_LEAK (CWE-772): [#def2]
diffutils-3.7/lib/freopen-safer.c:42: open_fn: Returning handle opened 
by "open". [Note: The source code implementation of the function has 
been overridden by a user model.]
diffutils-3.7/lib/freopen-safer.c:42: var_assign: Assigning: "value" = 
handle returned from "open("/dev/null", 0)".
diffutils-3.7/lib/freopen-safer.c:52: leaked_handle: Handle variable 
"value" going out of scope leaks the handle.
#   50|         return false;
#   51|       }
#   52|->   return true;
#   53|   }
#   54|

Error: CPPCHECK_WARNING (CWE-401): [#def3]
diffutils-3.7/lib/malloca.c:67: error[memleak]: Memory leak: mem
#   65|             ((small_t *) p)[-1] = p - mem;
#   66|             /* p  sa_alignment_max mod 2*sa_alignment_max.  */
#   67|->           return p;
#   68|           }
#   69|       }

Error: RESOURCE_LEAK (CWE-772): [#def4]
diffutils-3.7/lib/regex_internal.c:1684: alloc_fn: Storage is returned 
from allocation function "calloc".
diffutils-3.7/lib/regex_internal.c:1684: var_assign: Assigning: 
"newstate" = storage returned from "calloc(112UL, 1UL)".
diffutils-3.7/lib/regex_internal.c:1687: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_init_copy".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1727: leaked_storage: Variable 
"newstate" going out of scope leaks the storage it points to.
# 1725|             if (re_node_set_init_copy (newstate->entrance_nodes, 
nodes)
# 1726|             != REG_NOERROR)
# 1727|->         return NULL;
# 1728|             nctx_nodes = 0;
# 1729|             newstate->has_constraint = 1;

Error: BAD_FREE (CWE-763): [#def5]
diffutils-3.7/src/analyze.c:691: offset_free: "free" frees address 
offset from "cmp->file[f].linbuf".
#  689|       {
#  690|         free (cmp->file[f].equivs);
#  691|->       free (cmp->file[f].linbuf + cmp->file[f].linbuf_base);
#  692|       }
#  693|

Error: RESOURCE_LEAK (CWE-772): [#def6]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from 
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage 
returned from "create_diff3_block(low[0], high[0], low[1], high[1], 
lowc, highc)".
diffutils-3.7/src/diff3.c:798: leaked_storage: Variable "result" going 
out of scope leaks the storage it points to.
#  796|                     D_LENARRAY (result, FILEC) + result_offset,
#  797|                     D_NUMLINES (ptr, FC)))
#  798|->       return 0;
#  799|         }
#  800|

Error: RESOURCE_LEAK (CWE-772): [#def7]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from 
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage 
returned from "create_diff3_block(low[0], high[0], low[1], high[1], 
lowc, highc)".
diffutils-3.7/src/diff3.c:827: leaked_storage: Variable "result" going 
out of scope leaks the storage it points to.
#  825|                   D_LENARRAY (result, FILE0 + d) + result_offset,
#  826|                   D_NUMLINES (ptr, FO)))
#  827|->         return 0;
#  828|
#  829|         /* Catch the lines between here and the next diff */

Error: RESOURCE_LEAK (CWE-772): [#def8]
diffutils-3.7/src/ifdef.c:368: alloc_fn: Storage is returned from 
allocation function "xmalloc".
diffutils-3.7/src/ifdef.c:368: var_assign: Assigning: "format" = storage 
returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".
diffutils-3.7/src/ifdef.c:370: var_assign: Assigning: "p" = "format".
diffutils-3.7/src/ifdef.c:371: noescape: Resource "format" is not freed 
or pointed-to in "memcpy". [Note: The source code implementation of the 
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:372: noescape: Resource "format + 
spec_prefix_len" is not freed or pointed-to in "memcpy". [Note: The 
source code implementation of the function has been overridden by a 
builtin model.]
diffutils-3.7/src/ifdef.c:375: noescape: Resource "format" is not freed 
or pointed-to in "fprintf". [Note: The source code implementation of the 
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "p" going out of 
scope leaks the storage it points to.
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "format" going 
out of scope leaks the storage it points to.
#  377|           free (format);
#  378|   #endif
#  379|->       }
#  380|         }
#  381|         break;

Error: RESOURCE_LEAK (CWE-772): [#def9]
diffutils-3.7/src/sdiff.c:1166: alloc_fn: Storage is returned from 
allocation function "xmalloc".
diffutils-3.7/src/sdiff.c:1166: var_assign: Assigning: "buf" = storage 
returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL + 1UL)".
diffutils-3.7/src/sdiff.c:1168: noescape: Resource "buf" is not freed or 
pointed-to in "sprintf". [Note: The source code implementation of the 
function has been overridden by a builtin model.]
diffutils-3.7/src/sdiff.c:1169: noescape: Resource "buf" is not freed or 
pointed-to in "mkstemp".
diffutils-3.7/src/sdiff.c:1172: leaked_storage: Variable "buf" going out 
of scope leaks the storage it points to.
# 1170|     if (0 <= fd)
# 1171|       tmpname = buf;
# 1172|->   return fd;
# 1173|   }

Error: RESOURCE_LEAK (CWE-772): [#def10]
diffutils-3.7/src/util.c:594: alloc_fn: Storage is returned from 
allocation function "xstrdup".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "color_buf" = 
storage returned from "xstrdup(p)".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "buf" = "color_buf".
diffutils-3.7/src/util.c:702: leaked_storage: Variable "buf" going out 
of scope leaks the storage it points to.
diffutils-3.7/src/util.c:702: leaked_storage: Variable "color_buf" going 
out of scope leaks the storage it points to.
#  700|         colors_enabled = false;
#  701|       }
#  702|-> }
#  703|
#  704|   static void


--------------5120BA540EC80A4B7CD88FF1
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Dear diffutil devs,<br>
    </p>
    Covscan found 10<span style="color: rgb(211, 210, 207); font-size:
      16.25px; font-style: normal; font-variant-ligatures: normal;
      font-variant-caps: normal; letter-spacing: normal; text-align:
      start; text-indent: 0px; text-transform: none; white-space:
      normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;
      background-color: rgb(66, 70, 71); text-decoration-thickness:
      initial; text-decoration-style: initial; text-decoration-color:
      initial; display: inline !important; float: none;"><span> </span>important
      potential<span></span></span> in diffutils-3.7 on fedora. The
    Coverity covscan result is attached below.
    It could be that some of them are false positive but it's worth
    checking the coverity covscan result.<br>
    <p>Thanks!</p>
    <p>Best Regards,</p>
    <p>Than<br>
    </p>
    <p>List of Defects:<br>
      Error: COMPILER_WARNING (CWE-758): [#def1]<br>
      diffutils-3.7/lib/exclude.c:636:18: warning[-Wstringop-overflow=]:
      writing 1 byte into a region of size 0<br>
      #  636 |   buf[buf_count] = line_end;<br>
      #      |                  ^<br>
      #  634|   <br>
      #  635|     buf = xrealloc (buf, buf_count + 1);<br>
      #  636|-&gt;   buf[buf_count] = line_end;<br>
      #  637|     lim = buf + buf_count + ! (buf_count == 0 ||
      buf[buf_count - 1] == line_end);<br>
      #  638|   <br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def2]<br>
      diffutils-3.7/lib/freopen-safer.c:42: open_fn: Returning handle
      opened by "open". [Note: The source code implementation of the
      function has been overridden by a user model.]<br>
      diffutils-3.7/lib/freopen-safer.c:42: var_assign: Assigning:
      "value" = handle returned from "open("/dev/null", 0)".<br>
      diffutils-3.7/lib/freopen-safer.c:52: leaked_handle: Handle
      variable "value" going out of scope leaks the handle.<br>
      #   50|         return false;<br>
      #   51|       }<br>
      #   52|-&gt;   return true;<br>
      #   53|   }<br>
      #   54|   <br>
      <br>
      Error: CPPCHECK_WARNING (CWE-401): [#def3]<br>
      diffutils-3.7/lib/malloca.c:67: error[memleak]: Memory leak: mem<br>
      #   65|             ((small_t *) p)[-1] = p - mem;<br>
      #   66|             /* p  sa_alignment_max mod
      2*sa_alignment_max.  */<br>
      #   67|-&gt;           return p;<br>
      #   68|           }<br>
      #   69|       }<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def4]<br>
      diffutils-3.7/lib/regex_internal.c:1684: alloc_fn: Storage is
      returned from allocation function "calloc".<br>
      diffutils-3.7/lib/regex_internal.c:1684: var_assign: Assigning:
      "newstate" = storage returned from "calloc(112UL, 1UL)".<br>
      diffutils-3.7/lib/regex_internal.c:1687: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_init_copy".<br>
      diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_remove_at".<br>
      diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_remove_at".<br>
      diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_remove_at".<br>
      diffutils-3.7/lib/regex_internal.c:1727: leaked_storage: Variable
      "newstate" going out of scope leaks the storage it points to.<br>
      # 1725|             if (re_node_set_init_copy
      (newstate-&gt;entrance_nodes, nodes)<br>
      # 1726|             != REG_NOERROR)<br>
      # 1727|-&gt;         return NULL;<br>
      # 1728|             nctx_nodes = 0;<br>
      # 1729|             newstate-&gt;has_constraint = 1;<br>
      <br>
      Error: BAD_FREE (CWE-763): [#def5]<br>
      diffutils-3.7/src/analyze.c:691: offset_free: "free" frees address
      offset from "cmp-&gt;file[f].linbuf".<br>
      #  689|       {<br>
      #  690|         free (cmp-&gt;file[f].equivs);<br>
      #  691|-&gt;       free (cmp-&gt;file[f].linbuf +
      cmp-&gt;file[f].linbuf_base);<br>
      #  692|       }<br>
      #  693|   <br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def6]<br>
      diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
      allocation function "create_diff3_block".<br>
      diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" =
      storage returned from "create_diff3_block(low[0], high[0], low[1],
      high[1], lowc, highc)".<br>
      diffutils-3.7/src/diff3.c:798: leaked_storage: Variable "result"
      going out of scope leaks the storage it points to.<br>
      #  796|                     D_LENARRAY (result, FILEC) +
      result_offset,<br>
      #  797|                     D_NUMLINES (ptr, FC)))<br>
      #  798|-&gt;       return 0;<br>
      #  799|         }<br>
      #  800|   <br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def7]<br>
      diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
      allocation function "create_diff3_block".<br>
      diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" =
      storage returned from "create_diff3_block(low[0], high[0], low[1],
      high[1], lowc, highc)".<br>
      diffutils-3.7/src/diff3.c:827: leaked_storage: Variable "result"
      going out of scope leaks the storage it points to.<br>
      #  825|                   D_LENARRAY (result, FILE0 + d) +
      result_offset,<br>
      #  826|                   D_NUMLINES (ptr, FO)))<br>
      #  827|-&gt;         return 0;<br>
      #  828|   <br>
      #  829|         /* Catch the lines between here and the next diff
      */<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def8]<br>
      diffutils-3.7/src/ifdef.c:368: alloc_fn: Storage is returned from
      allocation function "xmalloc".<br>
      diffutils-3.7/src/ifdef.c:368: var_assign: Assigning: "format" =
      storage returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".<br>
      diffutils-3.7/src/ifdef.c:370: var_assign: Assigning: "p" =
      "format".<br>
      diffutils-3.7/src/ifdef.c:371: noescape: Resource "format" is not
      freed or pointed-to in "memcpy". [Note: The source code
      implementation of the function has been overridden by a builtin
      model.]<br>
      diffutils-3.7/src/ifdef.c:372: noescape: Resource "format +
      spec_prefix_len" is not freed or pointed-to in "memcpy". [Note:
      The source code implementation of the function has been overridden
      by a builtin model.]<br>
      diffutils-3.7/src/ifdef.c:375: noescape: Resource "format" is not
      freed or pointed-to in "fprintf". [Note: The source code
      implementation of the function has been overridden by a builtin
      model.]<br>
      diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "p" going
      out of scope leaks the storage it points to.<br>
      diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "format"
      going out of scope leaks the storage it points to.<br>
      #  377|           free (format);<br>
      #  378|   #endif<br>
      #  379|-&gt;       }<br>
      #  380|         }<br>
      #  381|         break;<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def9]<br>
      diffutils-3.7/src/sdiff.c:1166: alloc_fn: Storage is returned from
      allocation function "xmalloc".<br>
      diffutils-3.7/src/sdiff.c:1166: var_assign: Assigning: "buf" =
      storage returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL +
      1UL)".<br>
      diffutils-3.7/src/sdiff.c:1168: noescape: Resource "buf" is not
      freed or pointed-to in "sprintf". [Note: The source code
      implementation of the function has been overridden by a builtin
      model.]<br>
      diffutils-3.7/src/sdiff.c:1169: noescape: Resource "buf" is not
      freed or pointed-to in "mkstemp".<br>
      diffutils-3.7/src/sdiff.c:1172: leaked_storage: Variable "buf"
      going out of scope leaks the storage it points to.<br>
      # 1170|     if (0 &lt;= fd)<br>
      # 1171|       tmpname = buf;<br>
      # 1172|-&gt;   return fd;<br>
      # 1173|   }<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def10]<br>
      diffutils-3.7/src/util.c:594: alloc_fn: Storage is returned from
      allocation function "xstrdup".<br>
      diffutils-3.7/src/util.c:594: var_assign: Assigning: "color_buf" =
      storage returned from "xstrdup(p)".<br>
      diffutils-3.7/src/util.c:594: var_assign: Assigning: "buf" =
      "color_buf".<br>
      diffutils-3.7/src/util.c:702: leaked_storage: Variable "buf" going
      out of scope leaks the storage it points to.<br>
      diffutils-3.7/src/util.c:702: leaked_storage: Variable "color_buf"
      going out of scope leaks the storage it points to.<br>
      #  700|         colors_enabled = false;<br>
      #  701|       }<br>
      #  702|-&gt; }<br>
      #  703|   <br>
      #  704|   static void<br>
      <br>
    </p>
  </body>
</html>

--------------5120BA540EC80A4B7CD88FF1--





From unknown Sun Jul 27 07:31:12 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: than <than@redhat.com>
Subject: bug#47362: closed (Re: [bug-diffutils] bug#47362: important
 potential issues found by covscan in diffutils-3.7 on fedora)
Message-ID: <handler.47362.D47362.161662060620300.notifdone@debbugs.gnu.org>
References: <3ffb5f21-351f-0fa9-ae65-53d361ec988f@cs.ucla.edu>
 <ea88f606-9b20-b874-6da8-4b599bff7b3d@redhat.com>
X-Gnu-PR-Message: they-closed 47362
X-Gnu-PR-Package: diffutils
Reply-To: 47362@debbugs.gnu.org
Date: Wed, 24 Mar 2021 21:17:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1616620622-20327-1"

This is a multi-part message in MIME format...

------------=_1616620622-20327-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#47362: important potential issues found by covscan in diffutils-3.7 on fed=
ora

which was filed against the diffutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 47362@debbugs.gnu.org.

--=20
47362: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D47362
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1616620622-20327-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 47362-done) by debbugs.gnu.org; 24 Mar 2021 21:16:46 +0000
Received: from localhost ([127.0.0.1]:36202 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lPArr-0005HJ-5L
	for submit@debbugs.gnu.org; Wed, 24 Mar 2021 17:16:46 -0400
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:44244)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@cs.ucla.edu>) id 1lPArl-0005H2-C0
 for 47362-done@debbugs.gnu.org; Wed, 24 Mar 2021 17:16:41 -0400
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 5B5E816010D;
 Wed, 24 Mar 2021 14:16:31 -0700 (PDT)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id bUMdDH3dGIaz; Wed, 24 Mar 2021 14:16:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 7E5B2160117;
 Wed, 24 Mar 2021 14:16:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 3jzc1wmDKs9E; Wed, 24 Mar 2021 14:16:28 -0700 (PDT)
Received: from [192.168.1.9] (cpe-23-243-218-95.socal.res.rr.com
 [23.243.218.95])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 506D216010D;
 Wed, 24 Mar 2021 14:16:28 -0700 (PDT)
To: than <than@redhat.com>
References: <ea88f606-9b20-b874-6da8-4b599bff7b3d@redhat.com>
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
Subject: Re: [bug-diffutils] bug#47362: important potential issues found by
 covscan in diffutils-3.7 on fedora
Message-ID: <3ffb5f21-351f-0fa9-ae65-53d361ec988f@cs.ucla.edu>
Date: Wed, 24 Mar 2021 14:16:26 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <ea88f606-9b20-b874-6da8-4b599bff7b3d@redhat.com>
Content-Type: multipart/mixed; boundary="------------61BBC3E56B13D40BE3459025"
Content-Language: en-US
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 47362-done
Cc: 47362-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

This is a multi-part message in MIME format.
--------------61BBC3E56B13D40BE3459025
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Thanks for the bug report. Those are all false alarms or are already=20
fixed in Gnulib, except for a memory leak in ifdef.c for which I=20
installed the attached patch. Thanks for reporting the problem.

--------------61BBC3E56B13D40BE3459025
Content-Type: text/x-patch; charset=UTF-8;
 name="0001-diff-plug-memory-leak-in-ifdef.c.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename="0001-diff-plug-memory-leak-in-ifdef.c.patch"

=46rom 1399b225ebecdbac80cc14be87c2454311f3b40f Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed, 24 Mar 2021 14:12:22 -0700
Subject: [PATCH] diff: plug memory leak in ifdef.c
MIME-Version: 1.0
Content-Type: text/plain; charset=3DUTF-8
Content-Transfer-Encoding: 8bit

Problem reported by Than (Bug#47362).
Fix the bug by using xmalloca instead of vararrays.
* bootstrap.conf (gnulib_modules): Add xmalloca; remove vararrays.
* configure.ac: Remove AC_C_VARARRAYS.
* src/ifdef.c: Include xmalloca.h instead of xalloc.h.
(do_printf_spec): Use xmalloca instead of an xmalloc
that lacks a corresponding =E2=80=98free=E2=80=99 if HAVE_C_VARARRAYS
due to a typo in 2017-05-18T05:51:31Z!meyering@fb.com.
---
 bootstrap.conf |  2 +-
 configure.ac   |  1 -
 src/ifdef.c    | 12 +++---------
 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/bootstrap.conf b/bootstrap.conf
index d45abdb..f2359f6 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -81,13 +81,13 @@ system-quote
 unistd
 unlocked-io
 update-copyright
-vararrays
 verify
 version-etc
 version-etc-fsf
 wcwidth
 xalloc
 xfreopen
+xmalloca
 xreadlink
 xstdopen
 xstrtoimax
diff --git a/configure.ac b/configure.ac
index 3b2195e..6a76b12 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,7 +111,6 @@ if test "$gl_gcc_warnings" =3D yes; then
 fi
=20
 AC_C_INLINE
-AC_C_VARARRAYS
=20
 AC_DEFINE([DEFAULT_EDITOR_PROGRAM], ["ed"],
   [Name of editor program, unless overridden.])
diff --git a/src/ifdef.c b/src/ifdef.c
index 8e64b4c..d40a88e 100644
--- a/src/ifdef.c
+++ b/src/ifdef.c
@@ -22,7 +22,7 @@
=20
 #include "diff.h"
=20
-#include <xalloc.h>
+#include <xmalloca.h>
=20
 struct group
 {
@@ -362,20 +362,14 @@ do_printf_spec (FILE *out, char const *spec,
             printint print_value =3D value;
             size_t spec_prefix_len =3D f - spec - 2;
             size_t pI_len =3D sizeof pI - 1;
-#if 0
-            char format[spec_prefix_len + pI_len + 2];
-#else
-            char *format =3D xmalloc (spec_prefix_len + pI_len + 2);
-#endif
+            char *format =3D xmalloca (spec_prefix_len + pI_len + 2);
             char *p =3D format + spec_prefix_len + pI_len;
             memcpy (format, spec, spec_prefix_len);
             memcpy (format + spec_prefix_len, pI, pI_len);
             *p++ =3D c;
             *p =3D '\0';
             fprintf (out, format, print_value);
-#if ! HAVE_C_VARARRAYS
-            free (format);
-#endif
+            freea (format);
           }
       }
       break;
--=20
2.27.0


--------------61BBC3E56B13D40BE3459025--


------------=_1616620622-20327-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 24 Mar 2021 14:09:28 +0000
Received: from localhost ([127.0.0.1]:35741 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lP4CN-0006o6-3U
	for submit@debbugs.gnu.org; Wed, 24 Mar 2021 10:09:27 -0400
Received: from lists.gnu.org ([209.51.188.17]:42540)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <than@redhat.com>) id 1lP4C6-0006ni-Ku
 for submit@debbugs.gnu.org; Wed, 24 Mar 2021 10:09:25 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46346)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <than@redhat.com>) id 1lP4C6-0000ot-3w
 for bug-diffutils@gnu.org; Wed, 24 Mar 2021 10:09:10 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:55123)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <than@redhat.com>) id 1lP4By-0002ug-Ez
 for bug-diffutils@gnu.org; Wed, 24 Mar 2021 10:09:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1616594940;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=0zmU/ETeCcvQMwuHNTwwHCm5fQdJ7o5kT9JEkMxwfOM=;
 b=D672xzDHu+XCEtxCADhEkfJOjRbCOTykwtnYzK1B5z0p8QPo1SNQWxRbutAUQkIv3yB5Vm
 Y3a7sQpEBuozw6IzJIJ4nTXPlswhfrGvFQDDbfCLeUUwBQs7mttmEVvXXyWVo5X2kTrBBT
 TwkXRRvs7lHQ0e2VBczEQlHmaAtF/8k=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-170-giKU9I-WPMm32pQ1-AYmAQ-1; Wed, 24 Mar 2021 10:07:17 -0400
X-MC-Unique: giKU9I-WPMm32pQ1-AYmAQ-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C7CCF107ACCD
 for <bug-diffutils@gnu.org>; Wed, 24 Mar 2021 14:07:16 +0000 (UTC)
Received: from [10.36.115.217] (ovpn-115-217.ams2.redhat.com [10.36.115.217])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 2BEAA5C257
 for <bug-diffutils@gnu.org>; Wed, 24 Mar 2021 14:07:15 +0000 (UTC)
From: than <than@redhat.com>
Subject: important potential issues found by covscan in diffutils-3.7 on fedora
To: bug-diffutils@gnu.org
Message-ID: <ea88f606-9b20-b874-6da8-4b599bff7b3d@redhat.com>
Date: Wed, 24 Mar 2021 15:07:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.1
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=than@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/alternative;
 boundary="------------5120BA540EC80A4B7CD88FF1"
Content-Language: en-US
Received-SPF: pass client-ip=170.10.133.124; envelope-from=than@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001,
 RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

This is a multi-part message in MIME format.
--------------5120BA540EC80A4B7CD88FF1
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Dear diffutil devs,

Covscan found 10important potentialin diffutils-3.7 on fedora. The 
Coverity covscan result is attached below. It could be that some of them 
are false positive but it's worth checking the coverity covscan result.

Thanks!

Best Regards,

Than

List of Defects:
Error: COMPILER_WARNING (CWE-758): [#def1]
diffutils-3.7/lib/exclude.c:636:18: warning[-Wstringop-overflow=]: 
writing 1 byte into a region of size 0
#  636 |   buf[buf_count] = line_end;
#      |                  ^
#  634|
#  635|     buf = xrealloc (buf, buf_count + 1);
#  636|->   buf[buf_count] = line_end;
#  637|     lim = buf + buf_count + ! (buf_count == 0 || buf[buf_count - 
1] == line_end);
#  638|

Error: RESOURCE_LEAK (CWE-772): [#def2]
diffutils-3.7/lib/freopen-safer.c:42: open_fn: Returning handle opened 
by "open". [Note: The source code implementation of the function has 
been overridden by a user model.]
diffutils-3.7/lib/freopen-safer.c:42: var_assign: Assigning: "value" = 
handle returned from "open("/dev/null", 0)".
diffutils-3.7/lib/freopen-safer.c:52: leaked_handle: Handle variable 
"value" going out of scope leaks the handle.
#   50|         return false;
#   51|       }
#   52|->   return true;
#   53|   }
#   54|

Error: CPPCHECK_WARNING (CWE-401): [#def3]
diffutils-3.7/lib/malloca.c:67: error[memleak]: Memory leak: mem
#   65|             ((small_t *) p)[-1] = p - mem;
#   66|             /* p  sa_alignment_max mod 2*sa_alignment_max.  */
#   67|->           return p;
#   68|           }
#   69|       }

Error: RESOURCE_LEAK (CWE-772): [#def4]
diffutils-3.7/lib/regex_internal.c:1684: alloc_fn: Storage is returned 
from allocation function "calloc".
diffutils-3.7/lib/regex_internal.c:1684: var_assign: Assigning: 
"newstate" = storage returned from "calloc(112UL, 1UL)".
diffutils-3.7/lib/regex_internal.c:1687: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_init_copy".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource 
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1727: leaked_storage: Variable 
"newstate" going out of scope leaks the storage it points to.
# 1725|             if (re_node_set_init_copy (newstate->entrance_nodes, 
nodes)
# 1726|             != REG_NOERROR)
# 1727|->         return NULL;
# 1728|             nctx_nodes = 0;
# 1729|             newstate->has_constraint = 1;

Error: BAD_FREE (CWE-763): [#def5]
diffutils-3.7/src/analyze.c:691: offset_free: "free" frees address 
offset from "cmp->file[f].linbuf".
#  689|       {
#  690|         free (cmp->file[f].equivs);
#  691|->       free (cmp->file[f].linbuf + cmp->file[f].linbuf_base);
#  692|       }
#  693|

Error: RESOURCE_LEAK (CWE-772): [#def6]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from 
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage 
returned from "create_diff3_block(low[0], high[0], low[1], high[1], 
lowc, highc)".
diffutils-3.7/src/diff3.c:798: leaked_storage: Variable "result" going 
out of scope leaks the storage it points to.
#  796|                     D_LENARRAY (result, FILEC) + result_offset,
#  797|                     D_NUMLINES (ptr, FC)))
#  798|->       return 0;
#  799|         }
#  800|

Error: RESOURCE_LEAK (CWE-772): [#def7]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from 
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage 
returned from "create_diff3_block(low[0], high[0], low[1], high[1], 
lowc, highc)".
diffutils-3.7/src/diff3.c:827: leaked_storage: Variable "result" going 
out of scope leaks the storage it points to.
#  825|                   D_LENARRAY (result, FILE0 + d) + result_offset,
#  826|                   D_NUMLINES (ptr, FO)))
#  827|->         return 0;
#  828|
#  829|         /* Catch the lines between here and the next diff */

Error: RESOURCE_LEAK (CWE-772): [#def8]
diffutils-3.7/src/ifdef.c:368: alloc_fn: Storage is returned from 
allocation function "xmalloc".
diffutils-3.7/src/ifdef.c:368: var_assign: Assigning: "format" = storage 
returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".
diffutils-3.7/src/ifdef.c:370: var_assign: Assigning: "p" = "format".
diffutils-3.7/src/ifdef.c:371: noescape: Resource "format" is not freed 
or pointed-to in "memcpy". [Note: The source code implementation of the 
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:372: noescape: Resource "format + 
spec_prefix_len" is not freed or pointed-to in "memcpy". [Note: The 
source code implementation of the function has been overridden by a 
builtin model.]
diffutils-3.7/src/ifdef.c:375: noescape: Resource "format" is not freed 
or pointed-to in "fprintf". [Note: The source code implementation of the 
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "p" going out of 
scope leaks the storage it points to.
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "format" going 
out of scope leaks the storage it points to.
#  377|           free (format);
#  378|   #endif
#  379|->       }
#  380|         }
#  381|         break;

Error: RESOURCE_LEAK (CWE-772): [#def9]
diffutils-3.7/src/sdiff.c:1166: alloc_fn: Storage is returned from 
allocation function "xmalloc".
diffutils-3.7/src/sdiff.c:1166: var_assign: Assigning: "buf" = storage 
returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL + 1UL)".
diffutils-3.7/src/sdiff.c:1168: noescape: Resource "buf" is not freed or 
pointed-to in "sprintf". [Note: The source code implementation of the 
function has been overridden by a builtin model.]
diffutils-3.7/src/sdiff.c:1169: noescape: Resource "buf" is not freed or 
pointed-to in "mkstemp".
diffutils-3.7/src/sdiff.c:1172: leaked_storage: Variable "buf" going out 
of scope leaks the storage it points to.
# 1170|     if (0 <= fd)
# 1171|       tmpname = buf;
# 1172|->   return fd;
# 1173|   }

Error: RESOURCE_LEAK (CWE-772): [#def10]
diffutils-3.7/src/util.c:594: alloc_fn: Storage is returned from 
allocation function "xstrdup".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "color_buf" = 
storage returned from "xstrdup(p)".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "buf" = "color_buf".
diffutils-3.7/src/util.c:702: leaked_storage: Variable "buf" going out 
of scope leaks the storage it points to.
diffutils-3.7/src/util.c:702: leaked_storage: Variable "color_buf" going 
out of scope leaks the storage it points to.
#  700|         colors_enabled = false;
#  701|       }
#  702|-> }
#  703|
#  704|   static void


--------------5120BA540EC80A4B7CD88FF1
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Dear diffutil devs,<br>
    </p>
    Covscan found 10<span style="color: rgb(211, 210, 207); font-size:
      16.25px; font-style: normal; font-variant-ligatures: normal;
      font-variant-caps: normal; letter-spacing: normal; text-align:
      start; text-indent: 0px; text-transform: none; white-space:
      normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;
      background-color: rgb(66, 70, 71); text-decoration-thickness:
      initial; text-decoration-style: initial; text-decoration-color:
      initial; display: inline !important; float: none;"><span> </span>important
      potential<span></span></span> in diffutils-3.7 on fedora. The
    Coverity covscan result is attached below.
    It could be that some of them are false positive but it's worth
    checking the coverity covscan result.<br>
    <p>Thanks!</p>
    <p>Best Regards,</p>
    <p>Than<br>
    </p>
    <p>List of Defects:<br>
      Error: COMPILER_WARNING (CWE-758): [#def1]<br>
      diffutils-3.7/lib/exclude.c:636:18: warning[-Wstringop-overflow=]:
      writing 1 byte into a region of size 0<br>
      #  636 |   buf[buf_count] = line_end;<br>
      #      |                  ^<br>
      #  634|   <br>
      #  635|     buf = xrealloc (buf, buf_count + 1);<br>
      #  636|-&gt;   buf[buf_count] = line_end;<br>
      #  637|     lim = buf + buf_count + ! (buf_count == 0 ||
      buf[buf_count - 1] == line_end);<br>
      #  638|   <br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def2]<br>
      diffutils-3.7/lib/freopen-safer.c:42: open_fn: Returning handle
      opened by "open". [Note: The source code implementation of the
      function has been overridden by a user model.]<br>
      diffutils-3.7/lib/freopen-safer.c:42: var_assign: Assigning:
      "value" = handle returned from "open("/dev/null", 0)".<br>
      diffutils-3.7/lib/freopen-safer.c:52: leaked_handle: Handle
      variable "value" going out of scope leaks the handle.<br>
      #   50|         return false;<br>
      #   51|       }<br>
      #   52|-&gt;   return true;<br>
      #   53|   }<br>
      #   54|   <br>
      <br>
      Error: CPPCHECK_WARNING (CWE-401): [#def3]<br>
      diffutils-3.7/lib/malloca.c:67: error[memleak]: Memory leak: mem<br>
      #   65|             ((small_t *) p)[-1] = p - mem;<br>
      #   66|             /* p  sa_alignment_max mod
      2*sa_alignment_max.  */<br>
      #   67|-&gt;           return p;<br>
      #   68|           }<br>
      #   69|       }<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def4]<br>
      diffutils-3.7/lib/regex_internal.c:1684: alloc_fn: Storage is
      returned from allocation function "calloc".<br>
      diffutils-3.7/lib/regex_internal.c:1684: var_assign: Assigning:
      "newstate" = storage returned from "calloc(112UL, 1UL)".<br>
      diffutils-3.7/lib/regex_internal.c:1687: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_init_copy".<br>
      diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_remove_at".<br>
      diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_remove_at".<br>
      diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
      "&amp;newstate-&gt;nodes" is not freed or pointed-to in
      "re_node_set_remove_at".<br>
      diffutils-3.7/lib/regex_internal.c:1727: leaked_storage: Variable
      "newstate" going out of scope leaks the storage it points to.<br>
      # 1725|             if (re_node_set_init_copy
      (newstate-&gt;entrance_nodes, nodes)<br>
      # 1726|             != REG_NOERROR)<br>
      # 1727|-&gt;         return NULL;<br>
      # 1728|             nctx_nodes = 0;<br>
      # 1729|             newstate-&gt;has_constraint = 1;<br>
      <br>
      Error: BAD_FREE (CWE-763): [#def5]<br>
      diffutils-3.7/src/analyze.c:691: offset_free: "free" frees address
      offset from "cmp-&gt;file[f].linbuf".<br>
      #  689|       {<br>
      #  690|         free (cmp-&gt;file[f].equivs);<br>
      #  691|-&gt;       free (cmp-&gt;file[f].linbuf +
      cmp-&gt;file[f].linbuf_base);<br>
      #  692|       }<br>
      #  693|   <br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def6]<br>
      diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
      allocation function "create_diff3_block".<br>
      diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" =
      storage returned from "create_diff3_block(low[0], high[0], low[1],
      high[1], lowc, highc)".<br>
      diffutils-3.7/src/diff3.c:798: leaked_storage: Variable "result"
      going out of scope leaks the storage it points to.<br>
      #  796|                     D_LENARRAY (result, FILEC) +
      result_offset,<br>
      #  797|                     D_NUMLINES (ptr, FC)))<br>
      #  798|-&gt;       return 0;<br>
      #  799|         }<br>
      #  800|   <br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def7]<br>
      diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
      allocation function "create_diff3_block".<br>
      diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" =
      storage returned from "create_diff3_block(low[0], high[0], low[1],
      high[1], lowc, highc)".<br>
      diffutils-3.7/src/diff3.c:827: leaked_storage: Variable "result"
      going out of scope leaks the storage it points to.<br>
      #  825|                   D_LENARRAY (result, FILE0 + d) +
      result_offset,<br>
      #  826|                   D_NUMLINES (ptr, FO)))<br>
      #  827|-&gt;         return 0;<br>
      #  828|   <br>
      #  829|         /* Catch the lines between here and the next diff
      */<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def8]<br>
      diffutils-3.7/src/ifdef.c:368: alloc_fn: Storage is returned from
      allocation function "xmalloc".<br>
      diffutils-3.7/src/ifdef.c:368: var_assign: Assigning: "format" =
      storage returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".<br>
      diffutils-3.7/src/ifdef.c:370: var_assign: Assigning: "p" =
      "format".<br>
      diffutils-3.7/src/ifdef.c:371: noescape: Resource "format" is not
      freed or pointed-to in "memcpy". [Note: The source code
      implementation of the function has been overridden by a builtin
      model.]<br>
      diffutils-3.7/src/ifdef.c:372: noescape: Resource "format +
      spec_prefix_len" is not freed or pointed-to in "memcpy". [Note:
      The source code implementation of the function has been overridden
      by a builtin model.]<br>
      diffutils-3.7/src/ifdef.c:375: noescape: Resource "format" is not
      freed or pointed-to in "fprintf". [Note: The source code
      implementation of the function has been overridden by a builtin
      model.]<br>
      diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "p" going
      out of scope leaks the storage it points to.<br>
      diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "format"
      going out of scope leaks the storage it points to.<br>
      #  377|           free (format);<br>
      #  378|   #endif<br>
      #  379|-&gt;       }<br>
      #  380|         }<br>
      #  381|         break;<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def9]<br>
      diffutils-3.7/src/sdiff.c:1166: alloc_fn: Storage is returned from
      allocation function "xmalloc".<br>
      diffutils-3.7/src/sdiff.c:1166: var_assign: Assigning: "buf" =
      storage returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL +
      1UL)".<br>
      diffutils-3.7/src/sdiff.c:1168: noescape: Resource "buf" is not
      freed or pointed-to in "sprintf". [Note: The source code
      implementation of the function has been overridden by a builtin
      model.]<br>
      diffutils-3.7/src/sdiff.c:1169: noescape: Resource "buf" is not
      freed or pointed-to in "mkstemp".<br>
      diffutils-3.7/src/sdiff.c:1172: leaked_storage: Variable "buf"
      going out of scope leaks the storage it points to.<br>
      # 1170|     if (0 &lt;= fd)<br>
      # 1171|       tmpname = buf;<br>
      # 1172|-&gt;   return fd;<br>
      # 1173|   }<br>
      <br>
      Error: RESOURCE_LEAK (CWE-772): [#def10]<br>
      diffutils-3.7/src/util.c:594: alloc_fn: Storage is returned from
      allocation function "xstrdup".<br>
      diffutils-3.7/src/util.c:594: var_assign: Assigning: "color_buf" =
      storage returned from "xstrdup(p)".<br>
      diffutils-3.7/src/util.c:594: var_assign: Assigning: "buf" =
      "color_buf".<br>
      diffutils-3.7/src/util.c:702: leaked_storage: Variable "buf" going
      out of scope leaks the storage it points to.<br>
      diffutils-3.7/src/util.c:702: leaked_storage: Variable "color_buf"
      going out of scope leaks the storage it points to.<br>
      #  700|         colors_enabled = false;<br>
      #  701|       }<br>
      #  702|-&gt; }<br>
      #  703|   <br>
      #  704|   static void<br>
      <br>
    </p>
  </body>
</html>

--------------5120BA540EC80A4B7CD88FF1--




------------=_1616620622-20327-1--