This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin] strace: Fix Coverity issues
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 23 Oct 2016 14:45:52 -0000
- Subject: [newlib-cygwin] strace: Fix Coverity issues
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=5e087a83734fac4674a45a8ca8dd7e8bb1eb5d5e
commit 5e087a83734fac4674a45a8ca8dd7e8bb1eb5d5e
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Sun Oct 23 16:38:48 2016 +0200
strace: Fix Coverity issues
CID 66964: Don't trust environment variable without length check
CID 66968: Add missing va_end
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/utils/strace.cc | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/winsup/utils/strace.cc b/winsup/utils/strace.cc
index eb96a61..4046cce 100644
--- a/winsup/utils/strace.cc
+++ b/winsup/utils/strace.cc
@@ -88,6 +88,7 @@ warn (int geterrno, const char *fmt, ...)
fputs (buf, stderr);
fputs ("\n", stderr);
}
+ va_end (args);
}
static void __attribute__ ((noreturn))
@@ -351,13 +352,16 @@ create_child (char **argv)
make_command_line (one_line, argv);
SetConsoleCtrlHandler (NULL, 0);
+
const char *cygwin_env = getenv ("CYGWIN");
const char *space;
- if (cygwin_env)
+
+ if (cygwin_env && strlen (cygwin_env) <= 256) /* sanity check */
space = " ";
else
space = cygwin_env = "";
- char *newenv = (char *) malloc (sizeof ("CYGWIN=noglob") + strlen (space) + strlen (cygwin_env));
+ char *newenv = (char *) malloc (sizeof ("CYGWIN=noglob")
+ + strlen (space) + strlen (cygwin_env));
sprintf (newenv, "CYGWIN=noglob%s%s", space, cygwin_env);
_putenv (newenv);
ret = CreateProcess (0, one_line.buf, /* command line */