From: Michael R Sweet Date: Mon, 1 Nov 2021 21:37:28 +0000 (-0400) Subject: Apply some minor fixes from a Coverity scan. X-Git-Tag: v2.4rc1~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73aa28532ef22fcdbaae45aad9117ac0bb343e40;p=thirdparty%2Fcups.git Apply some minor fixes from a Coverity scan. --- diff --git a/backend/snmp.c b/backend/snmp.c index 084c6f5118..c7806572b1 100644 --- a/backend/snmp.c +++ b/backend/snmp.c @@ -1,6 +1,7 @@ /* * SNMP discovery backend for CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2014 by Apple Inc. * Copyright © 2006-2007 by Easy Software Products, all rights reserved. * @@ -295,7 +296,12 @@ add_cache(http_addr_t *addr, /* I - Device IP address */ addr, addrname, uri ? uri : "(null)", id ? id : "(null)", make_and_model ? make_and_model : "(null)"); - temp = calloc(1, sizeof(snmp_cache_t)); + if ((temp = calloc(1, sizeof(snmp_cache_t))) == NULL) + { + perror("DEBUG: Unable to allocate cache entry"); + return; + } + memcpy(&(temp->address), addr, sizeof(temp->address)); temp->addrname = strdup(addrname); diff --git a/cups/file.c b/cups/file.c index e6e1f5b826..14683fa020 100644 --- a/cups/file.c +++ b/cups/file.c @@ -6,6 +6,7 @@ * our own file functions allows us to provide transparent support of * different line endings, gzip'd print files, PPD files, etc. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -32,7 +33,6 @@ */ struct _cups_file_s /**** CUPS file structure... ****/ - { int fd; /* File descriptor */ char mode, /* Mode ('r' or 'w') */ @@ -1263,8 +1263,12 @@ cupsFileOpenFd(int fd, /* I - File descriptor */ * Initialize the compressor... */ - deflateInit2(&(fp->stream), mode[1] - '0', Z_DEFLATED, -15, 8, - Z_DEFAULT_STRATEGY); + if (deflateInit2(&(fp->stream), mode[1] - '0', Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY) < Z_OK) + { + close(fd); + free(fp); + return (NULL); + } fp->stream.next_out = fp->cbuf; fp->stream.avail_out = sizeof(fp->cbuf); @@ -1722,11 +1726,12 @@ cupsFileRewind(cups_file_t *fp) /* I - CUPS file */ */ DEBUG_printf(("cupsFileRewind(fp=%p)", (void *)fp)); - DEBUG_printf(("2cupsFileRewind: pos=" CUPS_LLFMT, CUPS_LLCAST fp->pos)); if (!fp || fp->mode != 'r') return (-1); + DEBUG_printf(("2cupsFileRewind: pos=" CUPS_LLFMT, CUPS_LLCAST fp->pos)); + /* * Handle special cases... */ @@ -1794,8 +1799,6 @@ cupsFileSeek(cups_file_t *fp, /* I - CUPS file */ DEBUG_printf(("cupsFileSeek(fp=%p, pos=" CUPS_LLFMT ")", (void *)fp, CUPS_LLCAST pos)); - DEBUG_printf(("2cupsFileSeek: fp->pos=" CUPS_LLFMT, CUPS_LLCAST fp->pos)); - DEBUG_printf(("2cupsFileSeek: fp->ptr=%p, fp->end=%p", (void *)fp->ptr, (void *)fp->end)); /* * Range check input... @@ -1804,6 +1807,9 @@ cupsFileSeek(cups_file_t *fp, /* I - CUPS file */ if (!fp || pos < 0 || fp->mode != 'r') return (-1); + DEBUG_printf(("2cupsFileSeek: fp->pos=" CUPS_LLFMT, CUPS_LLCAST fp->pos)); + DEBUG_printf(("2cupsFileSeek: fp->ptr=%p, fp->end=%p", (void *)fp->ptr, (void *)fp->end)); + /* * Handle special cases... */ @@ -2155,6 +2161,9 @@ cups_compress(cups_file_t *fp, /* I - CUPS file */ const char *buf, /* I - Buffer */ size_t bytes) /* I - Number bytes */ { + int status; /* Deflate status */ + + DEBUG_printf(("7cups_compress(fp=%p, buf=%p, bytes=" CUPS_LLFMT ")", (void *)fp, (void *)buf, CUPS_LLCAST bytes)); /* @@ -2188,7 +2197,8 @@ cups_compress(cups_file_t *fp, /* I - CUPS file */ fp->stream.avail_out = sizeof(fp->cbuf); } - deflate(&(fp->stream), Z_NO_FLUSH); + if ((status = deflate(&(fp->stream), Z_NO_FLUSH)) < Z_OK && status != Z_BUF_ERROR) + return (-1); } return ((ssize_t)bytes); diff --git a/cups/http.c b/cups/http.c index 2b5acae145..ac0ba16d99 100644 --- a/cups/http.c +++ b/cups/http.c @@ -1022,7 +1022,7 @@ httpGetLength2(http_t *http) /* I - HTTP connection */ off_t remaining; /* Remaining length */ - DEBUG_printf(("2httpGetLength2(http=%p), state=%s", (void *)http, httpStateString(http->state))); + DEBUG_printf(("2httpGetLength2(http=%p), state=%s", (void *)http, http ? httpStateString(http->state) : "NONE")); if (!http) return (-1); @@ -1953,9 +1953,9 @@ httpRead2(http_t *http, /* I - HTTP connection */ #ifdef HAVE_LIBZ - DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") coding=%d data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http->coding, http->data_encoding, CUPS_LLCAST http->data_remaining)); + DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") coding=%d data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http ? http->coding : 0, http ? http->data_encoding : 0, CUPS_LLCAST (http ? http->data_remaining : -1))); #else - DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http->data_encoding, CUPS_LLCAST http->data_remaining)); + DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http ? http->data_encoding : 0, CUPS_LLCAST (http ? http->data_remaining : -1))); #endif /* HAVE_LIBZ */ if (http == NULL || buffer == NULL) @@ -3568,7 +3568,9 @@ http_add_field(http_t *http, /* I - HTTP connection */ const char *value, /* I - Value string */ int append) /* I - Append value? */ { - char temp[1024]; /* Temporary value string */ + char temp[1024], /* Temporary value string */ + combined[HTTP_MAX_VALUE]; + /* Combined value string */ size_t fieldlen, /* Length of existing value */ valuelen, /* Length of value string */ total; /* Total length of string */ @@ -3649,9 +3651,6 @@ http_add_field(http_t *http, /* I - HTTP connection */ if (fieldlen) { - char combined[HTTP_MAX_VALUE]; - /* Combined value string */ - snprintf(combined, sizeof(combined), "%s, %s", http->_fields[field], value); value = combined; } @@ -3665,21 +3664,21 @@ http_add_field(http_t *http, /* I - HTTP connection */ * Expand the field value... */ - char *combined; /* New value string */ + char *mcombined; /* New value string */ if (http->fields[field] == http->_fields[field]) { - if ((combined = malloc(total + 1)) != NULL) + if ((mcombined = malloc(total + 1)) != NULL) { - http->fields[field] = combined; - snprintf(combined, total + 1, "%s, %s", http->_fields[field], value); + http->fields[field] = mcombined; + snprintf(mcombined, total + 1, "%s, %s", http->_fields[field], value); } } - else if ((combined = realloc(http->fields[field], total + 1)) != NULL) + else if ((mcombined = realloc(http->fields[field], total + 1)) != NULL) { - http->fields[field] = combined; - strlcat(combined, ", ", total + 1); - strlcat(combined, value, total + 1); + http->fields[field] = mcombined; + strlcat(mcombined, ", ", total + 1); + strlcat(mcombined, value, total + 1); } } else @@ -4167,23 +4166,9 @@ http_read(http_t *http, /* I - HTTP connection */ #ifdef DEBUG if (bytes > 0) http_debug_hex("http_read", buffer, (int)bytes); + else #endif /* DEBUG */ - - if (bytes < 0) - { -#ifdef _WIN32 - if (WSAGetLastError() == WSAEINTR) - bytes = 0; - else - http->error = WSAGetLastError(); -#else - if (errno == EINTR || (errno == EAGAIN && !http->timeout_cb)) - bytes = 0; - else - http->error = errno; -#endif /* _WIN32 */ - } - else if (bytes == 0) + if (bytes == 0) { http->error = EPIPE; return (0); diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c index c9e3ae8e33..786c66b9c7 100644 --- a/cups/ppd-cache.c +++ b/cups/ppd-cache.c @@ -377,11 +377,17 @@ _cupsConvertOptions( value = cupsGetOption("com.apple.print.PrintSettings.PMTotalBeginPages..n.", num_options, options); if (value) - job_pages = atoi(value); + { + if ((job_pages = atoi(value)) < 1) + job_pages = 1; + } // Adjust for number-up if ((value = cupsGetOption("number-up", num_options, options)) != NULL) - number_up = atoi(value); + { + if ((number_up = atoi(value)) < 1) + number_up = 1; + } job_pages = (job_pages + number_up - 1) / number_up; diff --git a/scheduler/client.c b/scheduler/client.c index 3cf0e46df0..2d276395b5 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -1752,7 +1752,8 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ { if (con->file >= 0) { - fstat(con->file, &filestats); + if (fstat(con->file, &filestats)) + filestats.st_size = 0; close(con->file); con->file = -1; diff --git a/scheduler/colorman.c b/scheduler/colorman.c index 8af4e5cd1f..d874a6d292 100644 --- a/scheduler/colorman.c +++ b/scheduler/colorman.c @@ -1,12 +1,14 @@ /* * Color management routines for the CUPS scheduler. * - * Copyright 2007-2014 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2021 by OpenPrinting. + * Copyright © 2007-2014 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. * - * Original DBUS/colord code is Copyright 2011 Red Hat, Inc. + * Original DBUS/colord code is Copyright © 2011 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -900,8 +902,6 @@ colord_create_device( DBusError error; /* D-Bus error */ const char *device_path; /* Device object path */ const char *profile_path; /* Profile path */ - char *default_profile_path = NULL; - /* Default profile path */ char device_id[1024]; /* Device ID as understood by colord */ char format_str[1024]; /* Qualifier format as a string */ @@ -982,10 +982,7 @@ colord_create_device( colord_device_add_profile(device_path, profile_path, relation); } -out: - - if (default_profile_path) - free(default_profile_path); + out: if (message) dbus_message_unref(message); diff --git a/scheduler/cups-driverd.cxx b/scheduler/cups-driverd.cxx index 85516eb8cb..cbdd415521 100644 --- a/scheduler/cups-driverd.cxx +++ b/scheduler/cups-driverd.cxx @@ -5,6 +5,7 @@ * created from driver information files, and dynamically generated PPD files * using driver helper programs. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products. * @@ -669,7 +670,10 @@ cat_tar(const char *name, /* I - PPD name */ } if (cupsFileTell(fp) != next) - cupsFileSeek(fp, next); + { + if (cupsFileSeek(fp, next) != next) + break; + } } cupsFileClose(fp); diff --git a/scheduler/cups-lpd.c b/scheduler/cups-lpd.c index 7b1dc48346..6b2c9708fc 100644 --- a/scheduler/cups-lpd.c +++ b/scheduler/cups-lpd.c @@ -1,10 +1,12 @@ /* * Line Printer Daemon interface for CUPS. * - * Copyright 2007-2016 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products, all rights reserved. + * Copyright © 2021 by OpenPrinting. + * Copyright © 2007-2016 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products, all rights reserved. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -1100,9 +1102,6 @@ recv_print_job( &options); break; } - - if (status) - break; } /* diff --git a/scheduler/ipp.c b/scheduler/ipp.c index 800ccff231..2156a095c1 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -4483,9 +4483,15 @@ copy_model(cupsd_client_t *con, /* I - Client connection */ snprintf(buffer, sizeof(buffer), "%s/daemon/cups-driverd", ServerBin); snprintf(tempfile, sizeof(tempfile), "%s/%d.ppd", TempDir, con->number); - tempfd = open(tempfile, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if (tempfd < 0 || cupsdOpenPipe(temppipe)) + if ((tempfd = open(tempfile, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) return (-1); + if (cupsdOpenPipe(temppipe)) + { + close(tempfd); + unlink(tempfile); + + return (-1); + } cupsdLogMessage(CUPSD_LOG_DEBUG, "copy_model: Running \"cups-driverd cat %s\"...", from); diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c index dc875cb8c7..08e9ff8d3d 100644 --- a/systemv/lpadmin.c +++ b/systemv/lpadmin.c @@ -1325,7 +1325,7 @@ set_printer_options( /* Status code */ _cupsLangPrintf(stderr, _("lpadmin: Unable to open PPD \"%s\": %s on line %d."), ppdfile, ppdErrorString(status), linenum); - return (1); + goto error; } ppdMarkDefaults(ppd); @@ -1334,25 +1334,15 @@ set_printer_options( if ((out = cupsTempFile2(tempfile, sizeof(tempfile))) == NULL) { _cupsLangPrintError(NULL, _("lpadmin: Unable to create temporary file")); - ippDelete(request); - if (ppdfile != file) - unlink(ppdfile); - if (copied_options) - cupsFreeOptions(num_options, options); - return (1); + goto error; } if ((in = cupsFileOpen(ppdfile, "r")) == NULL) { _cupsLangPrintf(stderr, _("lpadmin: Unable to open PPD \"%s\": %s"), ppdfile, strerror(errno)); - ippDelete(request); - if (ppdfile != file) - unlink(ppdfile); - if (copied_options) - cupsFreeOptions(num_options, options); cupsFileClose(out); unlink(tempfile); - return (1); + goto error; } while (cupsFileGets(in, line, sizeof(line))) @@ -1496,6 +1486,22 @@ set_printer_options( } else return (0); + + /* + * Error handling... + */ + + error: + + ippDelete(request); + + if (ppdfile != file) + unlink(ppdfile); + + if (copied_options) + cupsFreeOptions(num_options, options); + + return (1); } diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c index 8ec61e7f68..26c3d1a20d 100644 --- a/tools/ippeveprinter.c +++ b/tools/ippeveprinter.c @@ -1141,6 +1141,7 @@ create_job(ippeve_client_t *client) /* I - Client */ if ((job = calloc(1, sizeof(ippeve_job_t))) == NULL) { perror("Unable to allocate memory for job"); + _cupsRWUnlock(&(client->printer->rwlock)); return (NULL); } diff --git a/tools/ippeveps.c b/tools/ippeveps.c index 28631beecc..0550755b7f 100644 --- a/tools/ippeveps.c +++ b/tools/ippeveps.c @@ -1,6 +1,7 @@ /* * Generic Adobe PostScript printer command for ippeveprinter/CUPS. * + * Copyright © 2021 by OpenPrinting. * Copyright © 2019 by Apple Inc. * * Licensed under Apache License v2.0. See the file "LICENSE" for more @@ -964,7 +965,13 @@ ps_to_ps(const char *filename, /* I - Filename */ int copy_page = 0; /* Do we copy the page data? */ if (fp != stdin) - fseek(fp, first_pos, SEEK_SET); + { + if (fseek(fp, first_pos, SEEK_SET) < 0) + { + perror("ERROR: Unable to seek within PostScript file"); + break; + } + } page = 0; while (fgets(line, sizeof(line), fp))