File libcdio-0.94-leak-11.patch of Package libcdio.24379

From 86edad4f031f50d3c9433a0dcd3cc7d346d94f5e Mon Sep 17 00:00:00 2001
From: "R. Bernstein" <rocky@gnu.org>
Date: Fri, 1 Dec 2017 03:35:05 -0500
Subject: [PATCH 11/20] Remove test leaks and uninitialized access

---
 lib/driver/gnu_linux.c          |  7 ++++---
 lib/driver/mmc/mmc_cmd_helper.h | 18 +++++++++---------
 test/driver/mmc_read.c          | 11 ++++++-----
 test/driver/mmc_write.c         | 17 ++++++++++-------
 4 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/lib/driver/gnu_linux.c b/lib/driver/gnu_linux.c
index 4081741e..bc4d9f9b 100644
--- a/lib/driver/gnu_linux.c
+++ b/lib/driver/gnu_linux.c
@@ -1278,11 +1278,13 @@ run_mmc_cmd_linux(void *p_user_data,
   _img_private_t *p_env = p_user_data;
   struct cdrom_generic_command cgc;
   cdio_mmc_request_sense_t sense;
-  unsigned char *u_sense = (unsigned char *) &sense;
 
   p_env->gen.scsi_mmc_sense_valid = 0;
-  memset (&cgc, 0, sizeof (struct cdrom_generic_command));
+
+  memset(&cgc, 0, sizeof (struct cdrom_generic_command));
+  memset(&sense, 0, sizeof (struct cdio_mmc_request_sense));
   memcpy(&cgc.cmd, p_cdb, i_cdb);
+
   cgc.buflen = i_buf;
   cgc.buffer = p_buf;
   cgc.sense  = (struct request_sense *) &sense;
@@ -1295,7 +1297,6 @@ run_mmc_cmd_linux(void *p_user_data,
   cgc.timeout = i_timeout_ms;
 #endif
 
-  memset(u_sense, 0, sizeof(sense));
   {
     int i_rc = ioctl (p_env->gen.fd, CDROM_SEND_PACKET, &cgc);
 
diff --git a/lib/driver/mmc/mmc_cmd_helper.h b/lib/driver/mmc/mmc_cmd_helper.h
index f77f8c34..04ba04bc 100644
--- a/lib/driver/mmc/mmc_cmd_helper.h
+++ b/lib/driver/mmc/mmc_cmd_helper.h
@@ -1,16 +1,16 @@
 /*
-   Copyright (C) 2010, 2012 Rocky Bernstein <rocky@gnu.org>
+   Copyright (C) 2010, 2012, 2017 Rocky Bernstein <rocky@gnu.org>
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -22,9 +22,9 @@
    assume variables 'p_cdio', 'p_buf', and 'i_size' are previously
    defined.  It does the following:
 
-   1. Defines a cdb variable, 
-   2  Checks to see if we have a cdio object and can run an MMC command
-   3. zeros the buffer (p_buf) using i_size.
+   1. Defines a cdb variable,
+   2. zeros cdb variable
+   3  Checks to see if we have a cdio object and can run an MMC command
    4. Sets up the command field of cdb to passed in value mmc_cmd.
 */
 #define MMC_CMD_SETUP(mmc_cmd)                                          \
@@ -33,7 +33,7 @@
     if ( ! p_cdio ) return DRIVER_OP_UNINIT;                            \
     if ( ! p_cdio->op.run_mmc_cmd ) return DRIVER_OP_UNSUPPORTED;       \
                                                                         \
-    CDIO_MMC_SET_COMMAND(cdb.field, mmc_cmd)                            
+    CDIO_MMC_SET_COMMAND(cdb.field, mmc_cmd)
 
 /* Boilerplate initialization code to setup running MMC read command
    needs to set the cdb 16-bit length field. See above
@@ -45,13 +45,13 @@
     /* Setup to read header, to get length of data */                   \
     CDIO_MMC_SET_READ_LENGTH16(cdb.field, i_size)
 
-/* Boilerplate code to run a MMC command. 
+/* Boilerplate code to run a MMC command.
 
    We assume variables 'p_cdio', 'mmc_timeout_ms', 'cdb', 'i_size' and
    'p_buf' are defined previously.
 
    'direction' is the SCSI direction (read, write, none) of the
-   command.  
+   command.
 */
 #define MMC_RUN_CMD(direction, i_timeout)                               \
     p_cdio->op.run_mmc_cmd(p_cdio->env,                                 \
diff --git a/test/driver/mmc_read.c b/test/driver/mmc_read.c
index 199b2e2b..bc6694c2 100644
--- a/test/driver/mmc_read.c
+++ b/test/driver/mmc_read.c
@@ -1,6 +1,6 @@
 /* -*- C -*-
   Copyright (C) 2009 Thomas Schmitt <scdbackup@gmx.net>
-  Copyright (C) 2010-2013 Rocky Bernstein <rocky@gnu.org>
+  Copyright (C) 2010-2013, 2017 Rocky Bernstein <rocky@gnu.org>
 
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -134,10 +134,11 @@ handle_outcome(CdIo_t *p_cdio, driver_return_code_t i_status,
     cdio_mmc_request_sense_t *p_temp_sense_reply = NULL;
     *pi_sense_avail = mmc_last_cmd_sense(p_cdio, &p_temp_sense_reply);
     print_status_sense(i_status, *pi_sense_avail, p_temp_sense_reply, i_flag & 1);
-    if (18 <= *pi_sense_avail)
-	memcpy(p_sense_reply, p_temp_sense_reply, sizeof(cdio_mmc_request_sense_t));
-    else
-	memset(p_sense_reply, 0, sizeof(cdio_mmc_request_sense_t));
+    if (18 <= *pi_sense_avail) {
+        memset(p_sense_reply, 0, sizeof(cdio_mmc_request_sense_t));
+        memcpy(p_sense_reply, p_temp_sense_reply, *pi_sense_avail);
+    } else
+        memset(p_sense_reply, 0, sizeof(cdio_mmc_request_sense_t));
     cdio_free(p_temp_sense_reply);
     return i_status;
 }
diff --git a/test/driver/mmc_write.c b/test/driver/mmc_write.c
index 82d55a47..3cf88e6b 100644
--- a/test/driver/mmc_write.c
+++ b/test/driver/mmc_write.c
@@ -1,6 +1,6 @@
 /* -*- C -*-
   Copyright (C) 2009 Thomas Schmitt <scdbackup@gmx.net>
-  Copyright (C) 2010, 2012-2013 Rocky Bernstein <rocky@gnu.org>
+  Copyright (C) 2010, 2012-2013, 2017 Rocky Bernstein <rocky@gnu.org>
 
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -116,10 +116,11 @@ handle_outcome(CdIo_t *p_cdio, driver_return_code_t i_status,
     cdio_mmc_request_sense_t *p_temp_sense_reply = NULL;
     *pi_sense_avail = mmc_last_cmd_sense(p_cdio, &p_temp_sense_reply);
     print_status_sense(i_status, *pi_sense_avail, p_temp_sense_reply, i_flag & 1);
-    if (18 <= *pi_sense_avail)
-	memcpy(p_sense_reply, p_temp_sense_reply, sizeof(cdio_mmc_request_sense_t));
-    else
-	memset(p_sense_reply, 0, sizeof(cdio_mmc_request_sense_t));
+    if (18 <= *pi_sense_avail) {
+        memset(p_sense_reply, 0, sizeof(cdio_mmc_request_sense_t));
+        memcpy(p_sense_reply, p_temp_sense_reply, *pi_sense_avail);
+    } else
+        memset(p_sense_reply, 0, sizeof(cdio_mmc_request_sense_t));
     cdio_free(p_temp_sense_reply);
     return i_status;
 }
@@ -442,13 +443,15 @@ static int
 test_rwr_mode_page(CdIo_t *p_cdio, unsigned int i_flag)
 {
     int i_ret;
-    unsigned int i_sense_avail;
-    int page_code = 5, subpage_code = 0, i_alloc_len, i_size;
+    unsigned int i_sense_avail = 0;
+    int page_code = 5, subpage_code = 0, i_alloc_len, i_size = 0;
     int write_type, final_return = 1, new_write_type, old_i_size;
     cdio_mmc_request_sense_t sense_reply;
     unsigned char buf[265], old_buf[265];        /* page size is max. 255 + 10 */
     static char w_types[4][8] = {"Packet", "TAO", "SAO", "Raw"};
 
+    memset(buf, 0, sizeof(buf));
+
     i_alloc_len = 10;
     i_ret = mode_sense(p_cdio, &i_sense_avail, &sense_reply,
 			    page_code, subpage_code, i_alloc_len,
-- 
2.17.0

openSUSE Build Service is sponsored by