From 05cb73a7ee762065339393057d421613866e0418 Mon Sep 17 00:00:00 2001 From: jbj Date: Sat, 22 Jun 2002 18:51:56 +0000 Subject: Factor bounds checking annotations into source code. CVS patchset: 5521 CVS date: 2002/06/22 18:51:56 --- .lclintrc | 8 ++++++ Makefile.am | 10 +++++++ beecrypt/.cvsignore | 3 ++- beecrypt/Makefile.am | 3 +++ beecrypt/dsa.h | 2 +- beecrypt/sha1.h | 6 ++--- build/.cvsignore | 1 + build/Makefile.am | 5 ++++ lib/.cvsignore | 1 + lib/.lclintrc | 4 +-- lib/Makefile.am | 5 +++- lib/cpio.c | 12 +++++++++ lib/depends.c | 26 ++++++++++++++++++ lib/formats.c | 32 ++++++++++++++++++++++- lib/fs.c | 12 +++++++++ lib/fsm.c | 58 +++++++++++++++++++++++++++++++++++++++++ lib/getdate.c | 2 ++ lib/manifest.c | 8 ++++++ lib/manifest.h | 6 ++++- lib/misc.c | 2 ++ lib/misc.h | 2 ++ lib/package.c | 8 ++++++ lib/poptI.c | 2 ++ lib/poptQV.c | 2 ++ lib/psm.c | 4 +++ lib/query.c | 16 ++++++++++++ lib/rpmal.c | 8 ++++++ lib/rpmal.h | 1 + lib/rpmchecksig.c | 27 +++++++++++++++++-- lib/rpmcli.h | 2 ++ lib/rpmds.c | 44 +++++++++++++++++++++++++++++-- lib/rpmfi.c | 35 ++++++++++++++++++++++++- lib/rpminstall.c | 2 ++ lib/rpmlead.c | 4 +++ lib/rpmlead.h | 3 --- lib/rpmlibprov.c | 4 +++ lib/rpmps.c | 5 +++- lib/rpmrc.c | 2 ++ lib/rpmte.c | 3 ++- lib/rpmts.c | 7 ++++- lib/rpmts.h | 2 +- lib/rpmvercmp.c | 8 ++++++ lib/signature.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/stringbuf.c | 6 +++++ lib/transaction.c | 14 ++++++++++ lib/verify.c | 14 ++++++++++ libelf/.cvsignore | 1 + libelf/Makefile.am | 6 +++++ libelf/lib/.cvsignore | 4 ++- libelf/lib/.lclintrc | 10 +++---- libelf/lib/32.fsize.c | 4 +++ libelf/lib/32.newehdr.c | 4 +++ libelf/lib/32.newphdr.c | 2 ++ libelf/lib/32.xlatetof.c | 6 +++++ libelf/lib/64.xlatetof.c | 10 +++++++ libelf/lib/Makefile.am | 5 ++++ libelf/lib/begin.c | 34 ++++++++++++++++++++++-- libelf/lib/checksum.c | 2 ++ libelf/lib/cook.c | 19 ++++++++++++++ libelf/lib/end.c | 4 +++ libelf/lib/errmsg.c | 2 ++ libelf/lib/gelfehdr.c | 10 +++++++ libelf/lib/gelfphdr.c | 10 +++++++ libelf/lib/gelfshdr.c | 6 +++++ libelf/lib/gelftrans.c | 28 ++++++++++++++++++++ libelf/lib/hash.c | 15 +++++++---- libelf/lib/libelf.h | 6 +++-- libelf/lib/newdata.c | 10 +++++-- libelf/lib/newscn.c | 2 ++ libelf/lib/nlist.c | 8 ++++++ libelf/lib/private.h | 9 ++++--- libelf/lib/rawdata.c | 16 +++++++++--- libelf/lib/rawfile.c | 10 ++++++- libelf/lib/update.c | 55 +++++++++++++++++++++++++++++++++++++++ libelf/lib/verdef.h | 4 +++ libelf/lib/verneed.h | 4 +++ popt/.cvsignore | 1 + popt/.lclintrc | 2 +- popt/Makefile.am | 5 ++++ popt/popt.c | 20 ++++++++++++++ popt/poptconfig.c | 4 +++ popt/popthelp.c | 7 +++++ popt/poptparse.c | 4 +++ popt/system.h | 10 +++++++ rpm.spec.in | 2 +- rpmdb/.cvsignore | 1 + rpmdb/.lclintrc | 5 ++++ rpmdb/Makefile.am | 11 +++++--- rpmdb/hdrNVR.c | 2 ++ rpmdb/header.c | 62 +++++++++++++++++++++++++++++++++++++++++++ rpmdb/header_internal.c | 2 ++ rpmdb/legacy.c | 8 ++++++ rpmdb/merge.c | 4 +-- rpmdb/poptDB.c | 1 - rpmdb/rpmdb.h | 2 ++ rpmdb/rpmhash.c | 8 ++++++ rpmdb/tagname.c | 2 ++ rpmio/.cvsignore | 1 + rpmio/Makefile.am | 21 +++++++++------ rpmio/rpmio_internal.h | 2 ++ rpmio/rpmpgp.h | 2 ++ system.h | 8 +++--- tools/rpmarchive.c | 2 +- tools/rpmheader.c | 2 +- tools/rpmlead.c | 2 +- tools/rpmsignature.c | 1 + zlib/.cvsignore | 1 + zlib/.lclintrc | 57 +++++++++++++++++++++++++++++++++------- zlib/Makefile.am | 7 +++-- zlib/Makefile.in | 7 +++-- zlib/trees.c | 7 ++--- 111 files changed, 1000 insertions(+), 88 deletions(-) diff --git a/.lclintrc b/.lclintrc index ab56d9533..2961d700a 100644 --- a/.lclintrc +++ b/.lclintrc @@ -15,8 +15,16 @@ # --- in progress #+bounds #+boundswrite ++slovak-fcns -redecl +-macroparams +-declundef +-enummemuse +-fcnuse +-typeuse +-varuse + # --- not-yet at strict level -bitwisesigned # pita -elseifcomplete # 95 occurences diff --git a/Makefile.am b/Makefile.am index e3940b723..2d93de24d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -102,6 +102,16 @@ rpm2cpio_LDADD = $(myLDADD) @LIBMISC@ $(PROGRAMS): $(myLDADD) @WITH_APIDOCS_TARGET@ +.PHONY: splint +splint: + splint \ + -load build/rpmbuild.lcd \ + -load lib/rpmlib.lcd \ + -load rpmdb/rpmdb.lcd \ + -load rpmio/rpmio.lcd \ + -load popt/popt.lcd \ + $(DEFS) $(INCLUDES) rpmqv.c $(rpmb_SOURCES) + .PHONY: lclint lclint: lclint -Dlint $(DEFS) $(INCLUDES) rpmqv.c $(rpmb_SOURCES) \ diff --git a/beecrypt/.cvsignore b/beecrypt/.cvsignore index 0451198a1..363e8face 100644 --- a/beecrypt/.cvsignore +++ b/beecrypt/.cvsignore @@ -25,9 +25,10 @@ libtool listobjs ltconfig ltmain.sh -*.o *.la +*.lcd *.lo +*.o *.S stamp-h stamp-h1 diff --git a/beecrypt/Makefile.am b/beecrypt/Makefile.am index 1d1a846e5..ae34f0bee 100644 --- a/beecrypt/Makefile.am +++ b/beecrypt/Makefile.am @@ -66,6 +66,9 @@ beetest: all make -C tests beetest ./tests/beetest +beecrypt.lcd: Makefile.am ${libbeecrypt_la_SOURCES} ${pkginclude_HEADERS} ${noinst_HEADERS} + lclint $(DEFS) $(INCLUDES) ${libbeecrypt_la_SOURCES} -dump $@ + # XXX don't bite into gcj java dependencies (yet) .PHONY: sources sources: diff --git a/beecrypt/dsa.h b/beecrypt/dsa.h index a804bf199..45e79d4ec 100644 --- a/beecrypt/dsa.h +++ b/beecrypt/dsa.h @@ -42,7 +42,7 @@ int dsasign(const mp32barrett* p, const mp32barrett* q, const mp32number* g, ran /** */ -BEECRYPTAPI +BEECRYPTAPI /*@unused@*/ int dsavrfy(const mp32barrett* p, const mp32barrett* q, const mp32number* g, const mp32number* hm, const mp32number* y, const mp32number* r, const mp32number* s) /*@*/; diff --git a/beecrypt/sha1.h b/beecrypt/sha1.h index 1f04a463e..8705b5b57 100644 --- a/beecrypt/sha1.h +++ b/beecrypt/sha1.h @@ -57,19 +57,19 @@ void sha1Process(sha1Param* p) /** \ingroup HASH_sha1_m */ -BEECRYPTAPI +BEECRYPTAPI /*@unused@*/ int sha1Reset (sha1Param* p) /*@modifies p */; /** \ingroup HASH_sha1_m */ -BEECRYPTAPI +BEECRYPTAPI /*@unused@*/ int sha1Update (sha1Param* p, const byte* data, int size) /*@modifies p */; /** \ingroup HASH_sha1_m */ -BEECRYPTAPI +BEECRYPTAPI /*@unused@*/ int sha1Digest (sha1Param* p, /*@out@*/ uint32* data) /*@modifies p, data */; diff --git a/build/.cvsignore b/build/.cvsignore index dcf4befde..c64b470d2 100644 --- a/build/.cvsignore +++ b/build/.cvsignore @@ -4,4 +4,5 @@ Makefile Makefile.in .libs *.la +*.lcd *.lo diff --git a/build/Makefile.am b/build/Makefile.am index 211fb8586..6f943e661 100644 --- a/build/Makefile.am +++ b/build/Makefile.am @@ -30,6 +30,11 @@ install-data-local: sed -e "s|^dependency_libs='|& -lrpm|" < librpmbuild.la > .librpmbuild.la && \ mv .librpmbuild.la librpmbuild.la +BUILT_SOURCES = rpmbuild.lcd + +rpmbuild.lcd: Makefile.am ${librpmbuild_la_SOURCES} ${pkginc_HEADERS} ${noinst_HEADERS} + -lclint ${DEFS} ${INCLUDES} ${librpmbuild_la_SOURCES} -dump $@ 2>/dev/null + .PHONY: sources sources: @echo $(librpmbuild_la_SOURCES:%=build/%) diff --git a/lib/.cvsignore b/lib/.cvsignore index d5d93dbae..1264c82e5 100644 --- a/lib/.cvsignore +++ b/lib/.cvsignore @@ -6,4 +6,5 @@ getdate.c tagtable.c .libs *.la +*.lcd *.lo diff --git a/lib/.lclintrc b/lib/.lclintrc index e2e19e31f..5f94e31c4 100644 --- a/lib/.lclintrc +++ b/lib/.lclintrc @@ -13,8 +13,7 @@ +strict # lclint level # --- in progress -#+bounds # 629 -#+boundswrite # 317 ++slovak-fcns -redecl # --- +partial artifacts @@ -28,6 +27,7 @@ -varuse # --- not-yet at strict level ++bounds # 0 -bitwisesigned # 255 -elseifcomplete # 95 occurences -exportconst # 839 occurences diff --git a/lib/Makefile.am b/lib/Makefile.am index 680e8a44b..682538b60 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -74,7 +74,10 @@ getdate.c: getdate.y fi ;\ fi -BUILT_SOURCES = getdate.c +BUILT_SOURCES = getdate.c rpmlib.lcd + +rpmlib.lcd: Makefile.am ${librpm_la_SOURCES} ${pkginc_HEADERS} ${noinst_HEADERS} + -lclint ${DEFS} ${INCLUDES} ${librpm_la_SOURCES} -dump $@ 2>/dev/null .PHONY: sources sources: diff --git a/lib/cpio.c b/lib/cpio.c index eef9e8463..f5e2733f7 100644 --- a/lib/cpio.c +++ b/lib/cpio.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup payload * \file lib/cpio.c * Handle cpio payloads within rpm packages. @@ -39,10 +40,12 @@ static int strntoul(const char *str, /*@out@*/char **endptr, int base, int num) buf[num] = '\0'; ret = strtoul(buf, &end, base); +/*@-boundswrite@*/ if (*end != '\0') *endptr = ((char *)str) + (end - buf); /* XXX discards const */ else *endptr = ((char *)str) + strlen(buf); +/*@=boundswrite@*/ return ret; } @@ -60,11 +63,13 @@ int cpioTrailerWrite(FSM_t fsm) (struct cpioCrcPhysicalHeader *)fsm->rdbuf; int rc; +/*@-boundswrite@*/ memset(hdr, '0', PHYS_HDR_SIZE); memcpy(hdr->magic, CPIO_NEWC_MAGIC, sizeof(hdr->magic)); memcpy(hdr->nlink, "00000001", 8); memcpy(hdr->namesize, "0000000b", 8); memcpy(fsm->rdbuf + PHYS_HDR_SIZE, CPIO_TRAILER, sizeof(CPIO_TRAILER)); +/*@=boundswrite@*/ /* XXX DWRITE uses rdnb for I/O length. */ fsm->rdnb = PHYS_HDR_SIZE + sizeof(CPIO_TRAILER); @@ -104,7 +109,9 @@ int cpioHeaderWrite(FSM_t fsm, struct stat * st) len = strlen(fsm->path) + 1; SET_NUM_FIELD(hdr->namesize, len, field); memcpy(hdr->checksum, "00000000", 8); +/*@-boundswrite@*/ memcpy(fsm->rdbuf + PHYS_HDR_SIZE, fsm->path, len); +/*@=boundswrite@*/ /* XXX DWRITE uses rdnb for I/O length. */ fsm->rdnb = PHYS_HDR_SIZE + len; @@ -130,7 +137,9 @@ int cpioHeaderRead(FSM_t fsm, struct stat * st) if (!rc && fsm->rdnb != fsm->wrlen) rc = CPIOERR_READ_FAILED; if (rc) return rc; +/*@-boundswrite@*/ memcpy(&hdr, fsm->wrbuf, fsm->rdnb); +/*@=boundswrite@*/ if (strncmp(CPIO_CRC_MAGIC, hdr.magic, sizeof(CPIO_CRC_MAGIC)-1) && strncmp(CPIO_NEWC_MAGIC, hdr.magic, sizeof(CPIO_NEWC_MAGIC)-1)) @@ -170,8 +179,10 @@ int cpioHeaderRead(FSM_t fsm, struct stat * st) fsm->path = NULL; return rc; } +/*@-boundswrite@*/ memcpy(t, fsm->wrbuf, fsm->rdnb); t[nameSize] = '\0'; +/*@=boundswrite@*/ fsm->path = t; } @@ -238,3 +249,4 @@ const char *const cpioStrerror(int rc) /*@=branchstate@*/ return msg; } +/*@=boundsread@*/ diff --git a/lib/depends.c b/lib/depends.c index 4cc876ce1..d535d2459 100644 --- a/lib/depends.c +++ b/lib/depends.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup rpmts * \file lib/depends.c */ @@ -88,9 +89,11 @@ static int removePackage(rpmts ts, Header h, int dboffset, /* Filter out duplicate erasures. */ if (ts->numRemovedPackages > 0 && ts->removedPackages != NULL) { +/*@-boundswrite@*/ if (bsearch(&dboffset, ts->removedPackages, ts->numRemovedPackages, sizeof(*ts->removedPackages), intcmp) != NULL) return 0; +/*@=boundswrite@*/ } if (ts->numRemovedPackages == ts->allocedRemovedPackages) { @@ -100,8 +103,10 @@ static int removePackage(rpmts ts, Header h, int dboffset, } if (ts->removedPackages != NULL) { /* XXX can't happen. */ +/*@-boundswrite@*/ ts->removedPackages[ts->numRemovedPackages] = dboffset; ts->numRemovedPackages++; +/*@=boundswrite@*/ if (ts->numRemovedPackages > 1) qsort(ts->removedPackages, ts->numRemovedPackages, sizeof(*ts->removedPackages), intcmp); @@ -115,8 +120,10 @@ static int removePackage(rpmts ts, Header h, int dboffset, } p = rpmteNew(ts, h, TR_REMOVED, NULL, NULL, dboffset, depends); +/*@-boundswrite@*/ ts->order[ts->orderCount] = p; ts->orderCount++; +/*@=boundswrite@*/ return 0; } @@ -173,7 +180,9 @@ int rpmtsAddInstallElement(rpmts ts, Header h, if (p != NULL && duplicate && oc < ts->orderCount) { /* XXX FIXME removed transaction element side effects need to be weeded */ /*@-type -unqualifiedtrans@*/ +/*@-boundswrite@*/ ts->order[oc] = rpmteFree(ts->order[oc]); +/*@=boundswrite@*/ /*@=type =unqualifiedtrans@*/ } @@ -185,7 +194,9 @@ int rpmtsAddInstallElement(rpmts ts, Header h, } p = rpmteNew(ts, h, TR_ADDED, key, relocs, -1, pkgKey); +/*@-boundswrite@*/ ts->order[oc] = p; +/*@=boundswrite@*/ if (!duplicate) ts->orderCount++; @@ -193,7 +204,9 @@ int rpmtsAddInstallElement(rpmts ts, Header h, rpmteDS(p, RPMTAG_PROVIDENAME), rpmteFI(p, RPMTAG_BASENAMES)); if (pkgKey == RPMAL_NOMATCH) { +/*@-boundswrite@*/ ts->order[oc] = rpmteFree(ts->order[oc]); +/*@=boundswrite@*/ ec = 1; goto exit; } @@ -381,8 +394,10 @@ static int unsatisfiedDepend(rpmts ts, rpmds dep) datap = data->data; datalen = data->size; +/*@-boundswrite@*/ if (xx == 0 && datap && datalen == 4) memcpy(&rc, datap, datalen); +/*@=boundswrite@*/ xx = dbiCclose(dbi, dbcursor, 0); } /*@=branchstate@*/ @@ -895,6 +910,7 @@ static inline /*@observer@*/ const char * const identifyDepend(int_32 f) * @retval nzaps address of no. of relations removed * @return (possibly NULL) formatted "q <- p" releation (malloc'ed) */ +/*@-boundswrite@*/ /*@-mustmod@*/ /* FIX: hack modifies, but -type disables */ static /*@owned@*/ /*@null@*/ const char * zapRelation(rpmte q, rpmte p, @@ -953,6 +969,7 @@ zapRelation(rpmte q, rpmte p, return dp; } /*@=mustmod@*/ +/*@=boundswrite@*/ static void prtTSI(const char * msg, tsortInfo tsi) /*@globals fileSystem@*/ @@ -1034,7 +1051,9 @@ fprintf(stderr, "addRelation: q %p(%s) from %p[%d:%d]\n", q, rpmteN(q), ts->orde /* XXX TODO: add control bit. */ if (selected[i] != 0) return 0; +/*@-boundswrite@*/ selected[i] = 1; +/*@=boundswrite@*/ /*@-nullpass@*/ if (_tso_debug) fprintf(stderr, "addRelation: selected[%d] = 1\n", i); @@ -1098,6 +1117,7 @@ static int orderListIndexCmp(const void * one, const void * two) /*@*/ * @retval qp address of first element * @retval rp address of last element */ +/*@-boundswrite@*/ /*@-mustmod@*/ static void addQ(/*@dependent@*/ rpmte p, /*@in@*/ /*@out@*/ rpmte * qp, @@ -1141,7 +1161,9 @@ static void addQ(/*@dependent@*/ rpmte p, } } /*@=mustmod@*/ +/*@=boundswrite@*/ +/*@-bounds@*/ int rpmtsOrder(rpmts ts) { rpmds requires; @@ -1619,6 +1641,7 @@ assert(newOrderCount == ts->orderCount); return 0; } +/*@=bounds@*/ /** * Close a single database index. @@ -1640,6 +1663,7 @@ static int rpmdbCloseDBI(/*@null@*/ rpmdb db, int rpmtag) for (dbix = 0; dbix < dbiTagsMax; dbix++) { if (dbiTags[dbix] != rpmtag) continue; +/*@-boundswrite@*/ if (db->_dbi[dbix] != NULL) { int xx; /*@-unqualifiedtrans@*/ /* FIX: double indirection. */ @@ -1648,6 +1672,7 @@ static int rpmdbCloseDBI(/*@null@*/ rpmdb db, int rpmtag) db->_dbi[dbix] = NULL; /*@=unqualifiedtrans@*/ } +/*@=boundswrite@*/ break; } return rc; @@ -1789,3 +1814,4 @@ exit: /*@=branchstate@*/ return rc; } +/*@=boundsread@*/ diff --git a/lib/formats.c b/lib/formats.c index 2bbab6891..4259f7177 100644 --- a/lib/formats.c +++ b/lib/formats.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup header * \file lib/formats.c */ @@ -51,6 +52,7 @@ static /*@only@*/ char * permsFormat(int_32 type, const void * data, char * form char * val; char * buf; +/*@-boundswrite@*/ if (type != RPM_INT32_TYPE) { val = xstrdup(_("(not a number)")); } else { @@ -62,6 +64,7 @@ static /*@only@*/ char * permsFormat(int_32 type, const void * data, char * form /*@=formatconst@*/ buf = _free(buf); } +/*@=boundswrite@*/ return val; } @@ -83,6 +86,7 @@ static /*@only@*/ char * fflagsFormat(int_32 type, const void * data, char buf[15]; int anint = *((int_32 *) data); +/*@-boundswrite@*/ if (type != RPM_INT32_TYPE) { val = xstrdup(_("(not a number)")); } else { @@ -110,6 +114,7 @@ static /*@only@*/ char * fflagsFormat(int_32 type, const void * data, sprintf(val, formatPrefix, buf); /*@=formatconst@*/ } +/*@=boundswrite@*/ return val; } @@ -171,6 +176,7 @@ static /*@only@*/ char * armorFormat(int_32 type, const void * data, nt += 512; /* XXX slop for armor and crc */ +/*@-boundswrite@*/ val = t = xmalloc(nt + padding + 1); *t = '\0'; t = stpcpy(t, "-----BEGIN PGP "); @@ -193,6 +199,7 @@ static /*@only@*/ char * armorFormat(int_32 type, const void * data, t = stpcpy(t, "-----END PGP "); t = stpcpy(t, pgpValStr(pgpArmorTbl, atype)); t = stpcpy(t, "-----\n"); +/*@=boundswrite@*/ /*@-branchstate@*/ if (s != data) s = _free(s); @@ -216,6 +223,7 @@ static /*@only@*/ char * base64Format(int_32 type, const void * data, { char * val; +/*@-boundswrite@*/ if (type != RPM_BIN_TYPE) { val = xstrdup(_("(not a blob)")); } else { @@ -242,6 +250,7 @@ static /*@only@*/ char * base64Format(int_32 type, const void * data, enc = _free(enc); } } +/*@=boundswrite@*/ return val; } @@ -287,6 +296,7 @@ static /*@only@*/ char * depflagsFormat(int_32 type, const void * data, char buf[10]; int anint = *((int_32 *) data); +/*@-boundswrite@*/ if (type != RPM_INT32_TYPE) { val = xstrdup(_("(not a number)")); } else { @@ -305,6 +315,7 @@ static /*@only@*/ char * depflagsFormat(int_32 type, const void * data, sprintf(val, formatPrefix, buf); /*@=formatconst@*/ } +/*@=boundswrite@*/ return val; } @@ -331,10 +342,12 @@ static int fsnamesTag( /*@unused@*/ Header h, /*@out@*/ int_32 * type, return 1; } +/*@-boundswrite@*/ *type = RPM_STRING_ARRAY_TYPE; *((const char ***) data) = list; *freeData = 0; +/*@=boundswrite@*/ return 0; } @@ -359,6 +372,7 @@ static int instprefixTag(Header h, /*@null@*/ /*@out@*/ rpmTagType * type, rpmTagType ipt; char ** array; +/*@-boundswrite@*/ if (hge(h, RPMTAG_INSTALLPREFIX, type, (void **)data, count)) { if (freeData) *freeData = 0; return 0; @@ -368,7 +382,8 @@ static int instprefixTag(Header h, /*@null@*/ /*@out@*/ rpmTagType * type, if (type) *type = RPM_STRING_TYPE; array = hfd(array, ipt); return 0; - } + } +/*@=boundswrite@*/ return 1; } @@ -408,6 +423,7 @@ static int fssizesTag(Header h, /*@out@*/ rpmTagType * type, return 1; } +/*@-boundswrite@*/ *type = RPM_INT32_TYPE; *freeData = 1; @@ -422,6 +438,7 @@ static int fssizesTag(Header h, /*@out@*/ rpmTagType * type, return 1; *data = usages; +/*@=boundswrite@*/ filenames = _free(filenames); @@ -437,6 +454,7 @@ static int fssizesTag(Header h, /*@out@*/ rpmTagType * type, * @retval freeData address of data-was-malloc'ed indicator * @return 0 on success */ +/*@-bounds@*/ static int triggercondsTag(Header h, /*@out@*/ rpmTagType * type, /*@out@*/ const void ** data, /*@out@*/ int_32 * count, /*@out@*/ int * freeData) @@ -500,6 +518,7 @@ static int triggercondsTag(Header h, /*@out@*/ rpmTagType * type, return 0; } +/*@=bounds@*/ /** * Retrieve trigger type info. @@ -510,6 +529,7 @@ static int triggercondsTag(Header h, /*@out@*/ rpmTagType * type, * @retval freeData address of data-was-malloc'ed indicator * @return 0 on success */ +/*@-bounds@*/ static int triggertypeTag(Header h, /*@out@*/ rpmTagType * type, /*@out@*/ const void ** data, /*@out@*/ int_32 * count, /*@out@*/ int * freeData) @@ -554,6 +574,7 @@ static int triggertypeTag(Header h, /*@out@*/ rpmTagType * type, return 0; } +/*@=bounds@*/ /** * Retrieve file paths. @@ -572,9 +593,11 @@ static int filenamesTag(Header h, /*@out@*/ rpmTagType * type, *type = RPM_STRING_ARRAY_TYPE; rpmBuildFileList(h, (const char ***) data, count); +/*@-boundswrite@*/ *freeData = 1; *freeData = 0; /* XXX WTFO? */ +/*@=boundswrite@*/ return 0; } @@ -612,10 +635,12 @@ static int i18nTag(Header h, int_32 tag, /*@out@*/ rpmTagType * type, char * dstring = rpmExpand(_macro_i18ndomains, NULL); int rc; +/*@-boundswrite@*/ *type = RPM_STRING_TYPE; *data = NULL; *count = 0; *freeData = 0; +/*@=boundswrite@*/ if (dstring && *dstring) { char *domain, *de; @@ -654,12 +679,14 @@ static int i18nTag(Header h, int_32 tag, /*@out@*/ rpmTagType * type, unsetenv(language); /*@i@*/ ++_nl_msg_cat_cntr; +/*@-boundswrite@*/ if (domain && msgid) { *data = /*@-unrecog@*/ dgettext(domain, msgid) /*@=unrecog@*/; *data = xstrdup(*data); /* XXX xstrdup has side effects. */ *count = 1; *freeData = 1; } +/*@=boundswrite@*/ dstring = _free(dstring); if (*data) return 0; @@ -669,6 +696,7 @@ static int i18nTag(Header h, int_32 tag, /*@out@*/ rpmTagType * type, rc = hge(h, tag, type, (void **)data, count); +/*@-boundswrite@*/ if (rc && (*data) != NULL) { *data = xstrdup(*data); *freeData = 1; @@ -678,6 +706,7 @@ static int i18nTag(Header h, int_32 tag, /*@out@*/ rpmTagType * type, *freeData = 0; *data = NULL; *count = 0; +/*@=boundswrite@*/ return 1; } @@ -759,3 +788,4 @@ const struct headerSprintfExtension_s rpmHeaderFormats[] = { { HEADER_EXT_MORE, NULL, { (void *) headerDefaultFormats } } } ; /*@=type@*/ +/*@=boundsread@*/ diff --git a/lib/fs.c b/lib/fs.c index a1e0f5d6b..0a5fcbbe1 100644 --- a/lib/fs.c +++ b/lib/fs.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /*@-mods@*/ /** * \file lib/fs.c @@ -27,8 +28,10 @@ void freeFilesystems(void) { if (filesystems) { int i; +/*@-boundswrite@*/ for (i = 0; i < numFilesystems; i++) filesystems[i].mntPoint = _free(filesystems[i].mntPoint); +/*@=boundswrite@*/ filesystems = _free(filesystems); } if (fsnames) { @@ -219,10 +222,12 @@ static int getFilesystemList(void) filesystems[numFilesystems].mntPoint = NULL; filesystems[numFilesystems].rdonly = 0; +/*@-boundswrite@*/ fsnames = xcalloc((numFilesystems + 1), sizeof(*fsnames)); for (i = 0; i < numFilesystems; i++) fsnames[i] = filesystems[i].mntPoint; fsnames[numFilesystems] = NULL; +/*@=boundswrite@*/ return 0; } @@ -234,8 +239,10 @@ int rpmGetFilesystemList(const char *** listptr, int * num) if (getFilesystemList()) return 1; +/*@-boundswrite@*/ if (listptr) *listptr = fsnames; if (num) *num = numFilesystems; +/*@=boundswrite@*/ return 0; } @@ -268,6 +275,7 @@ int rpmGetFilesystemUsage(const char ** fileList, int_32 * fssizes, int numFiles if (maxLen < len) maxLen = len; } +/*@-boundswrite@*/ buf = alloca(maxLen + 1); lastDir = alloca(maxLen + 1); dirName = alloca(maxLen + 1); @@ -330,17 +338,21 @@ int rpmGetFilesystemUsage(const char ** fileList, int_32 * fssizes, int numFiles strcpy(lastDir, buf); usages[lastfs] += fssizes[i]; } +/*@=boundswrite@*/ sourceDir = _free(sourceDir); +/*@-boundswrite@*/ /*@-branchstate@*/ if (usagesPtr) *usagesPtr = usages; else usages = _free(usages); /*@=branchstate@*/ +/*@=boundswrite@*/ return 0; } /*@=usereleased =onlytrans@*/ /*@=mods@*/ +/*@=boundsread@*/ diff --git a/lib/fsm.c b/lib/fsm.c index a3f36cd32..9b419222f 100644 --- a/lib/fsm.c +++ b/lib/fsm.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup payload * \file lib/fsm.c * File state machine to handle a payload from a package. @@ -85,6 +86,7 @@ const char * fsmFsPath(/*@special@*/ /*@null@*/ const FSM_t fsm, (st && !S_ISDIR(st->st_mode) ? (subdir ? strlen(subdir) : 0) : 0) + (st && !S_ISDIR(st->st_mode) ? (suffix ? strlen(suffix) : 0) : 0) + strlen(fsm->baseName) + 1; +/*@-boundswrite@*/ s = t = xmalloc(nb); t = stpcpy(t, fsm->dirName); if (st && !S_ISDIR(st->st_mode)) @@ -92,6 +94,7 @@ const char * fsmFsPath(/*@special@*/ /*@null@*/ const FSM_t fsm, t = stpcpy(t, fsm->baseName); if (st && !S_ISDIR(st->st_mode)) if (suffix) t = stpcpy(t, suffix); +/*@=boundswrite@*/ } return s; } @@ -191,9 +194,11 @@ static int mapFind(/*@null@*/ FSMI_t iter, const char * fsmPath) if (fi && fi->fc > 0 && fi->apath && fsmPath && *fsmPath) { const char ** p = NULL; +/*@-boundswrite@*/ if (fi->apath != NULL) p = bsearch(&fsmPath, fi->apath, fi->fc, sizeof(fsmPath), cpioStrCmp); +/*@=boundswrite@*/ if (p) { iter->i = p - fi->apath; ix = mapNextIterator(iter); @@ -274,8 +279,10 @@ static /*@only@*/ void * dnlInitIterator(/*@special@*/ const FSM_t fsm, dnli->active = xcalloc(fi->dc, sizeof(*dnli->active)); /* Identify parent directories not skipped. */ +/*@-boundswrite@*/ for (i = 0; i < fi->fc; i++) if (!XFA_SKIPPING(fi->actions[i])) dnli->active[fi->dil[i]] = 1; +/*@=boundswrite@*/ /* Exclude parent directories that are explicitly included. */ for (i = 0; i < fi->fc; i++) { @@ -305,7 +312,9 @@ static /*@only@*/ void * dnlInitIterator(/*@special@*/ const FSM_t fsm, if (dnl[dnlen+bnlen] != '/' || dnl[dnlen+bnlen+1] != '\0') /*@innercontinue@*/ continue; /* This directory is included in the package. */ +/*@-boundswrite@*/ dnli->active[j] = 0; +/*@=boundswrite@*/ /*@innerbreak@*/ break; } } @@ -384,6 +393,7 @@ static int saveHardLink(/*@special@*/ /*@partial@*/ FSM_t fsm) /*@=branchstate@*/ /* New hard link encountered, add new link to set. */ +/*@-boundswrite@*/ /*@-branchstate@*/ if (fsm->li == NULL) { fsm->li = xcalloc(1, sizeof(*fsm->li)); @@ -408,12 +418,15 @@ static int saveHardLink(/*@special@*/ /*@partial@*/ FSM_t fsm) fsm->links = fsm->li; } /*@=branchstate@*/ +/*@=boundswrite@*/ if (fsm->goal == FSM_PKGBUILD) --fsm->li->linksLeft; +/*@-boundswrite@*/ fsm->li->filex[fsm->li->linksLeft] = fsm->ix; /*@-observertrans -dependenttrans@*/ fsm->li->nsuffix[fsm->li->linksLeft] = fsm->nsuffix; /*@=observertrans =dependenttrans@*/ +/*@=boundswrite@*/ if (fsm->goal == FSM_PKGINSTALL) fsm->li->linksLeft++; if (fsm->goal == FSM_PKGBUILD) @@ -510,6 +523,7 @@ int fsmSetup(FSM_t fsm, fileStage goal, RPMCALLBACK_INST_START, 0, fi->archiveSize); } +/*@-boundswrite@*/ /*@-assignexpose@*/ fsm->archiveSize = archiveSize; if (fsm->archiveSize) @@ -518,6 +532,7 @@ int fsmSetup(FSM_t fsm, fileStage goal, if (fsm->failedFile) *fsm->failedFile = NULL; /*@=assignexpose@*/ +/*@=boundswrite@*/ memset(fsm->sufbuf, 0, sizeof(fsm->sufbuf)); if (fsm->goal == FSM_PKGINSTALL) { @@ -532,8 +547,10 @@ int fsmSetup(FSM_t fsm, fileStage goal, rc = fsmStage(fsm, fsm->goal); if (rc && !ec) ec = rc; +/*@-boundswrite@*/ if (fsm->archiveSize && ec == 0) *fsm->archiveSize = (fdGetCpioPos(fsm->cfd) - pos); +/*@=boundswrite@*/ return ec; } @@ -580,6 +597,7 @@ int fsmMapPath(FSM_t fsm) fsm->dirName = fi->dnl[fi->dil[i]]; fsm->baseName = fi->bnl[i]; +/*@-boundswrite@*/ switch (fsm->action) { case FA_SKIP: break; @@ -638,6 +656,7 @@ assert(rpmteType(fi->te) == TR_ADDED); default: break; } +/*@=boundswrite@*/ if ((fsm->mapFlags & CPIO_MAP_PATH) || fsm->nsuffix) { const struct stat * st = &fsm->sb; @@ -806,6 +825,7 @@ static int writeFile(/*@special@*/ FSM_t fsm, int writeData) if (fsm->mapFlags & CPIO_MAP_ABSOLUTE) { /*@-compdef@*/ /* FIX: dirName/baseName annotations ? */ +/*@-boundswrite@*/ int nb = strlen(fsm->dirName) + strlen(fsm->baseName) + sizeof("."); char * t = alloca(nb); *t = '\0'; @@ -813,6 +833,7 @@ static int writeFile(/*@special@*/ FSM_t fsm, int writeData) if (fsm->mapFlags & CPIO_MAP_ADDDOT) *t++ = '.'; t = stpcpy( stpcpy(t, fsm->dirName), fsm->baseName); +/*@=boundswrite@*/ /*@=compdef@*/ } else if (fsm->mapFlags & CPIO_MAP_PATH) { rpmfi fi = fsmGetFi(fsm); @@ -882,7 +903,9 @@ static int writeFile(/*@special@*/ FSM_t fsm, int writeData) } else if (writeData && S_ISLNK(st->st_mode)) { /* XXX DWRITE uses rdnb for I/O length. */ +/*@-boundswrite@*/ strcpy(fsm->rdbuf, symbuf); /* XXX restore readlink buffer. */ +/*@=boundswrite@*/ fsm->rdnb = strlen(symbuf); rc = fsmStage(fsm, FSM_DWRITE); if (rc) goto exit; @@ -931,6 +954,7 @@ static int writeLinkedFile(/*@special@*/ FSM_t fsm) fsm->nsuffix = NULL; fsm->ix = -1; +/*@-boundswrite@*/ for (i = fsm->li->nlink - 1; i >= 0; i--) { if (fsm->li->filex[i] < 0) continue; @@ -948,6 +972,7 @@ static int writeLinkedFile(/*@special@*/ FSM_t fsm) fsm->path = _free(fsm->path); fsm->li->filex[i] = -1; } +/*@=boundswrite@*/ fsm->ix = iterIndex; fsm->nsuffix = nsuffix; @@ -1000,7 +1025,9 @@ static int fsmMakeLinks(/*@special@*/ FSM_t fsm) rc = fsmStage(fsm, FSM_LINK); if (fsm->failedFile && rc != 0 && *fsm->failedFile == NULL) { ec = rc; +/*@-boundswrite@*/ *fsm->failedFile = xstrdup(fsm->path); +/*@=boundswrite@*/ } fsm->li->linksLeft--; @@ -1045,6 +1072,7 @@ static int fsmCommitLinks(/*@special@*/ FSM_t fsm) } /*@=branchstate@*/ +/*@-boundswrite@*/ for (i = 0; i < fsm->li->nlink; i++) { if (fsm->li->filex[i] < 0) continue; fsm->ix = fsm->li->filex[i]; @@ -1054,6 +1082,7 @@ static int fsmCommitLinks(/*@special@*/ FSM_t fsm) fsm->path = _free(fsm->path); fsm->li->filex[i] = -1; } +/*@=boundswrite@*/ fsm->ix = iterIndex; fsm->nsuffix = nsuffix; @@ -1078,6 +1107,7 @@ static int fsmRmdirs(/*@special@*/ FSM_t fsm) int rc = 0; fsm->path = NULL; +/*@-boundswrite@*/ dn[0] = '\0'; /*@-observertrans -dependenttrans@*/ if (fsm->ldn != NULL && fsm->dnlx != NULL) @@ -1107,6 +1137,7 @@ static int fsmRmdirs(/*@special@*/ FSM_t fsm) } while ((te - fsm->path) > fsm->dnlx[dc]); /*@=usereleased@*/ } +/*@=boundswrite@*/ dnli = dnlFreeIterator(dnli); /*@=observertrans =dependenttrans@*/ @@ -1138,6 +1169,7 @@ static int fsmMkdirs(/*@special@*/ FSM_t fsm) fsm->path = NULL; +/*@-boundswrite@*/ dn[0] = '\0'; fsm->dnlx = (dc ? xcalloc(dc, sizeof(*fsm->dnlx)) : NULL); /*@-observertrans -dependenttrans@*/ @@ -1217,6 +1249,7 @@ static int fsmMkdirs(/*@special@*/ FSM_t fsm) } /*@=compdef@*/ } +/*@=boundswrite@*/ dnli = dnlFreeIterator(dnli); /*@=observertrans =dependenttrans@*/ @@ -1404,10 +1437,12 @@ int fsmStage(FSM_t fsm, fileStage stage) if (j == -1) j = i; } /* XXX force the contents out as well. */ +/*@-boundswrite@*/ if (j != 0) { fsm->li->filex[0] = fsm->li->filex[j]; fsm->li->filex[j] = -1; } +/*@=boundswrite@*/ fsm->li->sb.st_nlink = nlink; fsm->sb = fsm->li->sb; /* structure assignment */ @@ -1490,8 +1525,10 @@ int fsmStage(FSM_t fsm, fileStage stage) _("archive file %s was not found in header file list\n"), fsm->path); #endif +/*@-boundswrite@*/ if (fsm->failedFile && *fsm->failedFile == NULL) *fsm->failedFile = xstrdup(fsm->path); +/*@=boundswrite@*/ rc = CPIOERR_UNMAPPED_FILE; } else { rc = CPIOERR_HDR_TRAILER; @@ -1536,8 +1573,10 @@ int fsmStage(FSM_t fsm, fileStage stage) if (rc) break; /* On non-install, the disk file stat is what's remapped. */ +/*@-boundswrite@*/ if (fsm->goal != FSM_PKGINSTALL) *st = *ost; /* structure assignment */ +/*@=boundswrite@*/ /* Remap file perms, owner, and group. */ rc = fsmMapAttrs(fsm); @@ -1643,7 +1682,9 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; rc = CPIOERR_READ_FAILED; if (rc) break; +/*@-boundswrite@*/ fsm->wrbuf[st->st_size] = '\0'; +/*@=boundswrite@*/ /* XXX symlink(fsm->opath, fsm->path) */ /*@-dependenttrans@*/ fsm->opath = fsm->wrbuf; @@ -1707,8 +1748,10 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; errno = saveerrno; /*@=mods@*/ } +/*@-boundswrite@*/ if (fsm->failedFile && *fsm->failedFile == NULL) *fsm->failedFile = xstrdup(fsm->path); +/*@=boundswrite@*/ break; case FSM_FINI: if (!fsm->postpone && fsm->commit) { @@ -1722,8 +1765,10 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; } fsm->path = _free(fsm->path); fsm->opath = _free(fsm->opath); +/*@-boundswrite@*/ memset(st, 0, sizeof(*st)); memset(ost, 0, sizeof(*ost)); +/*@=boundswrite@*/ break; case FSM_COMMIT: /* Rename pre-existing modified or unmanaged file. */ @@ -1826,7 +1871,9 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; /* Notify on success. */ if (!rc) rc = fsmStage(fsm, FSM_NOTIFY); else if (fsm->failedFile && *fsm->failedFile == NULL) { +/*@-boundswrite@*/ *fsm->failedFile = fsm->path; +/*@=boundswrite@*/ fsm->path = NULL; } break; @@ -1847,7 +1894,9 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; if (fsm->failedFile && *fsm->failedFile == NULL) { fsm->ix = fsm->li->filex[i]; if (!fsmStage(fsm, FSM_MAP)) { +/*@-boundswrite@*/ *fsm->failedFile = fsm->path; +/*@=boundswrite@*/ fsm->path = NULL; } } @@ -1873,7 +1922,9 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; } if (S_ISREG(st->st_mode)) { char * path = alloca(strlen(fsm->path) + sizeof("-RPMDELETE")); +/*@-boundswrite@*/ (void) stpcpy( stpcpy(path, fsm->path), "-RPMDELETE"); +/*@=boundswrite@*/ /* * XXX HP-UX (and other os'es) don't permit unlink on busy * XXX files. @@ -2041,14 +2092,18 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; break; case FSM_READLINK: /* XXX NUL terminated result in fsm->rdbuf, len in fsm->rdnb. */ +/*@-boundswrite@*/ rc = Readlink(fsm->path, fsm->rdbuf, fsm->rdsize - 1); +/*@=boundswrite@*/ if (_fsm_debug && (stage & FSM_SYSCALL)) rpmMessage(RPMMESS_DEBUG, " %8s (%s, rdbuf, %d) %s\n", cur, fsm->path, (int)(fsm->rdsize -1), (rc < 0 ? strerror(errno) : "")); if (rc < 0) rc = CPIOERR_READLINK_FAILED; else { fsm->rdnb = rc; +/*@-boundswrite@*/ fsm->rdbuf[fsm->rdnb] = '\0'; +/*@=boundswrite@*/ rc = 0; } break; @@ -2083,7 +2138,9 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; case FSM_PAD: left = (modulo - (fdGetCpioPos(fsm->cfd) % modulo)) % modulo; if (left) { +/*@-boundswrite@*/ memset(fsm->rdbuf, 0, left); +/*@=boundswrite@*/ /* XXX DWRITE uses rdnb for I/O length. */ fsm->rdnb = left; (void) fsmStage(fsm, FSM_DWRITE); @@ -2281,3 +2338,4 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS)) break; } /*@noteached@*/ } +/*@=boundsread@*/ diff --git a/lib/getdate.c b/lib/getdate.c index 646579951..ac18cc533 100644 --- a/lib/getdate.c +++ b/lib/getdate.c @@ -1,3 +1,4 @@ +/*@-bounds@*/ /*@-globstate -statictrans -unqualifiedtrans -noparams @*/ /*@-retvalint -usedef -varuse -nullderef -nullassign @*/ /*@-readonlytrans -modunconnomods -compdef -noeffectuncon @*/ @@ -1599,3 +1600,4 @@ yyaccept: /*@=readonlytrans =modunconnomods =compdef =noeffectuncon @*/ /*@=retvalint =usedef =varuse =nullderef =nullassign @*/ /*@=globstate =statictrans =unqualifiedtrans =noparams @*/ +/*@=bounds@*/ diff --git a/lib/manifest.c b/lib/manifest.c index f58e15031..5ed880945 100644 --- a/lib/manifest.c +++ b/lib/manifest.c @@ -14,6 +14,7 @@ /*@access StringBuf @*/ +/*@-boundswrite@*/ char * rpmPermsString(int mode) { char *perms = xstrdup("----------"); @@ -60,8 +61,10 @@ char * rpmPermsString(int mode) return perms; } +/*@=boundswrite@*/ /**@todo Infinite loops through manifest files exist, operator error for now. */ +/*@-boundsread@*/ int rpmReadPackageManifest(FD_t fd, int * argcPtr, const char *** argvPtr) { StringBuf sb = newStringBuf(); @@ -77,6 +80,7 @@ int rpmReadPackageManifest(FD_t fd, int * argcPtr, const char *** argvPtr) int rc = 0; int i; +/*@-boundswrite@*/ if (f != NULL) while (1) { char line[BUFSIZ]; @@ -154,13 +158,16 @@ int rpmReadPackageManifest(FD_t fd, int * argcPtr, const char *** argvPtr) } if (argcPtr) *argcPtr = ac; +/*@=boundswrite@*/ exit: /*@-branchstate@*/ if (argvPtr == NULL || (rc != 0 && av)) { if (av) +/*@-boundswrite@*/ for (i = 0; i < ac; i++) /*@-unqualifiedtrans@*/av[i] = _free(av[i]); /*@=unqualifiedtrans@*/ +/*@=boundswrite@*/ /*@-dependenttrans@*/ av = _free(av); /*@=dependenttrans@*/ } /*@=branchstate@*/ @@ -169,3 +176,4 @@ exit: return rc; /*@=nullstate@*/ } +/*@=boundsread@*/ diff --git a/lib/manifest.h b/lib/manifest.h index d62d74f6a..77a9fa5b7 100644 --- a/lib/manifest.h +++ b/lib/manifest.h @@ -15,8 +15,12 @@ extern "C" { * @param mode file mode * @return (malloc'd) formatted mode string */ +/*@-incondefs@*/ +/*@only@*/ char * rpmPermsString(int mode) - /*@*/; + /*@*/ + /*@ensures maxSet(result) == 10 /\ maxRead(result) == 10 @*/; +/*@=incondefs@*/ /** * Read manifest, glob items, and append to existing args. diff --git a/lib/misc.c b/lib/misc.c index b53972631..ce5ef494d 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** * \file lib/misc.c */ @@ -461,3 +462,4 @@ int rpmHeaderGetEntry(Header h, int_32 tag, int_32 *type, } /*@notreached@*/ } +/*@=boundsread@*/ diff --git a/lib/misc.h b/lib/misc.h index de679b8e0..c45a0b1bf 100644 --- a/lib/misc.h +++ b/lib/misc.h @@ -38,8 +38,10 @@ void freeSplitString( /*@only@*/ char ** list) /*@modifies *s */ { char * t; +/*@-boundswrite@*/ for (t = s + strlen(s) - 1; *t == c && t >= s; t--) *t = '\0'; +/*@=boundswrite@*/ return s; } diff --git a/lib/package.c b/lib/package.c index 47a8cf42d..25bcaec05 100644 --- a/lib/package.c +++ b/lib/package.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup header * \file lib/package.c */ @@ -159,7 +160,9 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, int i; { struct stat st; +/*@-boundswrite@*/ memset(&st, 0, sizeof(st)); +/*@=boundswrite@*/ (void) fstat(Fileno(fd), &st); /* if fd points to a socket, pipe, etc, st.st_size is *always* zero */ if (S_ISREG(st.st_mode) && st.st_size < sizeof(*l)) @@ -378,7 +381,9 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, /** @todo Implement disable/enable/warn/error/anal policy. */ +/*@-boundswrite@*/ buf[0] = '\0'; +/*@=boundswrite@*/ switch (rpmVerifySignature(ts, buf)) { case RPMSIG_OK: /* Signature is OK. */ rpmMessage(RPMMESS_DEBUG, "%s: %s", fn, buf); @@ -406,7 +411,9 @@ exit: headerMergeLegacySigs(h, sig); /* Bump reference count for return. */ +/*@-boundswrite@*/ *hdrp = headerLink(h, "ReadPackageFile *hdrp"); +/*@=boundswrite@*/ } h = headerFree(h, "ReadPackageFile"); if (ts->sig != NULL) @@ -416,3 +423,4 @@ exit: sig = rpmFreeSignature(sig); return rc; } +/*@=boundsread@*/ diff --git a/lib/poptI.c b/lib/poptI.c index 69a1c8e94..c07eb9fc3 100644 --- a/lib/poptI.c +++ b/lib/poptI.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup rpmcli * \file lib/poptI.c * Popt tables for install modes. @@ -240,3 +241,4 @@ struct poptOption rpmInstallPoptTable[] = { POPT_TABLEEND }; /*@=bitwisesigned =compmempass @*/ +/*@=boundsread@*/ diff --git a/lib/poptQV.c b/lib/poptQV.c index e923ed9ea..e0cb20d74 100644 --- a/lib/poptQV.c +++ b/lib/poptQV.c @@ -1,3 +1,4 @@ +/*@-bounds@*/ /** \ingroup rpmcli * \file lib/poptQV.c * Popt tables for query/verify modes. @@ -312,3 +313,4 @@ struct poptOption rpmSignPoptTable[] = { POPT_TABLEEND }; +/*@=bounds@*/ diff --git a/lib/psm.c b/lib/psm.c index 4a07d5ee5..cfc46d763 100644 --- a/lib/psm.c +++ b/lib/psm.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup rpmts payload * \file lib/psm.c * Package state machine to handle a package from a transaction set. @@ -165,6 +166,7 @@ static int rpmInstallLoadMacros(rpmfi fi, Header h) * @param newH header to * @return 0 on success, 1 on failure */ +/*@-boundswrite@*/ static int mergeFiles(rpmfi fi, Header h, Header newH) /*@modifies h @*/ { @@ -342,6 +344,7 @@ static int mergeFiles(rpmfi fi, Header h, Header newH) } return 0; } +/*@=boundswrite@*/ /** * Mark files in database shared with this package as "replaced". @@ -1929,3 +1932,4 @@ fprintf(stderr, "*** PSM_RDB_LOAD: header #%u not found\n", fi->record); /*@=nullstate@*/ } /*@=nullpass@*/ +/*@=boundsread@*/ diff --git a/lib/query.c b/lib/query.c index aa25f23a8..9fb27f28e 100644 --- a/lib/query.c +++ b/lib/query.c @@ -51,7 +51,9 @@ static void printFileInfo(char * te, const char * name, if (now == 0) { now = time(NULL); tm = localtime(&now); +/*@-boundsread@*/ if (tm) nowtm = *tm; /* structure assignment */ +/*@=boundsread@*/ } if (owner) @@ -130,6 +132,7 @@ static inline /*@null@*/ const char * queryHeader(Header h, const char * qfmt) /** */ +/*@-boundsread@*/ static int countLinks(int_16 * fileRdevList, int_32 * fileInodeList, int nfiles, int xfile) /*@*/ @@ -154,7 +157,9 @@ static int countLinks(int_16 * fileRdevList, int_32 * fileInodeList, int nfiles, if (nlink == 0) nlink = 1; return nlink; } +/*@=boundsread@*/ +/*@-boundswrite@*/ int showQueryPackage(QVA_t qva, /*@unused@*/ rpmts ts, Header h) { HGE_t hge = (HGE_t)headerGetEntryMinMemory; @@ -406,6 +411,7 @@ exit: fileGroupList = hfd(fileGroupList, fgt); return rc; } +/*@=boundswrite@*/ /** */ @@ -437,10 +443,12 @@ printNewSpecfile(Spec spec) Package pkg; char *fe; +/*@-bounds@*/ strcpy(fmt, t->t_msgid); for (fe = fmt; *fe && *fe != '('; fe++) {} ; if (*fe == '(') *fe = '\0'; +/*@=bounds@*/ h = NULL; for (pkg = spec->packages; pkg != NULL; pkg = pkg->next) { const char *pkgname; @@ -457,7 +465,9 @@ printNewSpecfile(Spec spec) continue; fmt[0] = '\0'; +/*@-boundswrite@*/ (void) stpcpy( stpcpy( stpcpy( fmt, "%{"), tn), "}"); +/*@=boundswrite@*/ msgstr = _free(msgstr); /* XXX this should use queryHeader(), but prints out tn as well. */ @@ -467,6 +477,7 @@ printNewSpecfile(Spec spec) return; } +/*@-boundswrite@*/ switch(t->t_tag) { case RPMTAG_SUMMARY: case RPMTAG_GROUP: @@ -498,10 +509,12 @@ printNewSpecfile(Spec spec) sl->sl_lines[t->t_startx + 2] = xstrdup("\n\n"); /*@switchbreak@*/ break; } +/*@=boundswrite@*/ } /*@=branchstate@*/ msgstr = _free(msgstr); +/*@-boundsread@*/ for (i = 0; i < sl->sl_nlines; i++) { const char * s = sl->sl_lines[i]; if (s == NULL) @@ -510,6 +523,7 @@ printNewSpecfile(Spec spec) if (strchr(s, '\n') == NULL && s[strlen(s)-1] != '\n') printf("\n"); } +/*@=boundsread@*/ } void rpmDisplayQueryTags(FILE * fp) @@ -583,6 +597,7 @@ int (*parseSpecVec) (Spec *specp, const char *specFile, const char *rootdir, /*@null@*/ Spec (*freeSpecVec) (Spec spec) = NULL; /*@=redecl@*/ +/*@-bounds@*/ int rpmQueryVerify(QVA_t qva, rpmts ts, const char * arg) { const char ** av = NULL; @@ -970,6 +985,7 @@ restart: return res; } +/*@=bounds@*/ int rpmcliQuery(rpmts ts, QVA_t qva, const char ** argv) { diff --git a/lib/rpmal.c b/lib/rpmal.c index 09a9977eb..4822fc41c 100644 --- a/lib/rpmal.c +++ b/lib/rpmal.c @@ -326,8 +326,10 @@ fprintf(stderr, "*** del %p[%d]\n", al->list, pkgNum); /*@=assignexpose =dependenttrans =observertrans@*/ dieNeedle->dirNameLen = (dieNeedle->dirName != NULL ? strlen(dieNeedle->dirName) : 0); +/*@-boundswrite@*/ die = bsearch(dieNeedle, al->dirs, al->numDirs, sizeof(*dieNeedle), dieCompare); +/*@=boundswrite@*/ if (die == NULL) continue; @@ -339,7 +341,9 @@ fprintf(stderr, "*** del %p[%d]\n", al->list, pkgNum); die->numFiles--; if (i > die->numFiles) /*@innercontinue@*/ continue; +/*@-bounds@*/ memmove(fie, fie+1, (die->numFiles - i)); +/*@=bounds@*/ } if (die->numFiles > 0) { if (last > i) @@ -352,7 +356,9 @@ fprintf(stderr, "*** del %p[%d]\n", al->list, pkgNum); al->numDirs--; if ((die - al->dirs) > al->numDirs) continue; +/*@-bounds@*/ memmove(die, die+1, (al->numDirs - (die - al->dirs))); +/*@=bounds@*/ } if (origNumDirs > al->numDirs) { @@ -366,7 +372,9 @@ fprintf(stderr, "*** del %p[%d]\n", al->list, pkgNum); alp->provides = rpmdsFree(alp->provides); alp->fi = rpmfiFree(alp->fi, 1); +/*@-boundswrite@*/ memset(alp, 0, sizeof(*alp)); /* XXX trash and burn */ +/*@=boundswrite@*/ return; } diff --git a/lib/rpmal.h b/lib/rpmal.h index 7a222c86d..405cbcb35 100644 --- a/lib/rpmal.h +++ b/lib/rpmal.h @@ -120,6 +120,7 @@ fnpyKey * rpmalAllSatisfiesDepend(const rpmal al, const rpmds ds, * @retval keyp added package key pointer (or NULL) * @return associated package key, NULL if none */ +/*@null@*/ fnpyKey rpmalSatisfiesDepend(const rpmal al, const rpmds ds, /*@null@*/ alKey * keyp) /*@globals fileSystem @*/ diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index 5219b33ce..a7e9faa5a 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -30,6 +30,7 @@ static int _print_pkts = 0; /** */ +/*@-boundsread@*/ static int manageFile(FD_t *fdp, const char **fnp, int flags, /*@unused@*/ int rc) /*@globals rpmGlobalMacroContext, @@ -44,6 +45,7 @@ static int manageFile(FD_t *fdp, const char **fnp, int flags, return 1; } +/*@-boundswrite@*/ /* close and reset *fdp to NULL */ if (*fdp && (fnp == NULL || *fnp == NULL)) { (void) Fclose(*fdp); @@ -76,6 +78,7 @@ static int manageFile(FD_t *fdp, const char **fnp, int flags, fd = fdFree(fd, "manageFile return"); return 0; } +/*@=boundswrite@*/ /* no operation */ if (*fdp && fnp && *fnp) { @@ -85,10 +88,12 @@ static int manageFile(FD_t *fdp, const char **fnp, int flags, /* XXX never reached */ return 1; } +/*@=boundsread@*/ /** * Copy header+payload, calculating digest(s) on the fly. */ +/*@-boundsread@*/ static int copyFile(FD_t *sfdp, const char **sfnp, FD_t *tfdp, const char **tfnp) /*@globals rpmGlobalMacroContext, @@ -125,6 +130,7 @@ exit: if (*tfdp) (void) manageFile(tfdp, NULL, 0, rc); return rc; } +/*@=boundsread@*/ /** \ingroup rpmcli * Create/modify elements in signature header. @@ -156,15 +162,20 @@ static int rpmReSign(/*@unused@*/ rpmts ts, tmprpm[0] = '\0'; /*@-branchstate@*/ +/*@-boundsread@*/ if (argv) - while ((rpm = *argv++) != NULL) { + while ((rpm = *argv++) != NULL) +/*@=boundsread@*/ + { fprintf(stdout, "%s:\n", rpm); if (manageFile(&fd, &rpm, O_RDONLY, 0)) goto exit; +/*@-boundswrite@*/ memset(l, 0, sizeof(*l)); +/*@=boundswrite@*/ if (readLead(fd, l)) { rpmError(RPMERR_READLEAD, _("%s: readLead failed\n"), rpm); goto exit; @@ -264,8 +275,10 @@ static int rpmReSign(/*@unused@*/ rpmts ts, goto exit; /* Write the lead/signature of the output rpm */ +/*@-boundswrite@*/ strcpy(tmprpm, rpm); strcat(tmprpm, ".XXXXXX"); +/*@=boundswrite@*/ (void) mktemp(tmprpm); trpm = tmprpm; @@ -352,7 +365,10 @@ static int rpmImportPubkey(const rpmts ts, if (argv == NULL) return res; /*@-branchstate@*/ - while ((fn = *argv++) != NULL) { +/*@-boundsread@*/ + while ((fn = *argv++) != NULL) +/*@=boundsread@*/ + { const char * d = NULL; const char * enc = NULL; const char * n = NULL; @@ -380,6 +396,7 @@ static int rpmImportPubkey(const rpmts ts, (void) pgpPrtPkts(pkt, pktlen, dig, 0); digp = &dig->pubkey; +/*@-boundswrite@*/ v = t = xmalloc(16+1); t = stpcpy(t, pgpHexStr(digp->signid, sizeof(digp->signid))); @@ -397,6 +414,7 @@ static int rpmImportPubkey(const rpmts ts, evr = t = xmalloc(sizeof("4X:-")+strlen(v)+strlen(r)); t = stpcpy(t, (digp->version == 4 ? "4:" : "3:")); t = stpcpy( stpcpy( stpcpy(t, v), "-"), r); +/*@=boundswrite@*/ /* Check for pre-existing header. */ @@ -572,7 +590,9 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, int nosignatures = !(qva->qva_flags & VERIFY_SIGNATURE); { +/*@-boundswrite@*/ memset(l, 0, sizeof(*l)); +/*@=boundswrite@*/ if (readLead(fd, l)) { rpmError(RPMERR_READLEAD, _("%s: readLead failed\n"), fn); res++; @@ -696,6 +716,8 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, } res3 = rpmVerifySignature(ts, result); + +/*@-bounds@*/ if (res3) { if (rpmIsVerbose()) { b = stpcpy(b, " "); @@ -815,6 +837,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, } } } +/*@=bounds@*/ } hi = headerFreeIterator(hi); diff --git a/lib/rpmcli.h b/lib/rpmcli.h index 73a20c5d6..ec57113ec 100644 --- a/lib/rpmcli.h +++ b/lib/rpmcli.h @@ -12,8 +12,10 @@ /** \ingroup rpmcli * Should version 3 packages be produced? */ +/*@-redecl@*/ /*@unchecked@*/ extern int _noDirTokens; +/*@=redecl@*/ #ifdef __cplusplus extern "C" { diff --git a/lib/rpmds.c b/lib/rpmds.c index 479e95b96..5a90a554c 100644 --- a/lib/rpmds.c +++ b/lib/rpmds.c @@ -11,8 +11,6 @@ #include "debug.h" -/*@access rpmds @*/ - /** * Enable noisy range comparison debugging message? */ @@ -99,7 +97,9 @@ fprintf(stderr, "*** ds %p\t%s[%d]\n", ds, ds->Type, ds->Count); (void) rpmdsUnlink(ds, ds->Type); /*@-refcounttrans -usereleased@*/ +/*@-boundswrite@*/ memset(ds, 0, sizeof(*ds)); /* XXX trash and burn */ +/*@=boundswrite@*/ ds = _free(ds); /*@=refcounttrans =usereleased@*/ return NULL; @@ -161,9 +161,11 @@ rpmds rpmdsNew(Header h, rpmTag tagN, int scareMem) xx = hge(h, tagEVR, &ds->EVRt, (void **) &ds->EVR, NULL); xx = hge(h, tagF, &ds->Ft, (void **) &ds->Flags, NULL); +/*@-boundsread@*/ if (!scareMem && ds->Flags != NULL) ds->Flags = memcpy(xmalloc(ds->Count * sizeof(*ds->Flags)), ds->Flags, ds->Count * sizeof(*ds->Flags)); +/*@=boundsread@*/ /*@-modfilesystem@*/ if (_rpmds_debug < 0) @@ -186,6 +188,7 @@ char * rpmdsNewDNEVR(const char * dspfx, const rpmds ds) nb = 0; if (dspfx) nb += strlen(dspfx) + 1; +/*@-boundsread@*/ if (ds->N[ds->i]) nb += strlen(ds->N[ds->i]); if (ds->Flags[ds->i] & RPMSENSE_SENSEMASK) { if (nb) nb++; @@ -197,7 +200,9 @@ char * rpmdsNewDNEVR(const char * dspfx, const rpmds ds) if (nb) nb++; nb += strlen(ds->EVR[ds->i]); } +/*@=boundsread@*/ +/*@-boundswrite@*/ t = tbuf = xmalloc(nb + 1); if (dspfx) { t = stpcpy(t, dspfx); @@ -216,6 +221,7 @@ char * rpmdsNewDNEVR(const char * dspfx, const rpmds ds) t = stpcpy(t, ds->EVR[ds->i]); } *t = '\0'; +/*@=boundswrite@*/ return tbuf; } @@ -252,6 +258,7 @@ rpmds rpmdsThis(Header h, rpmTag tagN, int_32 Flags) xx = hge(h, RPMTAG_EPOCH, NULL, (void **)&ep, NULL); t = xmalloc(sizeof(*N) + strlen(n) + 1); +/*@-boundswrite@*/ N = (const char **) t; t += sizeof(*N); N[0] = t; @@ -267,6 +274,7 @@ rpmds rpmdsThis(Header h, rpmTag tagN, int_32 Flags) t += strlen(t); } t = stpcpy( stpcpy( stpcpy( t, v), "-"), r); +/*@=boundswrite@*/ ds = xcalloc(1, sizeof(*ds)); ds->h = NULL; @@ -277,10 +285,14 @@ rpmds rpmdsThis(Header h, rpmTag tagN, int_32 Flags) ds->Nt = -1; /* XXX to insure that hfd will free */ ds->EVR = EVR; ds->EVRt = -1; /* XXX to insure that hfd will free */ +/*@-boundswrite@*/ ds->Flags = xmalloc(sizeof(*ds->Flags)); ds->Flags[0] = Flags; +/*@=boundswrite@*/ ds->i = 0; { char pre[2]; +/*@-boundsread@*/ pre[0] = ds->Type[0]; +/*@=boundsread@*/ pre[1] = '\0'; /*@-nullstate@*/ /* LCL: ds->Type may be NULL ??? */ ds->DNEVR = rpmdsNewDNEVR(pre, ds); @@ -319,15 +331,19 @@ rpmds rpmdsSingle(rpmTag tagN, const char * N, const char * EVR, int_32 Flags) ds->tagN = tagN; ds->Count = 1; /*@-assignexpose@*/ +/*@-boundswrite@*/ ds->N = xmalloc(sizeof(*ds->N)); ds->N[0] = N; ds->Nt = -1; /* XXX to insure that hfd will free */ ds->EVR = xmalloc(sizeof(*ds->EVR)); ds->EVR[0] = EVR; ds->EVRt = -1; /* XXX to insure that hfd will free */ /*@=assignexpose@*/ ds->Flags = xmalloc(sizeof(*ds->Flags)); ds->Flags[0] = Flags; +/*@=boundswrite@*/ ds->i = 0; { char t[2]; +/*@-boundsread@*/ t[0] = ds->Type[0]; +/*@=boundsread@*/ t[1] = '\0'; ds->DNEVR = rpmdsNewDNEVR(t, ds); } @@ -362,8 +378,10 @@ const char * rpmdsDNEVR(const rpmds ds) const char * DNEVR = NULL; if (ds != NULL && ds->i >= 0 && ds->i < ds->Count) { +/*@-boundsread@*/ if (ds->DNEVR != NULL) DNEVR = ds->DNEVR; +/*@=boundsread@*/ } return DNEVR; } @@ -373,8 +391,10 @@ const char * rpmdsN(const rpmds ds) const char * N = NULL; if (ds != NULL && ds->i >= 0 && ds->i < ds->Count) { +/*@-boundsread@*/ if (ds->N != NULL) N = ds->N[ds->i]; +/*@=boundsread@*/ } return N; } @@ -384,8 +404,10 @@ const char * rpmdsEVR(const rpmds ds) const char * EVR = NULL; if (ds != NULL && ds->i >= 0 && ds->i < ds->Count) { +/*@-boundsread@*/ if (ds->EVR != NULL) EVR = ds->EVR[ds->i]; +/*@=boundsread@*/ } return EVR; } @@ -395,8 +417,10 @@ int_32 rpmdsFlags(const rpmds ds) int_32 Flags = 0; if (ds != NULL && ds->i >= 0 && ds->i < ds->Count) { +/*@-boundsread@*/ if (ds->Flags != NULL) Flags = ds->Flags[ds->i]; +/*@=boundsread@*/ } return Flags; } @@ -483,6 +507,7 @@ void parseEVR(char * evr, char *s, *se; s = evr; +/*@-boundsread@*/ while (*s && xisdigit(*s)) s++; /* s points to epoch terminator */ se = strrchr(s, '-'); /* se points to version terminator */ @@ -497,16 +522,21 @@ void parseEVR(char * evr, epoch = NULL; /* XXX disable epoch compare if missing */ version = evr; } +/*@=boundsread@*/ if (se) { +/*@-boundswrite@*/ *se++ = '\0'; +/*@=boundswrite@*/ release = se; } else { release = NULL; } +/*@-boundswrite@*/ if (ep) *ep = epoch; if (vp) *vp = version; if (rp) *rp = release; +/*@=boundswrite@*/ } int rpmdsCompare(const rpmds A, const rpmds B) @@ -518,6 +548,7 @@ int rpmdsCompare(const rpmds A, const rpmds B) int result; int sense; +/*@-boundsread@*/ /* Different names don't overlap. */ if (strcmp(A->N[A->i], B->N[B->i])) { result = 0; @@ -560,6 +591,7 @@ int rpmdsCompare(const rpmds A, const rpmds B) sense = rpmvercmp(aR, bR); } } +/*@=boundsread@*/ aEVR = _free(aEVR); bEVR = _free(bEVR); @@ -617,8 +649,10 @@ int rangeMatchesDepFlags (Header h, const rpmds req) rpmds provides = NULL; int result = 0; +/*@-boundsread@*/ if (!(req->Flags[req->i] & RPMSENSE_SENSEMASK) || !req->EVR[req->i] || *req->EVR[req->i] == '\0') return 1; +/*@=boundsread@*/ /* Get provides information from header */ provides = rpmdsInit(rpmdsNew(h, RPMTAG_PROVIDENAME, scareMem)); @@ -640,8 +674,10 @@ int rangeMatchesDepFlags (Header h, const rpmds req) while (rpmdsNext(provides) >= 0) { /* Filter out provides that came along for the ride. */ +/*@-boundsread@*/ if (strcmp(provides->N[provides->i], req->N[req->i])) continue; +/*@=boundsread@*/ result = rpmdsCompare(provides, req); @@ -667,12 +703,15 @@ int headerMatchesDepFlags(const Header h, const rpmds req) rpmds pkg; int rc = 1; /* XXX assume match, names already match here */ +/*@-boundsread@*/ if (!((req->Flags[req->i] & RPMSENSE_SENSEMASK) && req->EVR[req->i] && *req->EVR[req->i])) return rc; +/*@=boundsread@*/ /* Get package information from header */ (void) headerNVR(h, &pkgN, &v, &r); +/*@-boundswrite@*/ t = alloca(21 + strlen(v) + 1 + strlen(r) + 1); pkgEVR = t; *t = '\0'; @@ -682,6 +721,7 @@ int headerMatchesDepFlags(const Header h, const rpmds req) t++; } (void) stpcpy( stpcpy( stpcpy(t, v) , "-") , r); +/*@=boundswrite@*/ if ((pkg = rpmdsSingle(RPMTAG_PROVIDENAME, pkgN, pkgEVR, pkgFlags)) != NULL) { rc = rpmdsCompare(pkg, req); diff --git a/lib/rpmfi.c b/lib/rpmfi.c index 7118696e5..ec81dc480 100644 --- a/lib/rpmfi.c +++ b/lib/rpmfi.c @@ -24,7 +24,6 @@ #include "debug.h" -/*@access rpmfi @*/ /*@access rpmte @*/ /*@unchecked@*/ @@ -80,7 +79,9 @@ int rpmfiSetFX(rpmfi fi, int fx) if (fi != NULL && fx >= 0 && fx < fi->fc) { i = fi->i; fi->i = fx; +/*@-boundsread@*/ fi->j = fi->dil[fi->i]; +/*@=boundsread@*/ } return i; } @@ -106,8 +107,10 @@ const char * rpmfiBN(rpmfi fi) const char * BN = NULL; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->bnl != NULL) BN = fi->bnl[fi->i]; +/*@=boundsread@*/ } return BN; } @@ -117,8 +120,10 @@ const char * rpmfiDN(rpmfi fi) const char * DN = NULL; if (fi != NULL && fi->j >= 0 && fi->j < fi->dc) { +/*@-boundsread@*/ if (fi->dnl != NULL) DN = fi->dnl[fi->j]; +/*@=boundsread@*/ } return DN; } @@ -133,9 +138,11 @@ const char * rpmfiFN(rpmfi fi) if (fi->fn == NULL) fi->fn = xmalloc(fi->fnlen); FN = t = fi->fn; +/*@-boundswrite@*/ *t = '\0'; t = stpcpy(t, fi->dnl[fi->dil[fi->i]]); t = stpcpy(t, fi->bnl[fi->i]); +/*@=boundswrite@*/ } /*@=branchstate@*/ return FN; @@ -146,8 +153,10 @@ int_32 rpmfiFFlags(rpmfi fi) int_32 FFlags = 0; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->fflags != NULL) FFlags = fi->fflags[fi->i]; +/*@=boundsread@*/ } return FFlags; } @@ -157,8 +166,10 @@ int_32 rpmfiVFlags(rpmfi fi) int_32 VFlags = 0; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->vflags != NULL) VFlags = fi->vflags[fi->i]; +/*@=boundsread@*/ } return VFlags; } @@ -168,8 +179,10 @@ int_16 rpmfiFMode(rpmfi fi) int_16 fmode = 0; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->fmodes != NULL) fmode = fi->fmodes[fi->i]; +/*@=boundsread@*/ } return fmode; } @@ -179,8 +192,10 @@ rpmfileState rpmfiFState(rpmfi fi) char fstate = 0; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->fstates != NULL) fstate = fi->fstates[fi->i]; +/*@=boundsread@*/ } return fstate; } @@ -190,8 +205,10 @@ const unsigned char * rpmfiMD5(rpmfi fi) unsigned char * md5 = NULL; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->md5s != NULL) md5 = fi->md5s + (16 * fi->i); +/*@=boundsread@*/ } return md5; } @@ -201,8 +218,10 @@ const char * rpmfiFLink(rpmfi fi) const char * flink = NULL; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->flinks != NULL) flink = fi->flinks[fi->i]; +/*@=boundsread@*/ } return flink; } @@ -212,8 +231,10 @@ int_32 rpmfiFSize(rpmfi fi) int_32 fsize = 0; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->fsizes != NULL) fsize = fi->fsizes[fi->i]; +/*@=boundsread@*/ } return fsize; } @@ -223,8 +244,10 @@ int_16 rpmfiFRdev(rpmfi fi) int_16 frdev = 0; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->frdevs != NULL) frdev = fi->frdevs[fi->i]; +/*@=boundsread@*/ } return frdev; } @@ -234,8 +257,10 @@ int_32 rpmfiFMtime(rpmfi fi) int_32 fmtime = 0; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->fmtimes != NULL) fmtime = fi->fmtimes[fi->i]; +/*@=boundsread@*/ } return fmtime; } @@ -245,8 +270,10 @@ const char * rpmfiFUser(rpmfi fi) const char * fuser = NULL; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->fuser != NULL) fuser = fi->fuser[fi->i]; +/*@=boundsread@*/ } return fuser; } @@ -256,8 +283,10 @@ const char * rpmfiFGroup(rpmfi fi) const char * fgroup = NULL; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { +/*@-boundsread@*/ if (fi->fgroup != NULL) fgroup = fi->fgroup[fi->i]; +/*@=boundsread@*/ } return fgroup; } @@ -269,8 +298,10 @@ int rpmfiNext(rpmfi fi) if (fi != NULL && ++fi->i >= 0) { if (fi->i < fi->fc) { i = fi->i; +/*@-boundsread@*/ if (fi->dil != NULL) fi->j = fi->dil[fi->i]; +/*@=boundsread@*/ } else fi->i = -1; @@ -364,7 +395,9 @@ fileTypes whatis(uint_16 mode) if (S_ISCHR(mode)) return CDEV; if (S_ISBLK(mode)) return BDEV; if (S_ISLNK(mode)) return LINK; +/*@-unrecog@*/ if (S_ISSOCK(mode)) return SOCK; +/*@=unrecog@*/ if (S_ISFIFO(mode)) return PIPE; return REG; } diff --git a/lib/rpminstall.c b/lib/rpminstall.c index d136da500..43622d7df 100644 --- a/lib/rpminstall.c +++ b/lib/rpminstall.c @@ -102,8 +102,10 @@ void * rpmShowProgress(/*@null@*/ const void * arg, switch (what) { case RPMCALLBACK_INST_OPEN_FILE: +/*@-boundsread@*/ if (filename == NULL || filename[0] == '\0') return NULL; +/*@=boundsread@*/ fd = Fopen(filename, "r.ufdio"); /*@-type@*/ /* FIX: still necessary? */ if (fd) diff --git a/lib/rpmlead.c b/lib/rpmlead.c index 032ffb484..23560ec16 100644 --- a/lib/rpmlead.c +++ b/lib/rpmlead.c @@ -21,7 +21,9 @@ int writeLead(FD_t fd, const struct rpmlead *lead) { struct rpmlead l; +/*@-boundswrite@*/ memcpy(&l, lead, sizeof(*lead)); +/*@=boundswrite@*/ l.magic[0] = RPMLEAD_MAGIC0; l.magic[1] = RPMLEAD_MAGIC1; @@ -41,7 +43,9 @@ int writeLead(FD_t fd, const struct rpmlead *lead) int readLead(FD_t fd, struct rpmlead *lead) { +/*@-boundswrite@*/ memset(lead, 0, sizeof(*lead)); +/*@=boundswrite@*/ /*@-type@*/ /* FIX: remove timed read */ if (timedRead(fd, (char *)lead, sizeof(*lead)) != sizeof(*lead)) { rpmError(RPMERR_READ, _("read failed: %s (%d)\n"), Fstrerror(fd), diff --git a/lib/rpmlead.h b/lib/rpmlead.h index a50566fb1..543d89d3b 100644 --- a/lib/rpmlead.h +++ b/lib/rpmlead.h @@ -5,9 +5,6 @@ * \file lib/rpmlead.h * Routines to read and write an rpm lead structure for a a package. */ - -#include - #ifdef __cplusplus extern "C" { #endif diff --git a/lib/rpmlibprov.c b/lib/rpmlibprov.c index 0b26b9f06..fc6e14c2f 100644 --- a/lib/rpmlibprov.c +++ b/lib/rpmlibprov.c @@ -92,13 +92,16 @@ int rpmGetRpmlibProvides(const char *** provNames, int ** provFlags, int * flags; int n = 0; +/*@-boundswrite@*/ while (rpmlibProvides[n].featureName != NULL) n++; +/*@=boundswrite@*/ names = xcalloc((n+1), sizeof(*names)); versions = xcalloc((n+1), sizeof(*versions)); flags = xcalloc((n+1), sizeof(*flags)); +/*@-boundswrite@*/ for (n = 0; rpmlibProvides[n].featureName != NULL; n++) { names[n] = rpmlibProvides[n].featureName; flags[n] = rpmlibProvides[n].featureFlags; @@ -125,6 +128,7 @@ int rpmGetRpmlibProvides(const char *** provNames, int ** provFlags, else versions = _free(versions); /*@=branchstate@*/ +/*@=boundswrite@*/ /*@-compmempass@*/ /* FIX: rpmlibProvides[] reachable */ return n; diff --git a/lib/rpmps.c b/lib/rpmps.c index c72ea0941..51a84dd17 100644 --- a/lib/rpmps.c +++ b/lib/rpmps.c @@ -13,7 +13,6 @@ /*@access fnpyKey @*/ /*@access rpmProblem @*/ -/*@access rpmps @*/ /*@unchecked@*/ static int _ps_debug = 0; @@ -100,7 +99,9 @@ void rpmpsAppend(rpmps ps, rpmProblemType type, p = ps->probs + ps->numProblems; ps->numProblems++; +/*@-boundswrite@*/ memset(p, 0, sizeof(*p)); +/*@=boundswrite@*/ p->type = type; p->key = key; @@ -112,11 +113,13 @@ void rpmpsAppend(rpmps ps, rpmProblemType type, p->str1 = NULL; if (dn != NULL || bn != NULL) { +/*@-boundswrite@*/ t = xcalloc(1, (dn != NULL ? strlen(dn) : 0) + (bn != NULL ? strlen(bn) : 0) + 1); p->str1 = t; if (dn != NULL) t = stpcpy(t, dn); if (bn != NULL) t = stpcpy(t, bn); +/*@=boundswrite@*/ } } diff --git a/lib/rpmrc.c b/lib/rpmrc.c index c7a9b1d9a..7ee19af09 100644 --- a/lib/rpmrc.c +++ b/lib/rpmrc.c @@ -1,3 +1,4 @@ +/*@-bounds@*/ /*@-mods@*/ #include "system.h" @@ -1880,3 +1881,4 @@ int rpmShowRC(FILE * fp) return 0; } /*@=mods@*/ +/*@=bounds@*/ diff --git a/lib/rpmte.c b/lib/rpmte.c index 9c872d034..56402c017 100644 --- a/lib/rpmte.c +++ b/lib/rpmte.c @@ -22,7 +22,6 @@ int _rpmte_debug = 0; /*@access alKey @*/ -/*@access rpmte @*/ /*@access rpmtsi @*/ /*@access rpmts @*/ @@ -67,7 +66,9 @@ static void delTE(rpmte p) p->h = headerFree(p->h, "delTE"); +/*@-boundswrite@*/ memset(p, 0, sizeof(*p)); /* XXX trash and burn */ +/*@=boundswrite@*/ /*@-nullstate@*/ /* FIX: p->{NEVR,name} annotations */ return; /*@=nullstate@*/ diff --git a/lib/rpmts.c b/lib/rpmts.c index 14308929b..fb4309864 100644 --- a/lib/rpmts.c +++ b/lib/rpmts.c @@ -70,6 +70,7 @@ char * hGetNEVR(Header h, const char ** np) (void) headerNVR(h, &n, &v, &r); NVR = t = xcalloc(1, strlen(n) + strlen(v) + strlen(r) + sizeof("--")); +/*@-boundswrite@*/ t = stpcpy(t, n); t = stpcpy(t, "-"); t = stpcpy(t, v); @@ -77,6 +78,7 @@ char * hGetNEVR(Header h, const char ** np) t = stpcpy(t, r); if (np) *np = n; +/*@=boundswrite@*/ return NVR; } @@ -185,10 +187,13 @@ static int rpmtsOpenSDB(rpmts ts) * @param b 2nd instance address * @return result of comparison */ -static int sugcmp(const void * a, const void * b) /*@*/ +static int sugcmp(const void * a, const void * b) + /*@*/ { +/*@-boundsread@*/ const char * astr = *(const char **)a; const char * bstr = *(const char **)b; +/*@=boundsread@*/ return strcmp(astr, bstr); } diff --git a/lib/rpmts.h b/lib/rpmts.h index ac7fa7e55..2467dc938 100644 --- a/lib/rpmts.h +++ b/lib/rpmts.h @@ -596,7 +596,7 @@ int rpmtsGetKeys(rpmts ts, * @retval np name tag value * @return name-version-release string */ -/*@only@*/ char * hGetNEVR(Header h, /*@out@*/ const char ** np ) +/*@only@*/ char * hGetNEVR(Header h, /*@null@*/ /*@out@*/ const char ** np ) /*@modifies *np @*/; #ifdef __cplusplus diff --git a/lib/rpmvercmp.c b/lib/rpmvercmp.c index 27969d47e..5e6a1f985 100644 --- a/lib/rpmvercmp.c +++ b/lib/rpmvercmp.c @@ -34,6 +34,7 @@ int rpmvercmp(const char * a, const char * b) /* loop through each version segment of str1 and str2 and compare them */ /*@-branchstate@*/ +/*@-boundsread@*/ while (*one && *two) { while (*one && !xisalnum(*one)) one++; while (*two && !xisalnum(*two)) two++; @@ -56,10 +57,12 @@ int rpmvercmp(const char * a, const char * b) /* save character at the end of the alpha or numeric segment */ /* so that they can be restored after the comparison */ +/*@-boundswrite@*/ oldch1 = *str1; *str1 = '\0'; oldch2 = *str2; *str2 = '\0'; +/*@=boundswrite@*/ /* take care of the case where the two version segments are */ /* different types: one numeric, the other alpha (i.e. empty) */ @@ -88,18 +91,23 @@ int rpmvercmp(const char * a, const char * b) if (rc) return rc; /* restore character that was replaced by null above */ +/*@-boundswrite@*/ *str1 = oldch1; one = str1; *str2 = oldch2; two = str2; +/*@=boundswrite@*/ } /*@=branchstate@*/ +/*@=boundsread@*/ /* this catches the case where all numeric and alpha segments have */ /* compared identically but the segment sepparating characters were */ /* different */ +/*@-boundsread@*/ if ((!*one) && (!*two)) return 0; /* whichever version still has characters left over wins */ if (!*one) return -1; else return 1; +/*@=boundsread@*/ } diff --git a/lib/signature.c b/lib/signature.c index b144ab874..826595c19 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -45,6 +45,7 @@ int rpmLookupSignatureType(int action) case RPMLOOKUPSIG_QUERY: if (disabled) break; /* Disabled */ +/*@-boundsread@*/ { const char *name = rpmExpand("%{?_signature}", NULL); if (!(name && *name != '\0')) rc = 0; @@ -60,6 +61,7 @@ int rpmLookupSignatureType(int action) rc = -1; /* Invalid %_signature spec in macro file */ name = _free(name); } break; +/*@=boundsread@*/ } return rc; } @@ -80,13 +82,17 @@ const char * rpmDetectPGPVersion(pgpVersion * pgpVer) char *pgpvbin; struct stat st; +/*@-boundsread@*/ if (!(pgpbin && pgpbin[0] != '\0')) { pgpbin = _free(pgpbin); saved_pgp_version = -1; return NULL; } +/*@=boundsread@*/ +/*@-boundswrite@*/ pgpvbin = (char *)alloca(strlen(pgpbin) + sizeof("v")); (void)stpcpy(stpcpy(pgpvbin, pgpbin), "v"); +/*@=boundswrite@*/ if (stat(pgpvbin, &st) == 0) saved_pgp_version = PGP_5; @@ -96,8 +102,10 @@ const char * rpmDetectPGPVersion(pgpVersion * pgpVer) saved_pgp_version = PGP_NOTDETECTED; } +/*@-boundswrite@*/ if (pgpVer && pgpbin) *pgpVer = saved_pgp_version; +/*@=boundswrite@*/ return pgpbin; } @@ -160,8 +168,10 @@ rpmRC rpmReadSignature(FD_t fd, Header * headerp, sigType sig_type) Header h = NULL; rpmRC rc = RPMRC_FAIL; /* assume failure */ +/*@-boundswrite@*/ if (headerp) *headerp = NULL; +/*@=boundswrite@*/ buf[0] = 0; switch (sig_type) { @@ -198,7 +208,9 @@ rpmRC rpmReadSignature(FD_t fd, Header * headerp, sigType sig_type) if (! headerGetEntry(h, RPMSIGTAG_SIZE, &type, (void **)&archSize, &count)) break; +/*@-boundsread@*/ rc = checkSize(fd, sigSize, pad, *archSize); +/*@=boundsread@*/ } if (pad && timedRead(fd, buf, pad) != pad) rc = RPMRC_SHORTREAD; @@ -207,8 +219,10 @@ rpmRC rpmReadSignature(FD_t fd, Header * headerp, sigType sig_type) break; } +/*@-boundswrite@*/ if (headerp && rc == RPMRC_OK) *headerp = headerLink(h, NULL); +/*@=boundswrite@*/ h = headerFree(h, NULL); @@ -267,7 +281,9 @@ static int makePGPSignature(const char * file, /*@out@*/ byte ** pkt, char *const *av; int rc; +/*@-boundswrite@*/ (void) stpcpy( stpcpy(sigfile, file), ".sig"); +/*@=boundswrite@*/ addMacro(NULL, "__plaintext_filename", NULL, file, -1); addMacro(NULL, "__signature_filename", NULL, sigfile, -1); @@ -285,8 +301,10 @@ static int makePGPSignature(const char * file, /*@out@*/ byte ** pkt, (void) close(inpipe[1]); (void) dosetenv("PGPPASSFD", "3", 1); +/*@-boundsread@*/ if (pgp_path && *pgp_path != '\0') (void) dosetenv("PGPPATH", pgp_path, 1); +/*@=boundsread@*/ /* dosetenv("PGPPASS", passPhrase, 1); */ @@ -295,14 +313,18 @@ static int makePGPSignature(const char * file, /*@out@*/ byte ** pkt, case PGP_2: cmd = rpmExpand("%{?__pgp_sign_cmd}", NULL); rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +/*@-boundsread@*/ if (!rc) rc = execve(av[0], av+1, environ); +/*@=boundsread@*/ break; case PGP_5: cmd = rpmExpand("%{?__pgp5_sign_cmd}", NULL); rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +/*@-boundsread@*/ if (!rc) rc = execve(av[0], av+1, environ); +/*@=boundsread@*/ break; case PGP_UNKNOWN: case PGP_NOTDETECTED: @@ -337,10 +359,13 @@ static int makePGPSignature(const char * file, /*@out@*/ byte ** pkt, return 1; } +/*@-boundswrite@*/ *pktlen = st.st_size; rpmMessage(RPMMESS_DEBUG, _("PGP sig size: %d\n"), *pktlen); *pkt = xmalloc(*pktlen); +/*@=boundswrite@*/ +/*@-boundsread@*/ { FD_t fd; rc = 0; @@ -351,13 +376,16 @@ static int makePGPSignature(const char * file, /*@out@*/ byte ** pkt, (void) Fclose(fd); } if (rc != *pktlen) { +/*@-boundswrite@*/ *pkt = _free(*pkt); +/*@=boundswrite@*/ rpmError(RPMERR_SIGGEN, _("unable to read the signature\n")); return 1; } } rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of PGP sig\n"), *pktlen); +/*@=boundsread@*/ return 0; } @@ -384,7 +412,9 @@ static int makeGPGSignature(const char * file, /*@out@*/ byte ** pkt, char *const *av; int rc; +/*@-boundswrite@*/ (void) stpcpy( stpcpy(sigfile, file), ".sig"); +/*@=boundswrite@*/ addMacro(NULL, "__plaintext_filename", NULL, file, -1); addMacro(NULL, "__signature_filename", NULL, sigfile, -1); @@ -399,13 +429,17 @@ static int makeGPGSignature(const char * file, /*@out@*/ byte ** pkt, (void) dup2(inpipe[0], 3); (void) close(inpipe[1]); +/*@-boundsread@*/ if (gpg_path && *gpg_path != '\0') (void) dosetenv("GNUPGHOME", gpg_path, 1); +/*@=boundsread@*/ cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL); rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +/*@-boundsread@*/ if (!rc) rc = execve(av[0], av+1, environ); +/*@=boundsread@*/ rpmError(RPMERR_EXEC, _("Could not exec %s: %s\n"), "gpg", strerror(errno)); @@ -435,10 +469,13 @@ static int makeGPGSignature(const char * file, /*@out@*/ byte ** pkt, return 1; } +/*@-boundswrite@*/ *pktlen = st.st_size; rpmMessage(RPMMESS_DEBUG, _("GPG sig size: %d\n"), *pktlen); *pkt = xmalloc(*pktlen); +/*@=boundswrite@*/ +/*@-boundsread@*/ { FD_t fd; rc = 0; @@ -449,13 +486,16 @@ static int makeGPGSignature(const char * file, /*@out@*/ byte ** pkt, (void) Fclose(fd); } if (rc != *pktlen) { +/*@-boundswrite@*/ *pkt = _free(*pkt); +/*@=boundswrite@*/ rpmError(RPMERR_SIGGEN, _("unable to read the signature\n")); return 1; } } rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of GPG sig\n"), *pktlen); +/*@=boundsread@*/ return 0; } @@ -666,13 +706,17 @@ static int checkPassPhrase(const char * passPhrase, const int sigTag) case RPMSIGTAG_GPG: { const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL); +/*@-boundsread@*/ if (gpg_path && *gpg_path != '\0') (void) dosetenv("GNUPGHOME", gpg_path, 1); +/*@=boundsread@*/ cmd = rpmExpand("%{?__gpg_check_password_cmd}", NULL); rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +/*@-boundsread@*/ if (!rc) rc = execve(av[0], av+1, environ); +/*@=boundsread@*/ rpmError(RPMERR_EXEC, _("Could not exec %s: %s\n"), "gpg", strerror(errno)); @@ -685,22 +729,28 @@ static int checkPassPhrase(const char * passPhrase, const int sigTag) pgpVersion pgpVer; (void) dosetenv("PGPPASSFD", "3", 1); +/*@-boundsread@*/ if (pgp_path && *pgp_path != '\0') xx = dosetenv("PGPPATH", pgp_path, 1); +/*@=boundsread@*/ if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) { switch(pgpVer) { case PGP_2: cmd = rpmExpand("%{?__pgp_check_password_cmd}", NULL); rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +/*@-boundsread@*/ if (!rc) rc = execve(av[0], av+1, environ); +/*@=boundsread@*/ /*@innerbreak@*/ break; case PGP_5: /* XXX legacy */ cmd = rpmExpand("%{?__pgp5_check_password_cmd}", NULL); rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +/*@-boundsread@*/ if (!rc) rc = execve(av[0], av+1, environ); +/*@=boundsread@*/ /*@innerbreak@*/ break; case PGP_UNKNOWN: case PGP_NOTDETECTED: @@ -736,10 +786,12 @@ char * rpmGetPassPhrase(const char * prompt, const int sigTag) switch (sigTag) { case RPMSIGTAG_DSA: case RPMSIGTAG_GPG: +/*@-boundsread@*/ { const char *name = rpmExpand("%{?_gpg_name}", NULL); aok = (name && *name != '\0'); name = _free(name); } +/*@=boundsread@*/ if (!aok) { rpmError(RPMERR_SIGGEN, _("You must set \"%%_gpg_name\" in your macro file\n")); @@ -749,10 +801,12 @@ char * rpmGetPassPhrase(const char * prompt, const int sigTag) case RPMSIGTAG_RSA: case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: +/*@-boundsread@*/ { const char *name = rpmExpand("%{?_pgp_name}", NULL); aok = (name && *name != '\0'); name = _free(name); } +/*@=boundsread@*/ if (!aok) { rpmError(RPMERR_SIGGEN, _("You must set \"%%_pgp_name\" in your macro file\n")); @@ -791,6 +845,7 @@ static /*@observer@*/ const char * rpmSigString(rpmVerifySignatureReturn res) return str; } +/*@-boundswrite@*/ static rpmVerifySignatureReturn verifySizeSignature(const rpmts ts, /*@out@*/ char * t) /*@modifies *t @*/ @@ -824,7 +879,9 @@ exit: t = stpcpy(t, "\n"); return res; } +/*@=boundswrite@*/ +/*@-boundswrite@*/ static rpmVerifySignatureReturn verifyMD5Signature(const rpmts ts, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX md5ctx) @@ -867,7 +924,9 @@ exit: t = stpcpy(t, "\n"); return res; } +/*@=boundswrite@*/ +/*@-boundswrite@*/ /** * Verify header immutable region SHA1 digest. * @param ts transaction set @@ -915,6 +974,7 @@ exit: t = stpcpy(t, "\n"); return res; } +/*@=boundswrite@*/ /** * Retrieve pubkey from rpm database. @@ -959,9 +1019,11 @@ rpmtsFindPubkey(rpmts ts) if (!headerGetEntry(h, RPMTAG_PUBKEYS, &pt, (void **)&pubkeys, &pc)) continue; ix = rpmdbGetIteratorFileNum(mi); +/*@-boundsread@*/ if (ix >= pc || b64decode(pubkeys[ix], (void **) &ts->pkpkt, &ts->pkpktlen)) ix = -1; +/*@=boundsread@*/ pubkeys = headerFreeData(pubkeys, pt); break; } @@ -993,7 +1055,9 @@ rpmtsFindPubkey(rpmts ts) /* XXX Verify the pubkey signature. */ /* Packet looks good, save the signer id. */ +/*@-boundsread@*/ memcpy(ts->pksignid, sigp->signid, sizeof(ts->pksignid)); +/*@=boundsread@*/ rpmMessage(RPMMESS_DEBUG, "========== %s pubkey id %s\n", (sigp->pubkey_algo == PGPPUBKEYALGO_DSA ? "DSA" : @@ -1052,6 +1116,7 @@ static inline unsigned char nibble(char c) return 0; } +/*@-boundswrite@*/ /** * Verify PGP (aka RSA/MD5) signature. * @param ts transaction set @@ -1160,6 +1225,7 @@ exit: t = stpcpy(t, "\n"); return res; } +/*@=boundswrite@*/ /** * Verify GPG (aka DSA) signature. @@ -1168,6 +1234,7 @@ exit: * @param sha1ctx * @return RPMSIG_OK on success */ +/*@-boundswrite@*/ static rpmVerifySignatureReturn verifyGPGSignature(rpmts ts, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX sha1ctx) @@ -1249,6 +1316,7 @@ exit: t = stpcpy(t, "\n"); return res; } +/*@=boundswrite@*/ rpmVerifySignatureReturn rpmVerifySignature(const rpmts ts, char * result) diff --git a/lib/stringbuf.c b/lib/stringbuf.c index a5fd1a44e..833ca6223 100644 --- a/lib/stringbuf.c +++ b/lib/stringbuf.c @@ -60,13 +60,16 @@ StringBuf freeStringBuf(StringBuf sb) void truncStringBuf(StringBuf sb) { +/*@-boundswrite@*/ sb->buf[0] = '\0'; +/*@=boundswrite@*/ sb->tail = sb->buf; sb->free = sb->allocated; } void stripTrailingBlanksStringBuf(StringBuf sb) { +/*@-bounds@*/ while (sb->free != sb->allocated) { if (! xisspace(*(sb->tail - 1))) break; @@ -74,6 +77,7 @@ void stripTrailingBlanksStringBuf(StringBuf sb) sb->tail--; } sb->tail[0] = '\0'; +/*@=bounds@*/ } char * getStringBuf(StringBuf sb) @@ -94,6 +98,7 @@ void appendStringBufAux(StringBuf sb, const char *s, int nl) sb->tail = sb->buf + (sb->allocated - sb->free); } +/*@-boundswrite@*/ /*@-mayaliasunique@*/ /* FIX: shrug */ strcpy(sb->tail, s); /*@=mayaliasunique@*/ @@ -105,4 +110,5 @@ void appendStringBufAux(StringBuf sb, const char *s, int nl) sb->tail++; sb->free--; } +/*@=boundswrite@*/ } diff --git a/lib/transaction.c b/lib/transaction.c index 84a7b1c5f..3f063527b 100644 --- a/lib/transaction.c +++ b/lib/transaction.c @@ -1,3 +1,4 @@ +/*@-boundsread@*/ /** \ingroup rpmts * \file lib/transaction.c */ @@ -213,6 +214,7 @@ static int filecmp(rpmfi afi, rpmfi bfi) /** */ /* XXX only ts->{probs,rpmdb} modified */ +/*@-bounds@*/ static int handleInstInstalledFiles(const rpmts ts, rpmte p, rpmfi fi, sharedFileInfo shared, @@ -299,6 +301,7 @@ static int handleInstInstalledFiles(const rpmts ts, return 0; } +/*@=bounds@*/ /** */ @@ -325,6 +328,7 @@ static int handleRmvdInstalledFiles(const rpmts ts, rpmfi fi, xx = hge(h, RPMTAG_FILESTATES, NULL, (void **) &otherStates, NULL); +/*@-boundswrite@*/ for (i = 0; i < sharedCount; i++, shared++) { int otherFileNum, fileNum; otherFileNum = shared->otherFileNum; @@ -335,6 +339,7 @@ static int handleRmvdInstalledFiles(const rpmts ts, rpmfi fi, fi->actions[fileNum] = FA_SKIP; } +/*@=boundswrite@*/ mi = rpmdbFreeIterator(mi); @@ -363,6 +368,7 @@ static int fpsCompare (const void * one, const void * two) if (adnlen == 1 && asnlen != 0) adnlen = 0; if (bdnlen == 1 && bsnlen != 0) bdnlen = 0; +/*@-boundswrite@*/ afn = t = alloca(adnlen+asnlen+abnlen+2); if (adnlen) t = stpcpy(t, a->entry->dirName); *t++ = '/'; @@ -376,6 +382,7 @@ static int fpsCompare (const void * one, const void * two) if (b->subDir && bsnlen) t = stpcpy(t, b->subDir); if (bbnlen) t = stpcpy(t, b->baseName); if (bfn[0] == '/' && bfn[1] == '/') bfn++; +/*@=boundswrite@*/ rc = strcmp(afn, bfn); /*@-modfilesys@*/ @@ -454,7 +461,9 @@ fiFps->baseName); const struct fingerPrint_s * bingoFps; +/*@-boundswrite@*/ bingoFps = bsearch(fiFps, otherFps, otherFc, sizeof(*otherFps), fpsCompare); +/*@=boundswrite@*/ if (bingoFps == NULL) { /*@-modfilesys@*/ fprintf(stderr, "*** NULL %s/%s%s\n", @@ -574,6 +583,7 @@ static void handleOverlappedFiles(const rpmts ts, /*@innerbreak@*/ break; } +/*@-boundswrite@*/ switch (rpmteType(p)) { case TR_ADDED: { struct stat sb; @@ -648,6 +658,7 @@ assert(otherFi != NULL); fi->actions[i] = FA_ERASE; /*@switchbreak@*/ break; } +/*@=boundswrite@*/ /* Update disk space info for a file. */ rpmtsUpdateDSI(ts, fi->fps[i].entry->dev, @@ -678,6 +689,7 @@ static int ensureOlder(rpmts ts, if (p == NULL || h == NULL) return 1; +/*@-boundswrite@*/ nb = strlen(rpmteNEVR(p)) + (rpmteE(p) != NULL ? strlen(rpmteE(p)) : 0) + 1; t = alloca(nb); *t = '\0'; @@ -686,6 +698,7 @@ static int ensureOlder(rpmts ts, if (rpmteV(p) != NULL) t = stpcpy(t, rpmteV(p)); *t++ = '-'; if (rpmteR(p) != NULL) t = stpcpy(t, rpmteR(p)); +/*@=boundswrite@*/ req = rpmdsSingle(RPMTAG_REQUIRENAME, rpmteN(p), reqEVR, reqFlags); rc = headerMatchesDepFlags(h, req); @@ -1461,3 +1474,4 @@ fi->actions = actions; return 0; /*@=nullstate@*/ } +/*@=boundsread@*/ diff --git a/lib/verify.c b/lib/verify.c index 9330810e4..ea8fb5cc0 100644 --- a/lib/verify.c +++ b/lib/verify.c @@ -39,6 +39,7 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi, int rc; /* Prepend the path to root (if specified). */ +/*@-bounds@*/ if (rootDir && *rootDir != '\0' && !(rootDir[0] == '/' && rootDir[1] == '\0')) { @@ -56,8 +57,11 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi, t = stpcpy(t, fn); fn = t; } +/*@=bounds@*/ +/*@-boundswrite@*/ *result = RPMVERIFY_NONE; +/*@=boundswrite@*/ /* * Check to see if the file was installed - if not pretend all is OK. @@ -73,7 +77,9 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi, } if (fn == NULL || Lstat(fn, &sb) != 0) { +/*@-bounds@*/ *result |= RPMVERIFY_LSTATFAIL; +/*@=bounds@*/ return 1; } @@ -114,6 +120,7 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi, */ flags &= ~(omitMask | RPMVERIFY_LSTATFAIL|RPMVERIFY_READFAIL|RPMVERIFY_READLINKFAIL); +/*@-bounds@*/ if (flags & RPMVERIFY_MD5) { unsigned char md5sum[16]; size_t fsize; @@ -202,6 +209,7 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi, if (name == NULL || fgroup == NULL || strcmp(name, fgroup)) *result |= RPMVERIFY_GROUP; } +/*@=bounds@*/ return 0; } @@ -265,6 +273,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi) int ec = 0; /* assume no problems */ int i; +/*@-boundswrite@*/ te = t = buf; *te = '\0'; @@ -338,6 +347,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi) *t = '\0'; } } +/*@=boundswrite@*/ fi = rpmfiUnlink(fi, "verifyHeader"); return ec; @@ -381,6 +391,7 @@ static int verifyDependencies(/*@unused@*/ QVA_t qva, rpmts ts, nb += strlen(altNEVR+2) + sizeof(", ") - 1; } te = t = alloca(nb); +/*@-boundswrite@*/ *te = '\0'; pkgNEVR = (ps->probs->pkgNEVR ? ps->probs->pkgNEVR : "?pkgNEVR?"); sprintf(te, _("Unsatisifed dependencies for %s: "), pkgNEVR); @@ -400,6 +411,7 @@ static int verifyDependencies(/*@unused@*/ QVA_t qva, rpmts ts, te = t; *t = '\0'; } +/*@=boundswrite@*/ rc = 1; } /*@=branchstate@*/ @@ -481,11 +493,13 @@ int rpmcliVerify(rpmts ts, QVA_t qva, const char ** argv) ec = rpmQueryVerify(qva, ts, (const char *) argv); /*@=nullpass@*/ } else { +/*@-boundsread@*/ if (argv != NULL) while ((arg = *argv++) != NULL) { ec += rpmQueryVerify(qva, ts, arg); rpmtsClean(ts); } +/*@=boundsread@*/ } (void) rpmtsSetVerifySigFlags(ts, 0); diff --git a/libelf/.cvsignore b/libelf/.cvsignore index 29ea84237..ea6aa7135 100755 --- a/libelf/.cvsignore +++ b/libelf/.cvsignore @@ -2,6 +2,7 @@ .libs Makefile Makefile.in +aclocal.m4 autom4te-* config.cache config.guess diff --git a/libelf/Makefile.am b/libelf/Makefile.am index 39bb25326..8c342b9d5 100755 --- a/libelf/Makefile.am +++ b/libelf/Makefile.am @@ -8,6 +8,12 @@ EXTRA_DIST = \ ChangeLog COPYING.LIB INSTALL README VERSION \ libelf.spec po/*.in po/*.po po/@PACKAGE@.pot +BUILT_SOURCES = libelf.lcd + +libelf.lcd: Makefile.am + make -C lib libelf.lcd + cp lib/libelf.lcd . + .PHONY: sources sources: make -C lib sources diff --git a/libelf/lib/.cvsignore b/libelf/lib/.cvsignore index f021651ed..9f72e5287 100755 --- a/libelf/lib/.cvsignore +++ b/libelf/lib/.cvsignore @@ -3,8 +3,10 @@ .libs Makefile Makefile.in -*.o *.la +*.lcd *.lo +*.o stamp-h stamp-h2 +sys_elf.h diff --git a/libelf/lib/.lclintrc b/libelf/lib/.lclintrc index 8dcf67302..de98e0481 100755 --- a/libelf/lib/.lclintrc +++ b/libelf/lib/.lclintrc @@ -13,8 +13,8 @@ +strict # lclint level # --- in progress -#+bounds # 675 -#+boundswrite # 94 ++boundsread # 0 ++boundswrite # 0 -branchstate # 77 -compdef # 85 @@ -33,9 +33,9 @@ -unsignedcompare # 11 -usereleased # 50 --immediatetrans # 19 --kepttrans # 15 --temptrans # 15 +-immediatetrans # 18 +-kepttrans # 11 +-temptrans # 20 # --- +partial artifacts -declundef diff --git a/libelf/lib/32.fsize.c b/libelf/lib/32.fsize.c index 25bb4b49b..2845dd212 100755 --- a/libelf/lib/32.fsize.c +++ b/libelf/lib/32.fsize.c @@ -93,9 +93,11 @@ _elf_fsize(unsigned cls, Elf_Type type, unsigned ver) else if (!valid_type(type)) { seterr(ERROR_UNKNOWN_TYPE); } +/*@-boundsread@*/ else if (!(n = _fsize(cls, ver, type))) { seterr(ERROR_UNKNOWN_TYPE); } +/*@=boundsread@*/ return n; } @@ -147,9 +149,11 @@ gelf_msize(Elf *elf, Elf_Type type, size_t count, unsigned ver) { else if (!valid_type(type)) { seterr(ERROR_UNKNOWN_TYPE); } +/*@-boundsread@*/ else if (!(n = _msize(elf->e_class, ver, type))) { seterr(ERROR_UNKNOWN_TYPE); } +/*@=boundsread@*/ else { return count * n; } diff --git a/libelf/lib/32.newehdr.c b/libelf/lib/32.newehdr.c index ecfcc54b1..dc0c6c283 100755 --- a/libelf/lib/32.newehdr.c +++ b/libelf/lib/32.newehdr.c @@ -39,7 +39,9 @@ _elf_newehdr(Elf *elf, unsigned cls) return _elf_getehdr(elf, cls); } else if (!elf->e_ehdr) { +/*@-boundsread@*/ size = _msize(cls, _elf_version, ELF_T_EHDR); +/*@=boundsread@*/ elf_assert(size); if ((elf->e_ehdr = (char*)malloc(size))) { memset(elf->e_ehdr, 0, size); @@ -75,10 +77,12 @@ elf64_newehdr(Elf *elf) { unsigned long gelf_newehdr(Elf *elf, int cls) { +/*@-boundsread@*/ if (!valid_class(cls) || !_msize(cls, _elf_version, ELF_T_EHDR)) { seterr(ERROR_UNKNOWN_CLASS); return 0; } +/*@=boundsread@*/ if (!_elf_newehdr(elf, cls)) { return 0; } diff --git a/libelf/lib/32.newphdr.c b/libelf/lib/32.newphdr.c index e5ede143d..9ba7b07a2 100755 --- a/libelf/lib/32.newphdr.c +++ b/libelf/lib/32.newphdr.c @@ -46,7 +46,9 @@ _elf_newphdr(Elf *elf, size_t count, unsigned cls) seterr(ERROR_CLASSMISMATCH); } else if (elf->e_ehdr || _elf_cook(elf)) { +/*@-boundsread@*/ size = _msize(cls, _elf_version, ELF_T_PHDR); +/*@=boundsread@*/ elf_assert(size); if (count) { if (!(phdr = (char*)malloc(count * size))) { diff --git a/libelf/lib/32.xlatetof.c b/libelf/lib/32.xlatetof.c index 32a4c2c75..8d60e8ce2 100755 --- a/libelf/lib/32.xlatetof.c +++ b/libelf/lib/32.xlatetof.c @@ -200,6 +200,7 @@ static const char rcsid[] = "@(#) Id: 32.xlatetof.c,v 1.14 2002/06/11 18:53:22 m seq(copy_half(e,io,st_shndx), \ /**/)))))) +/*@-boundswrite@*/ /* FIX: memmove precondition? */ static size_t byte_copy(unsigned char *dst, const unsigned char *src, size_t n) /*@modifies *dst @*/ @@ -253,6 +254,7 @@ copy_type(rela_32,11,Elf32_Rela,copy_rela_11) copy_type(rel_32,11,Elf32_Rel,copy_rel_11) copy_type(shdr_32,11,Elf32_Shdr,copy_shdr_11) copy_type(sym_32,11,Elf32_Sym,copy_sym_11) +/*@=boundswrite@*/ typedef size_t (*xlator)(unsigned char* dst, const unsigned char* src, size_t n) /*@modifies *dst @*/; @@ -369,11 +371,13 @@ _elf32_xltsize(const Elf_Data *src, unsigned dv, unsigned encode, int tof) { seterr(ERROR_UNKNOWN_TYPE); return (size_t)-1; } +/*@-boundsread@*/ if (!(op = translator(sv, dv, encode, type, tof))) { seterr(ERROR_UNKNOWN_TYPE); return (size_t)-1; } return (*op)(NULL, src->d_buf, src->d_size); +/*@=boundsread@*/ } /* @@ -413,6 +417,7 @@ elf32_xlate(/*@returned@*/ Elf_Data *dst, const Elf_Data *src, unsigned encode, seterr(ERROR_UNKNOWN_TYPE); return NULL; } +/*@-boundsread@*/ op = translator(sv, dv, encode, type, tof); if (!op) { seterr(ERROR_UNKNOWN_TYPE); @@ -427,6 +432,7 @@ elf32_xlate(/*@returned@*/ Elf_Data *dst, const Elf_Data *src, unsigned encode, tmp = (*op)(dst->d_buf, src->d_buf, src->d_size); elf_assert(tmp == dsize); } +/*@=boundsread@*/ dst->d_size = dsize; dst->d_type = type; return dst; diff --git a/libelf/lib/64.xlatetof.c b/libelf/lib/64.xlatetof.c index 77cdeba7c..a04e1c5b1 100755 --- a/libelf/lib/64.xlatetof.c +++ b/libelf/lib/64.xlatetof.c @@ -226,6 +226,7 @@ static const char rcsid[] = "@(#) Id: 64.xlatetof.c,v 1.14 2002/06/11 18:53:22 m seq(copy_xword(e,io,st_size), \ /**/)))))) +/*@-boundswrite@*/ /* FIX: memmove precondition? */ static size_t byte_copy(unsigned char *dst, const unsigned char *src, size_t n) /*@modifies *dst @*/ @@ -281,6 +282,7 @@ copy_type(rela_64,11,Elf64_Rela,copy_rela_11) copy_type(rel_64,11,Elf64_Rel,copy_rel_11) copy_type(shdr_64,11,Elf64_Shdr,copy_shdr_11) copy_type(sym_64,11,Elf64_Sym,copy_sym_11) +/*@=boundswrite@*/ typedef size_t (*xlator)(unsigned char* dst, const unsigned char* src, size_t n) /*@modifies *dst @*/; @@ -397,11 +399,13 @@ _elf64_xltsize(const Elf_Data *src, unsigned dv, unsigned encode, int tof) { seterr(ERROR_UNKNOWN_TYPE); return (size_t)-1; } +/*@-boundsread@*/ if (!(op = translator(sv, dv, encode, type, tof))) { seterr(ERROR_UNKNOWN_TYPE); return (size_t)-1; } return (*op)(NULL, src->d_buf, src->d_size); +/*@=boundsread@*/ } /* @@ -441,18 +445,24 @@ elf64_xlate(/*@returned@*/ Elf_Data *dst, const Elf_Data *src, unsigned encode, seterr(ERROR_UNKNOWN_TYPE); return NULL; } +/*@-boundsread@*/ op = translator(sv, dv, encode, type, tof); +/*@=boundsread@*/ if (!op) { seterr(ERROR_UNKNOWN_TYPE); return NULL; } +/*@-boundsread@*/ dsize = (*op)(NULL, src->d_buf, src->d_size); +/*@=boundsread@*/ if (dst->d_size < dsize) { seterr(ERROR_DST2SMALL); return NULL; } if (dsize) { +/*@-boundsread@*/ tmp = (*op)(dst->d_buf, src->d_buf, src->d_size); +/*@=boundsread@*/ elf_assert(tmp == dsize); } dst->d_size = dsize; diff --git a/libelf/lib/Makefile.am b/libelf/lib/Makefile.am index 9eb4ff8e4..14ba013f2 100755 --- a/libelf/lib/Makefile.am +++ b/libelf/lib/Makefile.am @@ -47,6 +47,11 @@ noinst_HEADERS = \ libelf.h nlist.h gelf.h sys_elf.h \ byteswap.h errors.h ext_types.h private.h elf_repl.h $(HDRS_V) +BUILT_SOURCES = libelf.lcd + +libelf.lcd: Makefile.am ${libelf_la_SOURCES} ${noinst_HEADERS} + -lclint ${DEFS} ${INCLUDES} ${libelf_la_SOURCES} -dump $@ 2>/dev/null + .PHONY: sources sources: @echo $(libelf_la_SOURCES:%=libelf/lib/%) diff --git a/libelf/lib/begin.c b/libelf/lib/begin.c index 07a9e7b09..f45fe8028 100755 --- a/libelf/lib/begin.c +++ b/libelf/lib/begin.c @@ -1,3 +1,4 @@ +/*@+boundswrite@*/ /* begin.c - implementation of the elf_begin(3) and elf_memory(3) functions. Copyright (C) 1995 - 2001 Michael Riepe @@ -52,9 +53,11 @@ static const char fmag[] = ARFMAG; static unsigned long getnum(const char *str, size_t len, int base, int *err) /*@modifies *err @*/ + /*@requires maxSet(err) >= 0 @*/ { unsigned long result = 0; +/*@-boundsread@*/ while (len && *str == ' ') { str++; len--; } @@ -64,6 +67,7 @@ getnum(const char *str, size_t len, int base, int *err) while (len && *str == ' ') { str++; len--; } +/*@=boundsread@*/ if (len) { *err = len; } @@ -90,10 +94,14 @@ _elf_init_ar(Elf *elf) if (memcmp(hdr->ar_fmag, fmag, sizeof(fmag) - 1)) { break; } +/*@-boundsread@*/ if (hdr->ar_name[0] != '/') { break; } +/*@-boundswrite@*/ size = getnum(hdr->ar_size, sizeof(hdr->ar_size), 10, &err); +/*@=boundswrite @*/ +/*@=boundsread@*/ if (err || !size) { break; } @@ -101,6 +109,7 @@ _elf_init_ar(Elf *elf) if (offset + size > elf->e_size) { break; } +/*@-boundsread@*/ if (hdr->ar_name[1] == '/' && hdr->ar_name[2] == ' ') { elf->e_strtab = elf->e_data + offset; elf->e_strlen = size; @@ -109,6 +118,7 @@ _elf_init_ar(Elf *elf) if (elf->e_symtab || hdr->ar_name[1] != ' ') { break; } +/*@=boundsread@*/ elf->e_symtab = elf->e_data + offset; elf->e_symlen = size; offset += size + (size & 1); @@ -148,6 +158,7 @@ _elf_arhdr(Elf *arf) } name = hdr->ar_name; +/*@-boundsread@*/ for (namelen = sizeof(hdr->ar_name); namelen > 0; namelen--) { if (name[namelen - 1] != ' ') { break; @@ -159,7 +170,9 @@ _elf_arhdr(Elf *arf) seterr(ERROR_ARSTRTAB); return NULL; } +/*@-boundswrite@*/ tmp = getnum(&name[1], namelen - 1, 10, &err); +/*@=boundswrite@*/ if (err) { seterr(ERROR_ARSPECIAL); return NULL; @@ -188,11 +201,13 @@ _elf_arhdr(Elf *arf) else if (namelen > 0 && name[namelen - 1] == '/') { namelen--; } - /* XXX some broken software omits the trailing slash +/*@=boundsread@*/ + /* XXX some broken software omits the trailing slash */ +#if 0 else { namelen = 0; } - */ +#endif if (!(arhdr = (Elf_Arhdr*)malloc(sizeof(*arhdr) + sizeof(hdr->ar_name) + namelen + 2))) { @@ -202,11 +217,13 @@ _elf_arhdr(Elf *arf) arhdr->ar_name = NULL; arhdr->ar_rawname = (char*)(arhdr + 1); +/*@-boundsread -boundswrite @*/ arhdr->ar_date = getnum(hdr->ar_date, sizeof(hdr->ar_date), 10, &err); arhdr->ar_uid = getnum(hdr->ar_uid, sizeof(hdr->ar_uid), 10, &err); arhdr->ar_gid = getnum(hdr->ar_gid, sizeof(hdr->ar_gid), 10, &err); arhdr->ar_mode = getnum(hdr->ar_mode, sizeof(hdr->ar_mode), 8, &err); arhdr->ar_size = getnum(hdr->ar_size, sizeof(hdr->ar_size), 10, &err); +/*@=boundsread =boundswrite @*/ if (err) { free(arhdr); seterr(ERROR_ARHDR); @@ -218,6 +235,7 @@ _elf_arhdr(Elf *arf) return NULL; } +/*@-boundswrite@*/ memcpy(arhdr->ar_rawname, hdr->ar_name, sizeof(hdr->ar_name)); arhdr->ar_rawname[sizeof(hdr->ar_name)] = '\0'; @@ -226,6 +244,7 @@ _elf_arhdr(Elf *arf) memcpy(arhdr->ar_name, name, namelen); arhdr->ar_name[namelen] = '\0'; } +/*@=boundswrite@*/ return arhdr; } @@ -238,9 +257,11 @@ _elf_check_type(Elf *elf, size_t size) if (size >= EI_NIDENT && !memcmp(elf->e_data, ELFMAG, SELFMAG)) { elf->e_kind = ELF_K_ELF; elf->e_idlen = EI_NIDENT; +/*@-boundsread@*/ elf->e_class = elf->e_data[EI_CLASS]; elf->e_encoding = elf->e_data[EI_DATA]; elf->e_version = elf->e_data[EI_VERSION]; +/*@=boundsread@*/ } else if (size >= SARMAG && !memcmp(elf->e_data, ARMAG, SARMAG)) { _elf_init_ar(elf); @@ -303,7 +324,9 @@ elf_begin(int fd, Elf_Cmd cmd, Elf *ref) { seterr(ERROR_MEM_ELF); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *elf = _elf_init; +/*@=boundswrite@*/ elf->e_fd = fd; elf->e_parent = ref; elf->e_size = elf->e_dsize = size; @@ -363,6 +386,7 @@ elf_begin(int fd, Elf_Cmd cmd, Elf *ref) { * original image, we have to re-read the archive file. * Will fail if the archive's file descriptor is disabled. */ +/*@-boundswrite@*/ if (!ref->e_cooked) { ref->e_cooked = 1; } @@ -373,6 +397,7 @@ elf_begin(int fd, Elf_Cmd cmd, Elf *ref) { free(elf); return NULL; } +/*@=boundswrite@*/ } elf->e_next = offset + size + (size & 1); elf->e_disabled = ref->e_disabled; @@ -385,6 +410,7 @@ elf_begin(int fd, Elf_Cmd cmd, Elf *ref) { ref->e_off = elf->e_next; } else if (size) { +/*@-boundswrite@*/ #if HAVE_MMAP /* * Using mmap on writable files will interfere with elf_update @@ -398,6 +424,7 @@ elf_begin(int fd, Elf_Cmd cmd, Elf *ref) { free(elf); return NULL; } +/*@=boundswrite@*/ } _elf_check_type(elf, size); @@ -422,7 +449,9 @@ elf_memory(char *image, size_t size) { seterr(ERROR_MEM_ELF); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *elf = _elf_init; +/*@=boundswrite@*/ elf->e_size = elf->e_dsize = size; elf->e_data = elf->e_rawdata = image; elf->e_readable = 1; @@ -444,3 +473,4 @@ gelf_getclass(Elf *elf) { } #endif /* __LIBELF64 */ +/*@=boundswrite@*/ diff --git a/libelf/lib/checksum.c b/libelf/lib/checksum.c index 5c0f24101..7bd503575 100755 --- a/libelf/lib/checksum.c +++ b/libelf/lib/checksum.c @@ -88,9 +88,11 @@ add_bytes(unsigned char *ptr, size_t len) { long csum = 0; +/*@-boundsread@*/ while (len--) { csum += *ptr++; } +/*@=boundsread@*/ return csum; } diff --git a/libelf/lib/cook.c b/libelf/lib/cook.c index 89c371c00..64a08b29b 100755 --- a/libelf/lib/cook.c +++ b/libelf/lib/cook.c @@ -83,6 +83,7 @@ static char* _elf_item(Elf *elf, Elf_Type type, size_t n, size_t off, int *flag) /*@globals _elf_errno @*/ /*@modifies *elf, *flag, _elf_errno @*/ + /*@requires maxSet(flag) >= 0 @*/ { Elf_Data src, dst; @@ -96,7 +97,9 @@ _elf_item(Elf *elf, Elf_Type type, size_t n, size_t off, int *flag) src.d_type = type; src.d_version = elf->e_version; +/*@-boundsread@*/ src.d_size = n * _fsize(elf->e_class, src.d_version, type); +/*@=boundsread@*/ elf_assert(src.d_size); if (off + src.d_size < off /* modulo overflow */ || off + src.d_size > elf->e_size) { @@ -105,7 +108,9 @@ _elf_item(Elf *elf, Elf_Type type, size_t n, size_t off, int *flag) } dst.d_version = _elf_version; +/*@-boundsread@*/ dst.d_size = n * _msize(elf->e_class, dst.d_version, type); +/*@=boundsread@*/ elf_assert(dst.d_size); elf_assert(elf->e_data); @@ -128,16 +133,20 @@ _elf_item(Elf *elf, Elf_Type type, size_t n, size_t off, int *flag) } if (_elf_xlatetom(elf, &dst, &src)) { +/*@-boundsread@*/ if (!*flag) { elf->e_cooked = 1; } +/*@=boundsread@*/ return (char*)dst.d_buf; } +/*@-boundsread@*/ if (*flag) { free(dst.d_buf); *flag = 0; } +/*@=boundsread@*/ return NULL; } @@ -153,14 +162,18 @@ _elf_cook_file(Elf *elf) size_t num, off, align_addr; int flag; +/*@-boundswrite@*/ elf->e_ehdr = _elf_item(elf, ELF_T_EHDR, 1, 0, &flag); +/*@=boundswrite@*/ if (!elf->e_ehdr) { return 0; } if (flag) { elf->e_free_ehdr = 1; } +/*@-boundsread@*/ align_addr = _fsize(elf->e_class, elf->e_version, ELF_T_ADDR); +/*@=boundsread@*/ elf_assert(align_addr); if (elf->e_class == ELFCLASS32) { num = ((Elf32_Ehdr*)elf->e_ehdr)->e_phnum; @@ -188,7 +201,9 @@ _elf_cook_file(Elf *elf) seterr(ERROR_ALIGN_PHDR); return 0; } +/*@-boundswrite@*/ elf->e_phdr = _elf_item(elf, ELF_T_PHDR, num, off, &flag); +/*@=boundswrite@*/ if (!elf->e_phdr) { return 0; } @@ -326,9 +341,13 @@ _elf_cook_file(Elf *elf) sd->sd_data.d_size = scn->s_size; sd->sd_data.d_version = _elf_version; } +/*@-boundsread@*/ elf_assert(scn == &head[0].scn); +/*@=boundsread@*/ elf->e_scn_1 = &head[0].scn; +/*@-boundswrite@*/ head[0].scn.s_freeme = 1; +/*@=boundswrite@*/ } return 1; } diff --git a/libelf/lib/end.c b/libelf/lib/end.c index 951978c2d..25cf5d5cf 100755 --- a/libelf/lib/end.c +++ b/libelf/lib/end.c @@ -90,13 +90,17 @@ elf_end(Elf *elf) { elf_assert(elf->e_parent->e_magic == ELF_MAGIC); elf_assert(elf->e_parent->e_kind == ELF_K_AR); siblings = &elf->e_parent->e_members; +/*@-boundsread@*/ while (*siblings) { if (*siblings == elf) { +/*@-boundswrite@*/ *siblings = elf->e_link; +/*@=boundswrite@*/ break; } siblings = &(*siblings)->e_link; } +/*@=boundsread@*/ elf_end(elf->e_parent); _elf_free(elf->e_arhdr); } diff --git a/libelf/lib/errmsg.c b/libelf/lib/errmsg.c index e922af79d..f8d278361 100755 --- a/libelf/lib/errmsg.c +++ b/libelf/lib/errmsg.c @@ -65,9 +65,11 @@ elf_errmsg(int err) { err = _elf_errno; } +/*@-boundsread@*/ if (err < 0 || err >= ERROR_NUM || _messages[err] == NULL) { err = ERROR_UNKNOWN; } +/*@=boundsread@*/ #if HAVE_CATGETS if (_libelf_cat == (nl_catd)0) { diff --git a/libelf/lib/gelfehdr.c b/libelf/lib/gelfehdr.c index 9b88080c0..9ab70d46a 100755 --- a/libelf/lib/gelfehdr.c +++ b/libelf/lib/gelfehdr.c @@ -52,12 +52,16 @@ gelf_getehdr(Elf *elf, GElf_Ehdr *dst) { dst = &buf; } if (elf->e_class == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *dst = *(Elf64_Ehdr*)tmp; +/*@=boundswrite@*/ } else if (elf->e_class == ELFCLASS32) { Elf32_Ehdr *src = (Elf32_Ehdr*)tmp; +/*@-boundsread@*/ memcpy(dst->e_ident, src->e_ident, EI_NIDENT); +/*@=boundsread@*/ check_and_copy(GElf_Half, dst, src, e_type, NULL); check_and_copy(GElf_Half, dst, src, e_machine, NULL); check_and_copy(GElf_Word, dst, src, e_version, NULL); @@ -86,7 +90,9 @@ gelf_getehdr(Elf *elf, GElf_Ehdr *dst) { seterr(ERROR_MEM_EHDR); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *dst = buf; +/*@=boundswrite@*/ } return dst; } @@ -104,12 +110,16 @@ gelf_update_ehdr(Elf *elf, GElf_Ehdr *src) { return 0; } if (elf->e_class == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *(Elf64_Ehdr*)tmp = *src; +/*@=boundswrite@*/ } else if (elf->e_class == ELFCLASS32) { Elf32_Ehdr *dst = (Elf32_Ehdr*)tmp; +/*@-boundsread@*/ memcpy(dst->e_ident, src->e_ident, EI_NIDENT); +/*@=boundsread@*/ check_and_copy(Elf32_Half, dst, src, e_type, 0); check_and_copy(Elf32_Half, dst, src, e_machine, 0); check_and_copy(Elf32_Word, dst, src, e_version, 0); diff --git a/libelf/lib/gelfphdr.c b/libelf/lib/gelfphdr.c index c5737a9eb..7b7d79a58 100755 --- a/libelf/lib/gelfphdr.c +++ b/libelf/lib/gelfphdr.c @@ -53,7 +53,9 @@ gelf_getphdr(Elf *elf, int ndx, GElf_Phdr *dst) { seterr(ERROR_BADINDEX); return NULL; } +/*@-boundsread@*/ n = _msize(elf->e_class, _elf_version, ELF_T_PHDR); +/*@=boundsread@*/ if (n == 0) { seterr(ERROR_UNIMPLEMENTED); return NULL; @@ -62,7 +64,9 @@ gelf_getphdr(Elf *elf, int ndx, GElf_Phdr *dst) { dst = &buf; } if (elf->e_class == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *dst = *(Elf64_Phdr*)(tmp + ndx * n); +/*@=boundswrite@*/ } else if (elf->e_class == ELFCLASS32) { Elf32_Phdr *src = (Elf32_Phdr*)(tmp + ndx * n); @@ -90,7 +94,9 @@ gelf_getphdr(Elf *elf, int ndx, GElf_Phdr *dst) { seterr(ERROR_MEM_PHDR); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *dst = buf; +/*@=boundswrite@*/ } return dst; } @@ -112,13 +118,17 @@ gelf_update_phdr(Elf *elf, int ndx, GElf_Phdr *src) { seterr(ERROR_BADINDEX); return 0; } +/*@-boundsread@*/ n = _msize(elf->e_class, _elf_version, ELF_T_PHDR); +/*@=boundsread@*/ if (n == 0) { seterr(ERROR_UNIMPLEMENTED); return 0; } if (elf->e_class == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *(Elf64_Phdr*)(tmp + ndx * n) = *src; +/*@=boundswrite@*/ } else if (elf->e_class == ELFCLASS32) { Elf32_Phdr *dst = (Elf32_Phdr*)(tmp + ndx * n); diff --git a/libelf/lib/gelfshdr.c b/libelf/lib/gelfshdr.c index 93e6a0cf4..5ded8265e 100755 --- a/libelf/lib/gelfshdr.c +++ b/libelf/lib/gelfshdr.c @@ -49,7 +49,9 @@ gelf_getshdr(Elf_Scn *scn, GElf_Shdr *dst) { dst = &buf; } if (scn->s_elf->e_class == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *dst = scn->s_shdr64; +/*@=boundswrite@*/ } else if (scn->s_elf->e_class == ELFCLASS32) { Elf32_Shdr *src = &scn->s_shdr32; @@ -79,7 +81,9 @@ gelf_getshdr(Elf_Scn *scn, GElf_Shdr *dst) { seterr(ERROR_MEM_SHDR); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *dst = buf; +/*@=boundswrite@*/ } return dst; } @@ -93,7 +97,9 @@ gelf_update_shdr(Elf_Scn *scn, GElf_Shdr *src) { elf_assert(scn->s_elf); elf_assert(scn->s_elf->e_magic == ELF_MAGIC); if (scn->s_elf->e_class == ELFCLASS64) { +/*@-boundsread@*/ /* structure assignment */ scn->s_shdr64 = *src; +/*@=boundsread@*/ } else if (scn->s_elf->e_class == ELFCLASS32) { Elf32_Shdr *dst = &scn->s_shdr32; diff --git a/libelf/lib/gelftrans.c b/libelf/lib/gelftrans.c index 3724aa6fa..7adf1d1a0 100755 --- a/libelf/lib/gelftrans.c +++ b/libelf/lib/gelftrans.c @@ -89,7 +89,9 @@ get_addr_and_class(const Elf_Data *data, int ndx, Elf_Type type, unsigned *cls) seterr(ERROR_BADTYPE); return NULL; } +/*@-boundsread@*/ n = _msize(elf->e_class, data->d_version, type); +/*@=boundsread@*/ if (n == 0) { seterr(ERROR_UNIMPLEMENTED); return NULL; @@ -103,7 +105,9 @@ get_addr_and_class(const Elf_Data *data, int ndx, Elf_Type type, unsigned *cls) return NULL; } if (cls) { +/*@-boundswrite@*/ /* structure assignment */ *cls = elf->e_class; +/*@=boundswrite@*/ } return (char*)data->d_buf + n * ndx; } @@ -122,7 +126,9 @@ gelf_getsym(Elf_Data *src, int ndx, GElf_Sym *dst) { return NULL; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *dst = *(Elf64_Sym*)tmp; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Sym *src = (Elf32_Sym*)tmp; @@ -144,7 +150,9 @@ gelf_getsym(Elf_Data *src, int ndx, GElf_Sym *dst) { seterr(ERROR_MEM_SYM); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *dst = buf; +/*@=boundswrite@*/ } return dst; } @@ -159,7 +167,9 @@ gelf_update_sym(Elf_Data *dst, int ndx, GElf_Sym *src) { return 0; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *(Elf64_Sym*)tmp = *src; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Sym *dst = (Elf32_Sym*)tmp; @@ -192,7 +202,9 @@ gelf_getdyn(Elf_Data *src, int ndx, GElf_Dyn *dst) { return NULL; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *dst = *(Elf64_Dyn*)tmp; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Dyn *src = (Elf32_Dyn*)tmp; @@ -210,7 +222,9 @@ gelf_getdyn(Elf_Data *src, int ndx, GElf_Dyn *dst) { seterr(ERROR_MEM_DYN); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *dst = buf; +/*@=boundswrite@*/ } return dst; } @@ -225,7 +239,9 @@ gelf_update_dyn(Elf_Data *dst, int ndx, GElf_Dyn *src) { return 0; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *(Elf64_Dyn*)tmp = *src; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Dyn *dst = (Elf32_Dyn*)tmp; @@ -254,7 +270,9 @@ gelf_getrela(Elf_Data *src, int ndx, GElf_Rela *dst) { return NULL; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *dst = *(Elf64_Rela*)tmp; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Rela *src = (Elf32_Rela*)tmp; @@ -274,7 +292,9 @@ gelf_getrela(Elf_Data *src, int ndx, GElf_Rela *dst) { seterr(ERROR_MEM_RELA); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *dst = buf; +/*@=boundswrite@*/ } return dst; } @@ -289,7 +309,9 @@ gelf_update_rela(Elf_Data *dst, int ndx, GElf_Rela *src) { return 0; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *(Elf64_Rela*)tmp = *src; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Rela *dst = (Elf32_Rela*)tmp; @@ -325,7 +347,9 @@ gelf_getrel(Elf_Data *src, int ndx, GElf_Rel *dst) { return NULL; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *dst = *(Elf64_Rel*)tmp; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Rel *src = (Elf32_Rel*)tmp; @@ -344,7 +368,9 @@ gelf_getrel(Elf_Data *src, int ndx, GElf_Rel *dst) { seterr(ERROR_MEM_REL); return NULL; } +/*@-boundswrite@*/ /* structure assignment */ *dst = buf; +/*@=boundswrite@*/ } return dst; } @@ -359,7 +385,9 @@ gelf_update_rel(Elf_Data *dst, int ndx, GElf_Rel *src) { return 0; } if (cls == ELFCLASS64) { +/*@-boundswrite@*/ /* structure assignment */ *(Elf64_Rel*)tmp = *src; +/*@=boundswrite@*/ } else if (cls == ELFCLASS32) { Elf32_Rel *dst = (Elf32_Rel*)tmp; diff --git a/libelf/lib/hash.c b/libelf/lib/hash.c index b5967bbad..20eb7f47c 100755 --- a/libelf/lib/hash.c +++ b/libelf/lib/hash.c @@ -1,6 +1,6 @@ /* hash.c - implementation of the elf_hash(3) function. -Copyright (C) 1995, 1996 Michael Riepe +Copyright (C) 1995 - 1999 Michael Riepe This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -19,17 +19,22 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include +#ifndef lint +static const char rcsid[] = "@(#) Id: hash.c,v 1.4 1999/03/17 15:21:02 michael Exp "; +#endif /* lint */ + unsigned long -elf_hash(const char *name) { +elf_hash(const unsigned char *name) { unsigned long hash = 0; unsigned long tmp; - unsigned char c; - while ((c = *name++)) { - hash = (hash << 4) + c; +/*@-boundsread@*/ + while (*name) { + hash = (hash << 4) + *name++; if ((tmp = hash & 0xf0000000)) { hash ^= tmp | (tmp >> 24); } } +/*@=boundsread@*/ return hash; } diff --git a/libelf/lib/libelf.h b/libelf/lib/libelf.h index 8468540be..8a2163307 100755 --- a/libelf/lib/libelf.h +++ b/libelf/lib/libelf.h @@ -210,13 +210,15 @@ extern off_t elf_getbase __P((Elf *elf)) /*@*/; /*@null@*/ extern Elf_Data *elf_getdata __P((Elf_Scn *scn, /*@null@*/ Elf_Data *data)) - /*@modifies *scn @*/; + /*@modifies *scn @*/ + /*@ensures maxRead(data->d_buf) == data->d_size @*/; /*@null@*/ extern Elf32_Ehdr *elf32_getehdr __P((Elf *elf)) /*@modifies *elf @*/; /*@null@*/ extern char *elf_getident __P((Elf *elf, size_t *ptr)) - /*@modifies *elf, *ptr @*/; + /*@modifies *elf, *ptr @*/ + /*@requires maxSet(ptr) >= 0 @*/; /*@null@*/ extern Elf32_Phdr *elf32_getphdr __P((Elf *elf)) /*@modifies *elf @*/; diff --git a/libelf/lib/newdata.c b/libelf/lib/newdata.c index ef2b697da..5a60f86c6 100755 --- a/libelf/lib/newdata.c +++ b/libelf/lib/newdata.c @@ -1,6 +1,6 @@ /* newdata.c - implementation of the elf_newdata(3) function. -Copyright (C) 1995, 1996 Michael Riepe +Copyright (C) 1995 - 2000 Michael Riepe This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -19,6 +19,10 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include +#ifndef lint +static const char rcsid[] = "@(#) Id: newdata.c,v 1.6 2000/03/26 03:00:20 michael Exp "; +#endif /* lint */ + Elf_Data* elf_newdata(Elf_Scn *scn) { Scn_Data *sd; @@ -34,7 +38,9 @@ elf_newdata(Elf_Scn *scn) { seterr(ERROR_MEM_SCNDATA); } else { +/*@-boundswrite@*/ *sd = _elf_data_init; +/*@=boundswrite@*/ sd->sd_scn = scn; sd->sd_data_flags = ELF_F_DIRTY; sd->sd_freeme = 1; @@ -46,7 +52,7 @@ elf_newdata(Elf_Scn *scn) { scn->s_data_1 = sd; } scn->s_data_n = sd; - return (Elf_Data*)sd; + return &sd->sd_data; } return NULL; } diff --git a/libelf/lib/newscn.c b/libelf/lib/newscn.c index 5ab1b640c..a59be2007 100755 --- a/libelf/lib/newscn.c +++ b/libelf/lib/newscn.c @@ -35,7 +35,9 @@ _buildscn(Elf *elf) elf_assert(elf->e_ehdr); elf_assert(_elf_scn_init.s_magic == SCN_MAGIC); while ((scn = (Elf_Scn*)malloc(sizeof(*scn)))) { +/*@-boundswrite@*/ *scn = _elf_scn_init; +/*@=boundswrite@*/ scn->s_elf = elf; scn->s_scn_flags = ELF_F_DIRTY; scn->s_shdr_flags = ELF_F_DIRTY; diff --git a/libelf/lib/nlist.c b/libelf/lib/nlist.c index fc7f58c9a..405a1d41d 100755 --- a/libelf/lib/nlist.c +++ b/libelf/lib/nlist.c @@ -53,6 +53,7 @@ symbol_name(Elf *elf, const void *syms, const char *names, size_t nlimit, size_t { size_t off; +/*@-boundsread@*/ if (elf->e_class == ELFCLASS32) { off = ((Elf32_Sym*)syms)[index].st_name; } @@ -64,6 +65,7 @@ symbol_name(Elf *elf, const void *syms, const char *names, size_t nlimit, size_t else { return NULL; } +/*@=boundsread@*/ if (off >= 0 && off < nlimit) { return &names[off]; } @@ -74,6 +76,7 @@ static void copy_symbol(Elf *elf, struct nlist *np, const void *syms, size_t index) /*@modifies *np @*/ { +/*@-boundsread@*/ if (elf->e_class == ELFCLASS32) { np->n_value = ((Elf32_Sym*)syms)[index].st_value; np->n_scnum = ((Elf32_Sym*)syms)[index].st_shndx; @@ -84,6 +87,7 @@ copy_symbol(Elf *elf, struct nlist *np, const void *syms, size_t index) np->n_scnum = ((Elf64_Sym*)syms)[index].st_shndx; } #endif /* __LIBELF64 */ +/*@=boundsread@*/ /* * this needs more work */ @@ -92,6 +96,7 @@ copy_symbol(Elf *elf, struct nlist *np, const void *syms, size_t index) np->n_numaux = 0; } +/*@-boundswrite@*/ /* LCL: segfault here */ static int _elf_nlist(Elf *elf, struct nlist *nl) /*@modifies *elf, *nl @*/ @@ -228,6 +233,7 @@ _elf_nlist(Elf *elf, struct nlist *nl) free(table); return 0; } +/*@=boundswrite@*/ int nlist(const char *filename, struct nlist *nl) { @@ -247,10 +253,12 @@ nlist(const char *filename, struct nlist *nl) { elf_version(oldver); } if (result) { +/*@-boundsread@*/ while (nl->n_name && *nl->n_name) { nl->n_value = 0; nl++; } +/*@=boundsread@*/ } return result; } diff --git a/libelf/lib/private.h b/libelf/lib/private.h index bff5f60ae..354e80430 100755 --- a/libelf/lib/private.h +++ b/libelf/lib/private.h @@ -217,7 +217,7 @@ struct Elf_Scn { unsigned s_shdr_flags; /* shdr flags (ELF_F_*) */ /*@null@*/ Scn_Data* s_data_1; /* first data buffer */ -/*@null@*/ +/*@kept@*/ /*@null@*/ Scn_Data* s_data_n; /* last data buffer */ /*@null@*/ Scn_Data* s_rawdata; /* raw data buffer */ @@ -314,11 +314,14 @@ extern int _elf_fill; /*@null@*/ extern void *_elf_read __P((Elf* elf, /*@returned@*/ /*@null@*/ void* buffer, size_t off, size_t len)) /*@globals _elf_errno @*/ - /*@modifies *buffer, _elf_errno @*/; + /*@modifies *buffer, _elf_errno @*/ + /*@requires maxSet(buffer) >= (len - 1) @*/ + /*@ensures maxRead(buffer) >= len @*/; /*@null@*/ extern void *_elf_mmap __P((Elf* elf)) /*@globals _elf_errno @*/ - /*@modifies _elf_errno @*/; + /*@modifies _elf_errno @*/ + /*@ensures maxSet(result) == elf->e_size /\ maxRead(result) == elf->e_size @*/; extern int _elf_cook __P((Elf* elf)) /*@globals _elf_errno @*/ /*@modifies *elf, _elf_errno @*/; diff --git a/libelf/lib/rawdata.c b/libelf/lib/rawdata.c index c2b26ed35..48a0f71b9 100755 --- a/libelf/lib/rawdata.c +++ b/libelf/lib/rawdata.c @@ -1,6 +1,6 @@ /* rawdata.c - implementation of the elf_rawdata(3) function. -Copyright (C) 1995, 1996 Michael Riepe +Copyright (C) 1995 - 2000 Michael Riepe This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -19,6 +19,10 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include +#ifndef lint +static const char rcsid[] = "@(#) Id: rawdata.c,v 1.6 2000/03/26 03:00:20 michael Exp "; +#endif /* lint */ + Elf_Data* elf_rawdata(Elf_Scn *scn, Elf_Data *data) { Scn_Data *sd; @@ -41,7 +45,9 @@ elf_rawdata(Elf_Scn *scn, Elf_Data *data) { return NULL; } else if ((sd = scn->s_rawdata)) { - return (Elf_Data*)sd; + elf_assert(sd->sd_magic == DATA_MAGIC); + elf_assert(sd->sd_scn == scn); + return &sd->sd_data; } else if (scn->s_offset < 0 || scn->s_offset > elf->e_size) { seterr(ERROR_OUTSIDE); @@ -54,7 +60,9 @@ elf_rawdata(Elf_Scn *scn, Elf_Data *data) { seterr(ERROR_MEM_SCNDATA); } else { +/*@-boundswrite@*/ *sd = _elf_data_init; +/*@=boundswrite@*/ sd->sd_scn = scn; sd->sd_freeme = 1; sd->sd_data.d_size = scn->s_size; @@ -65,9 +73,11 @@ elf_rawdata(Elf_Scn *scn, Elf_Data *data) { free(sd); return NULL; } +/*@-boundsread@*/ else if (elf->e_rawdata) { memcpy(sd->sd_memdata, elf->e_rawdata + scn->s_offset, scn->s_size); } +/*@=boundsread@*/ else if (!_elf_read(elf, sd->sd_memdata, scn->s_offset, scn->s_size)) { free(sd->sd_memdata); free(sd); @@ -77,7 +87,7 @@ elf_rawdata(Elf_Scn *scn, Elf_Data *data) { sd->sd_free_data = 1; } scn->s_rawdata = sd; - return (Elf_Data*)sd; + return &sd->sd_data; } return NULL; } diff --git a/libelf/lib/rawfile.c b/libelf/lib/rawfile.c index 0cf33733b..bfdad861b 100755 --- a/libelf/lib/rawfile.c +++ b/libelf/lib/rawfile.c @@ -1,6 +1,6 @@ /* rawfile.c - implementation of the elf_rawfile(3) function. -Copyright (C) 1995, 1996 Michael Riepe +Copyright (C) 1995 - 1998 Michael Riepe This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -19,6 +19,10 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include +#ifndef lint +static const char rcsid[] = "@(#) Id: rawfile.c,v 1.3 1998/06/12 19:42:38 michael Exp "; +#endif /* lint */ + char* elf_rawfile(Elf *elf, size_t *ptr) { size_t tmp; @@ -26,7 +30,9 @@ elf_rawfile(Elf *elf, size_t *ptr) { if (!ptr) { ptr = &tmp; } +/*@-boundswrite@*/ *ptr = 0; +/*@=boundswrite@*/ if (!elf) { return NULL; } @@ -36,6 +42,7 @@ elf_rawfile(Elf *elf, size_t *ptr) { } else if (elf->e_size && !elf->e_rawdata) { elf_assert(elf->e_data); +/*@-boundswrite@*/ if (!elf->e_cooked) { elf->e_rawdata = elf->e_data; } @@ -43,6 +50,7 @@ elf_rawfile(Elf *elf, size_t *ptr) { return NULL; } *ptr = elf->e_size; +/*@=boundswrite@*/ } return elf->e_rawdata; } diff --git a/libelf/lib/update.c b/libelf/lib/update.c index 9c3f792d9..c2cf50a13 100755 --- a/libelf/lib/update.c +++ b/libelf/lib/update.c @@ -89,9 +89,13 @@ scn_data_layout(Elf_Scn *scn, unsigned v, unsigned type, size_t *algn, unsigned len = max(len, sd->sd_data.d_off + fsize); } +/*@-boundsread@*/ *flag |= sd->sd_data_flags; +/*@=boundsread@*/ } +/*@-boundswrite@*/ *algn = scn_align; +/*@=boundswrite@*/ return (off_t)len; } @@ -127,7 +131,9 @@ _elf32_layout(Elf *elf, unsigned *flag) unsigned shnum; Elf_Scn *scn; +/*@-boundswrite@*/ *flag = elf->e_elf_flags | elf->e_phdr_flags; +/*@=boundswrite@*/ if ((version = ehdr->e_version) == EV_NONE) { version = EV_CURRENT; @@ -136,14 +142,18 @@ _elf32_layout(Elf *elf, unsigned *flag) seterr(ERROR_UNKNOWN_VERSION); return -1; } +/*@-boundsread@*/ if ((encoding = ehdr->e_ident[EI_DATA]) == ELFDATANONE) { encoding = native_encoding; } +/*@=boundsread@*/ if (!valid_encoding(encoding)) { seterr(ERROR_UNKNOWN_ENCODING); return -1; } +/*@-boundsread@*/ entsize = _fsize(ELFCLASS32, version, ELF_T_EHDR); +/*@=boundsread@*/ elf_assert(entsize); rewrite(ehdr->e_ehsize, entsize, elf->e_ehdr_flags); off = entsize; @@ -179,7 +189,9 @@ _elf32_layout(Elf *elf, unsigned *flag) elf_assert(scn->s_index == shnum); +/*@-boundsread@*/ *flag |= scn->s_scn_flags | scn->s_shdr_flags; +/*@=boundsread@*/ if (scn->s_index == SHN_UNDEF) { rewrite(shdr->sh_entsize, 0, scn->s_shdr_flags); @@ -272,6 +284,7 @@ _elf32_layout(Elf *elf, unsigned *flag) rewrite(ehdr->e_shnum, shnum, elf->e_ehdr_flags); rewrite(ehdr->e_shentsize, entsize, elf->e_ehdr_flags); +/*@-boundsread@*/ rewrite(ehdr->e_ident[EI_MAG0], ELFMAG0, elf->e_ehdr_flags); rewrite(ehdr->e_ident[EI_MAG1], ELFMAG1, elf->e_ehdr_flags); rewrite(ehdr->e_ident[EI_MAG2], ELFMAG2, elf->e_ehdr_flags); @@ -282,6 +295,7 @@ _elf32_layout(Elf *elf, unsigned *flag) rewrite(ehdr->e_version, version, elf->e_ehdr_flags); *flag |= elf->e_ehdr_flags; +/*@=boundsread@*/ return off; } @@ -303,7 +317,9 @@ _elf64_layout(Elf *elf, unsigned *flag) unsigned shnum; Elf_Scn *scn; +/*@-boundswrite@*/ *flag = elf->e_elf_flags | elf->e_phdr_flags; +/*@=boundswrite@*/ if ((version = ehdr->e_version) == EV_NONE) { version = EV_CURRENT; @@ -312,14 +328,18 @@ _elf64_layout(Elf *elf, unsigned *flag) seterr(ERROR_UNKNOWN_VERSION); return -1; } +/*@-boundsread@*/ if ((encoding = ehdr->e_ident[EI_DATA]) == ELFDATANONE) { encoding = native_encoding; } +/*@=boundsread@*/ if (!valid_encoding(encoding)) { seterr(ERROR_UNKNOWN_ENCODING); return -1; } +/*@-boundsread@*/ entsize = _fsize(ELFCLASS64, version, ELF_T_EHDR); +/*@=boundsread@*/ elf_assert(entsize); rewrite(ehdr->e_ehsize, entsize, elf->e_ehdr_flags); off = entsize; @@ -355,7 +375,9 @@ _elf64_layout(Elf *elf, unsigned *flag) elf_assert(scn->s_index == shnum); +/*@-boundsread@*/ *flag |= scn->s_scn_flags | scn->s_shdr_flags; +/*@=boundsread@*/ if (scn->s_index == SHN_UNDEF) { rewrite(shdr->sh_entsize, 0, scn->s_shdr_flags); @@ -378,9 +400,11 @@ _elf64_layout(Elf *elf, unsigned *flag) entsize = scn_entsize(elf, version, shdr->sh_type); if (entsize > 1) { /* Some architectures use 64-bit hash entries. */ +/*@-boundsread@*/ if (shdr->sh_type != SHT_HASH || shdr->sh_entsize != _fsize(elf->e_class, version, ELF_T_ADDR)) rewrite(shdr->sh_entsize, entsize, scn->s_shdr_flags); +/*@=boundsread@*/ } if (layout) { @@ -451,6 +475,7 @@ _elf64_layout(Elf *elf, unsigned *flag) rewrite(ehdr->e_shnum, shnum, elf->e_ehdr_flags); rewrite(ehdr->e_shentsize, entsize, elf->e_ehdr_flags); +/*@-boundsread@*/ rewrite(ehdr->e_ident[EI_MAG0], ELFMAG0, elf->e_ehdr_flags); rewrite(ehdr->e_ident[EI_MAG1], ELFMAG1, elf->e_ehdr_flags); rewrite(ehdr->e_ident[EI_MAG2], ELFMAG2, elf->e_ehdr_flags); @@ -461,6 +486,7 @@ _elf64_layout(Elf *elf, unsigned *flag) rewrite(ehdr->e_version, version, elf->e_ehdr_flags); *flag |= elf->e_ehdr_flags; +/*@=boundsread@*/ return off; } @@ -474,6 +500,7 @@ static int _elf_update_pointers(Elf *elf, char *outbuf, size_t len) /*@globals _elf_errno @*/ /*@modifies *elf, _elf_errno @*/ + /*@requires maxSet(outbuf) >= (len - 1) @*/ { Elf_Scn *scn; Scn_Data *sd; @@ -500,7 +527,9 @@ _elf_update_pointers(Elf *elf, char *outbuf, size_t len) } if (elf->e_rawdata == elf->e_data) { /* update frozen raw image */ +/*@-boundswrite@*/ /* FIX: realloc ensures annotation? */ memcpy(data, outbuf, len); +/*@=boundswrite@*/ elf->e_data = elf->e_rawdata = data; /* cooked data is stored outside the raw image */ return 0; @@ -511,7 +540,9 @@ _elf_update_pointers(Elf *elf, char *outbuf, size_t len) seterr(ERROR_IO_2BIG); return -1; } +/*@-boundsread@*/ memcpy(rawdata, outbuf, len); +/*@=boundsread@*/ elf->e_rawdata = rawdata; } if (data == elf->e_data) { @@ -568,7 +599,9 @@ _elf_update_pointers(Elf *elf, char *outbuf, size_t len) seterr(ERROR_IO_2BIG); return -1; } +/*@-boundsread@*/ memcpy(rawdata, outbuf + off, len); +/*@=boundsread@*/ if (sd->sd_data.d_buf == sd->sd_memdata) { sd->sd_data.d_buf = rawdata; } @@ -599,11 +632,15 @@ _elf32_write(Elf *elf, char *outbuf, size_t len) elf_assert(len); elf_assert(elf->e_ehdr); ehdr = (Elf32_Ehdr*)elf->e_ehdr; +/*@-boundsread@*/ encode = ehdr->e_ident[EI_DATA]; +/*@=boundsread@*/ src.d_buf = ehdr; src.d_type = ELF_T_EHDR; +/*@-boundsread@*/ src.d_size = _msize(ELFCLASS32, _elf_version, ELF_T_EHDR); +/*@=boundsread@*/ src.d_version = _elf_version; dst.d_buf = outbuf; dst.d_size = ehdr->e_ehsize; @@ -631,7 +668,9 @@ _elf32_write(Elf *elf, char *outbuf, size_t len) src.d_buf = &scn->s_uhdr; src.d_type = ELF_T_SHDR; +/*@-boundsread@*/ src.d_size = _msize(ELFCLASS32, EV_CURRENT, ELF_T_SHDR); +/*@=boundsread@*/ src.d_version = EV_CURRENT; dst.d_buf = outbuf + ehdr->e_shoff + scn->s_index * ehdr->e_shentsize; dst.d_size = ehdr->e_shentsize; @@ -683,13 +722,17 @@ _elf32_write(Elf *elf, char *outbuf, size_t len) } /* cleanup */ +/*@-boundswrite@*/ if (elf->e_readable && _elf_update_pointers(elf, outbuf, len)) { return -1; } +/*@=boundswrite@*/ /* NOTE: ehdr is no longer valid! */ ehdr = (Elf32_Ehdr*)elf->e_ehdr; elf_assert(ehdr); elf->e_encoding = ehdr->e_ident[EI_DATA]; +/*@-boundsread@*/ elf->e_version = ehdr->e_ident[EI_VERSION]; +/*@=boundsread@*/ elf->e_elf_flags &= ~ELF_F_DIRTY; elf->e_ehdr_flags &= ~ELF_F_DIRTY; elf->e_phdr_flags &= ~ELF_F_DIRTY; @@ -728,11 +771,15 @@ _elf64_write(Elf *elf, char *outbuf, size_t len) elf_assert(len); elf_assert(elf->e_ehdr); ehdr = (Elf64_Ehdr*)elf->e_ehdr; +/*@-boundsread@*/ encode = ehdr->e_ident[EI_DATA]; +/*@=boundsread@*/ src.d_buf = ehdr; src.d_type = ELF_T_EHDR; +/*@-boundsread@*/ src.d_size = _msize(ELFCLASS64, _elf_version, ELF_T_EHDR); +/*@=boundsread@*/ src.d_version = _elf_version; dst.d_buf = outbuf; dst.d_size = ehdr->e_ehsize; @@ -760,7 +807,9 @@ _elf64_write(Elf *elf, char *outbuf, size_t len) src.d_buf = &scn->s_uhdr; src.d_type = ELF_T_SHDR; +/*@-boundsread@*/ src.d_size = _msize(ELFCLASS64, EV_CURRENT, ELF_T_SHDR); +/*@=boundsread@*/ src.d_version = EV_CURRENT; dst.d_buf = outbuf + ehdr->e_shoff + scn->s_index * ehdr->e_shentsize; dst.d_size = ehdr->e_shentsize; @@ -812,13 +861,17 @@ _elf64_write(Elf *elf, char *outbuf, size_t len) } /* cleanup */ +/*@-boundswrite@*/ if (elf->e_readable && _elf_update_pointers(elf, outbuf, len)) { return -1; } +/*@=boundswrite@*/ /* NOTE: ehdr is no longer valid! */ ehdr = (Elf64_Ehdr*)elf->e_ehdr; elf_assert(ehdr); elf->e_encoding = ehdr->e_ident[EI_DATA]; +/*@-boundsread@*/ elf->e_version = ehdr->e_ident[EI_VERSION]; +/*@=boundsread@*/ elf->e_elf_flags &= ~ELF_F_DIRTY; elf->e_ehdr_flags &= ~ELF_F_DIRTY; elf->e_phdr_flags &= ~ELF_F_DIRTY; @@ -871,6 +924,7 @@ _elf_output(Elf *elf, int fd, size_t len, off_t (*_elf_write)(Elf*, char*, size_ return -1; } } +/*@-boundswrite@*/ /* FIX: mmap ensures annotation */ buf = (void*)mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf != (char*)-1) { /*@-nullpass@*/ @@ -882,6 +936,7 @@ _elf_output(Elf *elf, int fd, size_t len, off_t (*_elf_write)(Elf*, char*, size_ /*@=nullpass@*/ return err; } +/*@=boundswrite@*/ #endif /* HAVE_MMAP */ if (!(buf = (char*)malloc(len))) { seterr(ERROR_MEM_OUTBUF); diff --git a/libelf/lib/verdef.h b/libelf/lib/verdef.h index abfe0f429..db548ffbc 100755 --- a/libelf/lib/verdef.h +++ b/libelf/lib/verdef.h @@ -84,6 +84,7 @@ static void __load_verdaux(verdaux_mtype *dst, const verdaux_ftype *src, unsigned enc) /*@modifies *dst @*/ { +/*@-boundsread@*/ if (enc == ELFDATA2LSB) { dst->vda_name = __load_u32L(src->vda_name); dst->vda_next = __load_u32L(src->vda_next); @@ -92,12 +93,14 @@ __load_verdaux(verdaux_mtype *dst, const verdaux_ftype *src, unsigned enc) dst->vda_name = __load_u32M(src->vda_name); dst->vda_next = __load_u32M(src->vda_next); } +/*@=boundsread@*/ } static void __load_verdef(verdef_mtype *dst, const verdef_ftype *src, unsigned enc) /*@modifies *dst @*/ { +/*@-boundsread@*/ if (enc == ELFDATA2LSB) { dst->vd_version = __load_u16L(src->vd_version); dst->vd_flags = __load_u16L(src->vd_flags); @@ -116,6 +119,7 @@ __load_verdef(verdef_mtype *dst, const verdef_ftype *src, unsigned enc) dst->vd_aux = __load_u32M(src->vd_aux); dst->vd_next = __load_u32M(src->vd_next); } +/*@=boundsread@*/ } typedef verdaux_ftype verdaux_stype; diff --git a/libelf/lib/verneed.h b/libelf/lib/verneed.h index e110573d2..8b82467bc 100755 --- a/libelf/lib/verneed.h +++ b/libelf/lib/verneed.h @@ -86,6 +86,7 @@ static void __load_vernaux(vernaux_mtype *dst, const vernaux_ftype *src, unsigned enc) /*@modifies *dst @*/ { +/*@-boundsread@*/ if (enc == ELFDATA2LSB) { dst->vna_hash = __load_u32L(src->vna_hash); dst->vna_flags = __load_u16L(src->vna_flags); @@ -100,12 +101,14 @@ __load_vernaux(vernaux_mtype *dst, const vernaux_ftype *src, unsigned enc) dst->vna_name = __load_u32M(src->vna_name); dst->vna_next = __load_u32M(src->vna_next); } +/*@=boundsread@*/ } static void __load_verneed(verneed_mtype *dst, const verneed_ftype *src, unsigned enc) /*@modifies *dst @*/ { +/*@-boundsread@*/ if (enc == ELFDATA2LSB) { dst->vn_version = __load_u16L(src->vn_version); dst->vn_cnt = __load_u16L(src->vn_cnt); @@ -120,6 +123,7 @@ __load_verneed(verneed_mtype *dst, const verneed_ftype *src, unsigned enc) dst->vn_aux = __load_u32M(src->vn_aux); dst->vn_next = __load_u32M(src->vn_next); } +/*@=boundsread@*/ } typedef vernaux_ftype vernaux_stype; diff --git a/popt/.cvsignore b/popt/.cvsignore index bfe95bdee..996c66288 100644 --- a/popt/.cvsignore +++ b/popt/.cvsignore @@ -27,5 +27,6 @@ stamp-h.in test1 test2 *.la +*.lcd *.lo popt-*.tar.gz diff --git a/popt/.lclintrc b/popt/.lclintrc index 6a70b04ca..a3d22bc31 100644 --- a/popt/.lclintrc +++ b/popt/.lclintrc @@ -14,7 +14,7 @@ # --- in progress #+bounds # 56 -#+boundswrite # 40 ++boundswrite # 40 # --- +partial artifacts -exportlocal # 14 diff --git a/popt/Makefile.am b/popt/Makefile.am index 25dcf50ee..7565e7cad 100644 --- a/popt/Makefile.am +++ b/popt/Makefile.am @@ -34,6 +34,11 @@ libpopt_la_SOURCES = popt.c findme.c poptparse.c poptconfig.c popthelp.c man_MANS = popt.3 +BUILT_SOURCES = popt.lcd + +popt.lcd: Makefile.am ${libpopt_la_SOURCES} ${include_HEADERS} ${noinst_HEADERS} + lclint -dump $@ ${libpopt_la_SOURCES} + .PHONY: sources sources: @echo $(libpopt_la_SOURCES:%=popt/%) diff --git a/popt/popt.c b/popt/popt.c index 16bdbffe1..e4d6d31a0 100644 --- a/popt/popt.c +++ b/popt/popt.c @@ -202,6 +202,7 @@ static void cleanOSE(/*@special@*/ struct optionStackEntry *os) os->argb = PBM_FREE(os->argb); } +/*@-boundswrite@*/ void poptResetContext(poptContext con) { int i; @@ -234,8 +235,10 @@ void poptResetContext(poptContext con) return; /*@=nullstate@*/ } +/*@=boundswrite@*/ /* Only one of longName, shortName should be set, not both. */ +/*@-boundswrite@*/ static int handleExec(/*@special@*/ poptContext con, /*@null@*/ const char * longName, char shortName) /*@uses con->execs, con->numExecs, con->flags, con->doExec, @@ -293,6 +296,7 @@ static int handleExec(/*@special@*/ poptContext con, return 1; /*@=nullstate@*/ } +/*@=boundswrite@*/ /* Only one of longName, shortName may be set at a time */ static int handleAlias(/*@special@*/ poptContext con, @@ -435,6 +439,7 @@ static int execCommand(poptContext con) } /*@=bounds =boundswrite @*/ +/*@-boundswrite@*/ /*@observer@*/ /*@null@*/ static const struct poptOption * findOption(const struct poptOption * opt, /*@null@*/ const char * longName, char shortName, @@ -501,6 +506,7 @@ findOption(const struct poptOption * opt, /*@null@*/ const char * longName, return opt; } +/*@=boundswrite@*/ static const char * findNextArg(/*@special@*/ poptContext con, unsigned argx, int delete_arg) @@ -539,6 +545,7 @@ static const char * findNextArg(/*@special@*/ poptContext con, return arg; } +/*@-boundswrite@*/ static /*@only@*/ /*@null@*/ const char * expandNextArg(/*@special@*/ poptContext con, const char * s) /*@uses con->optionStack, con->os, @@ -587,6 +594,7 @@ expandNextArg(/*@special@*/ poptContext con, const char * s) t = realloc(t, strlen(t) + 1); /* XXX memory leak, hard to plug */ return t; } +/*@=boundswrite@*/ static void poptStripArg(/*@special@*/ poptContext con, int which) /*@uses con->arg_strip, con->optionStack @*/ @@ -604,6 +612,7 @@ static void poptStripArg(/*@special@*/ poptContext con, int which) /*@=compdef@*/ } +/*@-boundswrite@*/ static int poptSaveLong(const struct poptOption * opt, long aLong) /*@modifies opt->arg @*/ { @@ -631,7 +640,9 @@ static int poptSaveLong(const struct poptOption * opt, long aLong) } return 0; } +/*@=boundswrite@*/ +/*@-boundswrite@*/ static int poptSaveInt(const struct poptOption * opt, long aLong) /*@modifies opt->arg @*/ { @@ -659,7 +670,9 @@ static int poptSaveInt(const struct poptOption * opt, long aLong) } return 0; } +/*@=boundswrite@*/ +/*@-boundswrite@*/ /* returns 'val' element, -1 on last item, POPT_ERROR_* on error */ int poptGetNextOpt(poptContext con) { @@ -969,6 +982,7 @@ int poptGetNextOpt(poptContext con) return (opt ? opt->val : -1); /* XXX can't happen */ } +/*@=boundswrite@*/ const char * poptGetOptArg(poptContext con) { @@ -998,6 +1012,7 @@ const char * poptPeekArg(poptContext con) return ret; } +/*@-boundswrite@*/ const char ** poptGetArgs(poptContext con) { if (con == NULL || @@ -1011,6 +1026,7 @@ const char ** poptGetArgs(poptContext con) return (con->leftovers + con->nextLeftover); /*@=nullret =nullstate @*/ } +/*@=boundswrite@*/ poptContext poptFreeContext(poptContext con) { @@ -1073,6 +1089,7 @@ int poptAddAlias(poptContext con, struct poptAlias alias, return poptAddItem(con, item, 0); } +/*@-boundswrite@*/ /*@-mustmod@*/ /* LCL: con not modified? */ int poptAddItem(poptContext con, poptItem newItem, int flags) { @@ -1117,6 +1134,7 @@ int poptAddItem(poptContext con, poptItem newItem, int flags) return 0; } /*@=mustmod@*/ +/*@=boundswrite@*/ const char * poptBadOption(poptContext con, int flags) { @@ -1186,6 +1204,7 @@ const char * poptGetInvocationName(poptContext con) return (con->os->argv ? con->os->argv[0] : ""); } +/*@-boundswrite@*/ int poptStrippedArgv(poptContext con, int argc, char ** argv) { int numargs = argc; @@ -1209,3 +1228,4 @@ int poptStrippedArgv(poptContext con, int argc, char ** argv) return numargs; } +/*@=boundswrite@*/ diff --git a/popt/poptconfig.c b/popt/poptconfig.c index 58ccf0153..773964962 100644 --- a/popt/poptconfig.c +++ b/popt/poptconfig.c @@ -21,6 +21,7 @@ static void configLine(poptContext con, char * line) poptItem item = alloca(sizeof(*item)); int i, j; +/*@-boundswrite@*/ memset(item, 0, sizeof(*item)); /*@-type@*/ @@ -80,6 +81,7 @@ static void configLine(poptContext con, char * line) item->argc = j; } /*@=modobserver@*/ +/*@=boundswrite@*/ /*@-nullstate@*/ /* FIX: item->argv[] may be NULL */ if (!strcmp(entryType, "alias")) @@ -124,6 +126,7 @@ int poptReadConfigFile(poptContext con, const char * fn) if (close(fd) == -1) return POPT_ERROR_ERRNO; +/*@-boundswrite@*/ dst = buf = alloca(fileLength + 1); chptr = file; @@ -155,6 +158,7 @@ int poptReadConfigFile(poptContext con, const char * fn) } } /*@=infloops@*/ +/*@=boundswrite@*/ return 0; } diff --git a/popt/popthelp.c b/popt/popthelp.c index 261740b5e..5f9d54f54 100644 --- a/popt/popthelp.c +++ b/popt/popthelp.c @@ -131,6 +131,7 @@ singleOptionDefaultValue(int lineLength, char * l = le; if (le == NULL) return NULL; /* XXX can't happen */ +/*@-boundswrite@*/ *le = '\0'; *le++ = '('; strcpy(le, defstr); le += strlen(le); @@ -177,6 +178,7 @@ singleOptionDefaultValue(int lineLength, } *le++ = ')'; *le = '\0'; +/*@=boundswrite@*/ return l; } @@ -207,6 +209,7 @@ static void singleOptionHelp(FILE * fp, int maxLeftCol, if (opt->longName) nb += strlen(opt->longName); if (argDescrip) nb += strlen(argDescrip); +/*@-boundswrite@*/ left = malloc(nb); if (left == NULL) return; /* XXX can't happen */ left[0] = '\0'; @@ -223,6 +226,7 @@ static void singleOptionHelp(FILE * fp, int maxLeftCol, ((opt->argInfo & POPT_ARGFLAG_ONEDASH) ? "-" : "--"), opt->longName); if (!*left) goto out; + if (argDescrip) { char * le = left + strlen(left); @@ -306,6 +310,7 @@ static void singleOptionHelp(FILE * fp, int maxLeftCol, *le++ = ']'; *le = '\0'; } +/*@=boundswrite@*/ if (help) fprintf(fp," %-*s ", maxLeftCol, left); @@ -634,6 +639,7 @@ static int showShortOptions(const struct poptOption * opt, FILE * fp, } /*@=branchstate@*/ +/*@-boundswrite@*/ if (opt != NULL) for (; (opt->longName || opt->shortName || opt->arg); opt++) { if (opt->shortName && !(opt->argInfo & POPT_ARG_MASK)) @@ -642,6 +648,7 @@ static int showShortOptions(const struct poptOption * opt, FILE * fp, if (opt->arg) /* XXX program error */ (void) showShortOptions(opt->arg, fp, str); } +/*@=boundswrite@*/ if (s != str || *s != '\0') return 0; diff --git a/popt/poptparse.c b/popt/poptparse.c index 2ffb7dd29..20716014f 100644 --- a/popt/poptparse.c +++ b/popt/poptparse.c @@ -10,6 +10,7 @@ #define POPT_ARGV_ARRAY_GROW_DELTA 5 +/*@-boundswrite@*/ int poptDupArgv(int argc, const char **argv, int * argcPtr, const char *** argvPtr) { @@ -50,7 +51,9 @@ int poptDupArgv(int argc, const char **argv, *argcPtr = argc; return 0; } +/*@=boundswrite@*/ +/*@-bounds@*/ int poptParseArgvString(const char * s, int * argcPtr, const char *** argvPtr) { const char * src; @@ -116,3 +119,4 @@ exit: if (argv) free(argv); return rc; } +/*@=bounds@*/ diff --git a/popt/system.h b/popt/system.h index 338be45b3..1d1b9dae8 100644 --- a/popt/system.h +++ b/popt/system.h @@ -2,7 +2,17 @@ #include "config.h" #endif +#if defined (__GLIBC__) && defined(__LCLINT__) +/*@-declundef@*/ +/*@unchecked@*/ +extern __const __int32_t *__ctype_tolower; +/*@unchecked@*/ +extern __const __int32_t *__ctype_toupper; +/*@=declundef@*/ +#endif + #include + #include #include #include diff --git a/rpm.spec.in b/rpm.spec.in index 491c97485..dc1110968 100644 --- a/rpm.spec.in +++ b/rpm.spec.in @@ -290,7 +290,7 @@ fi %config(noreplace,missingok) /etc/cron.daily/rpm %config(noreplace,missingok) /etc/logrotate.d/rpm %dir /etc/rpm -%config(noreplace,missingok) /etc/rpm/macros.* +#%config(noreplace,missingok) /etc/rpm/macros.* %attr(0755, @RPMUSER@, @RPMGROUP@) %dir /var/lib/rpm %define rpmdbattr %attr(0644, @RPMUSER@, @RPMGROUP@) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) diff --git a/rpmdb/.cvsignore b/rpmdb/.cvsignore index d9e7e121d..79d57f5ea 100644 --- a/rpmdb/.cvsignore +++ b/rpmdb/.cvsignore @@ -7,4 +7,5 @@ Makefile.in db3lobjs tagtbl.c *.la +*.lcd *.lo diff --git a/rpmdb/.lclintrc b/rpmdb/.lclintrc index cd925dd35..4f1804ba5 100644 --- a/rpmdb/.lclintrc +++ b/rpmdb/.lclintrc @@ -12,6 +12,11 @@ +strict # lclint level +# --- in progress +#+bounds # 0 ++boundswrite # 0 ++slovak-fcns + # --- +partial artifacts -declundef -exportheadervar diff --git a/rpmdb/Makefile.am b/rpmdb/Makefile.am index 9e585219f..0dc40b7ce 100644 --- a/rpmdb/Makefile.am +++ b/rpmdb/Makefile.am @@ -52,9 +52,10 @@ install-data-local: sed -e "s|^dependency_libs='|& -lrpmio|" < librpmdb.la > .librpmdb.la && \ mv .librpmdb.la librpmdb.la -tagtbl.c: $(top_srcdir)/lib/rpmlib.h - @echo '#include "system.h"' > $@ - @echo '#include "lib/rpmlib.h"' >> $@ +tagtbl.c: Makefile.am $(top_srcdir)/lib/rpmlib.h + @echo '/*@-bounds@*/' > $@ + @echo '#include "system.h"' >> $@ + @echo '#include ' >> $@ @echo '' >> $@ @echo '/*@observer@*/ /*@unchecked@*/' >> $@ @echo 'static const struct headerTagTableEntry_s rpmTagTbl[] = {' >> $@ @@ -67,6 +68,7 @@ tagtbl.c: $(top_srcdir)/lib/rpmlib.h @echo '' >> $@ @echo '/*@unchecked@*/' >> $@ @echo 'const int rpmTagTableSize = sizeof(rpmTagTbl) / sizeof(rpmTagTbl[0]) - 1;' >> $@ + @echo '/*@=bounds@*/' >> $@ db.h: @ln -sf ../$(WITH_DB_SUBDIR)/db.h $@ @@ -83,6 +85,9 @@ clean-local: # XXX TODO: figger why .created addition here dinna work BUILT_SOURCES = tagtbl.c # .created +rpmdb.lcd: Makefile.am ${librpmdb_la_SOURCES} ${pkginc_HEADERS} ${noinst_HEADERS} + -lclint ${DEFS} ${INCLUDES} ${librpmdb_la_SOURCES} -dump $@ 2>/dev/null + .PHONY: sources sources: @echo $(librpmdb_la_SOURCES:%=rpmdb/%) diff --git a/rpmdb/hdrNVR.c b/rpmdb/hdrNVR.c index b739c894c..18f3e537d 100644 --- a/rpmdb/hdrNVR.c +++ b/rpmdb/hdrNVR.c @@ -11,6 +11,7 @@ int headerNVR(Header h, const char **np, const char **vp, const char **rp) int type; int count; +/*@-boundswrite@*/ if (np) { if (!(headerGetEntry(h, RPMTAG_NAME, &type, (void **) np, &count) && type == RPM_STRING_TYPE && count == 1)) @@ -26,5 +27,6 @@ int headerNVR(Header h, const char **np, const char **vp, const char **rp) && type == RPM_STRING_TYPE && count == 1)) *rp = NULL; } +/*@=boundswrite@*/ return 0; } diff --git a/rpmdb/header.c b/rpmdb/header.c index 83008ce7c..b9fb12ee3 100644 --- a/rpmdb/header.c +++ b/rpmdb/header.c @@ -419,6 +419,7 @@ static int dataLength(int_32 type, hPTR_t p, int_32 count, int onDisk) * @param regionid region offset * @return no. bytes of data in region, -1 on error */ +/*@-boundswrite@*/ static int regionSwab(/*@null@*/ indexEntry entry, int il, int dl, entryInfo pe, char * dataStart, int regionid) /*@modifies *entry, *dataStart @*/ @@ -514,9 +515,11 @@ static int regionSwab(/*@null@*/ indexEntry entry, int il, int dl, return dl; } +/*@=boundswrite@*/ /** \ingroup header */ +/*@-boundswrite@*/ static /*@only@*/ /*@null@*/ void * doHeaderUnload(Header h, /*@out@*/ int * lengthPtr) /*@modifies h, *lengthPtr @*/ @@ -764,6 +767,7 @@ errxit: /*@=usereleased@*/ return (void *) ei; } +/*@=boundswrite@*/ /** \ingroup header * Convert header to on-disk representation. @@ -798,8 +802,10 @@ indexEntry findEntry(/*@null@*/ Header h, int_32 tag, int_32 type) key.info.tag = tag; +/*@-boundswrite@*/ entry2 = entry = bsearch(&key, h->index, h->indexUsed, sizeof(*h->index), indexCmp); +/*@=boundswrite@*/ if (entry == NULL) return NULL; @@ -834,6 +840,7 @@ indexEntry findEntry(/*@null@*/ Header h, int_32 tag, int_32 type) * @param tag tag * @return 0 on success, 1 on failure (INCONSISTENT) */ +/*@-boundswrite@*/ static int headerRemoveEntry(Header h, int_32 tag) /*@modifies h @*/ @@ -872,12 +879,14 @@ int headerRemoveEntry(Header h, int_32 tag) return 0; } +/*@=boundswrite@*/ /** \ingroup header * Convert header to in-memory representation. * @param uh on-disk header blob (i.e. with offsets) * @return header */ +/*@-boundswrite@*/ static /*@null@*/ Header headerLoad(/*@kept@*/ void * uh) /*@modifies uh @*/ @@ -1054,6 +1063,7 @@ errxit: return h; /*@=refcounttrans =globstate@*/ } +/*@=boundswrite@*/ /** \ingroup header * Convert header to on-disk representation, and then reload. @@ -1062,6 +1072,7 @@ errxit: * @param tag region tag * @return on-disk header (with offsets) */ +/*@-boundswrite@*/ static /*@null@*/ Header headerReload(/*@only@*/ Header h, int tag) /*@modifies h @*/ @@ -1089,6 +1100,7 @@ Header headerReload(/*@only@*/ Header h, int tag) } return nh; } +/*@=boundswrite@*/ /** \ingroup header * Make a copy and convert header to in-memory representation. @@ -1130,6 +1142,7 @@ Header headerCopyLoad(const void * uh) * @param magicp read (and verify) 8 bytes of (magic, 0)? * @return header (or NULL on error) */ +/*@-boundswrite@*/ static /*@null@*/ Header headerRead(FD_t fd, enum hMagic magicp) /*@modifies fd @*/ @@ -1197,6 +1210,7 @@ exit: return h; /*@-mustmod@*/ } +/*@=boundswrite@*/ /** \ingroup header * Write (with unload) header to file handle. @@ -1265,6 +1279,7 @@ int headerIsEntry(/*@null@*/Header h, int_32 tag) * @param minMem string pointers refer to header memory? * @return 1 on success, otherwise error. */ +/*@-boundswrite@*/ static int copyEntry(const indexEntry entry, /*@null@*/ /*@out@*/ hTYP_t type, /*@null@*/ /*@out@*/ hPTR_t * p, @@ -1369,6 +1384,7 @@ static int copyEntry(const indexEntry entry, if (c) *c = count; return rc; } +/*@=boundswrite@*/ /** * Does locale match entry in header i18n table? @@ -1515,6 +1531,7 @@ headerFindI18NString(Header h, indexEntry entry) * @param minMem string pointers reference header memory? * @return 1 on success, 0 on not found */ +/*@-boundswrite@*/ static int intGetEntry(Header h, int_32 tag, /*@null@*/ /*@out@*/ hTAG_t type, /*@null@*/ /*@out@*/ hPTR_t * p, @@ -1553,6 +1570,7 @@ static int intGetEntry(Header h, int_32 tag, /* XXX 1 on success */ return ((rc == 1) ? 1 : 0); } +/*@=boundswrite@*/ /** \ingroup header * Free data allocated when retrieved from header. @@ -1622,6 +1640,7 @@ int headerGetEntryMinMemory(Header h, int_32 tag, return intGetEntry(h, tag, type, p, c, 1); } +/*@-boundswrite@*/ int headerGetRawEntry(Header h, int_32 tag, int_32 * type, hPTR_t * p, int_32 * c) { @@ -1645,9 +1664,11 @@ int headerGetRawEntry(Header h, int_32 tag, int_32 * type, hPTR_t * p, /* XXX 1 on success */ return ((rc == 1) ? 1 : 0); } +/*@=boundswrite@*/ /** */ +/*@-boundswrite@*/ static void copyData(int_32 type, /*@out@*/ void * dstPtr, const void * srcPtr, int_32 c, int dataLength) /*@modifies *dstPtr @*/ @@ -1678,6 +1699,7 @@ static void copyData(int_32 type, /*@out@*/ void * dstPtr, const void * srcPtr, break; } } +/*@=boundswrite@*/ /** * Return (malloc'ed) copy of entry data. @@ -1687,6 +1709,7 @@ static void copyData(int_32 type, /*@out@*/ void * dstPtr, const void * srcPtr, * @retval lengthPtr no. bytes in returned data * @return (malloc'ed) copy of entry data */ +/*@-boundswrite@*/ static void * grabData(int_32 type, hPTR_t p, int_32 c, /*@out@*/ int * lengthPtr) /*@modifies *lengthPtr @*/ @@ -1700,6 +1723,7 @@ static void * grabData(int_32 type, hPTR_t p, int_32 c, *lengthPtr = length; return data; } +/*@=boundswrite@*/ /** \ingroup header * Add tag to header. @@ -1760,6 +1784,7 @@ int headerAddEntry(Header h, int_32 tag, int_32 type, const void * p, int_32 c) * @param c number of values * @return 1 on success, 0 on failure */ +/*@-boundswrite@*/ static int headerAppendEntry(Header h, int_32 tag, int_32 type, const void * p, int_32 c) @@ -1796,6 +1821,7 @@ int headerAppendEntry(Header h, int_32 tag, int_32 type, return 1; } +/*@=boundswrite@*/ /** \ingroup header * Add or append element to tag array in header. @@ -1837,6 +1863,7 @@ int headerAddOrAppendEntry(Header h, int_32 tag, int_32 type, * @param lang locale * @return 1 on success, 0 on failure */ +/*@-bounds@*/ static int headerAddI18NString(Header h, int_32 tag, const char * string, const char * lang) @@ -1971,6 +1998,7 @@ int headerAddI18NString(Header h, int_32 tag, const char * string, return 0; } +/*@=bounds@*/ /** \ingroup header * Modify tag in header. @@ -2039,6 +2067,7 @@ static char escapedChar(const char ch) /*@*/ * @param num number of elements * @return NULL always */ +/*@-boundswrite@*/ static /*@null@*/ sprintfToken freeFormat( /*@only@*/ /*@null@*/ sprintfToken format, int num) /*@modifies *format @*/ @@ -2071,9 +2100,11 @@ freeFormat( /*@only@*/ /*@null@*/ sprintfToken format, int num) format = _free(format); return NULL; } +/*@=boundswrite@*/ /** */ +/*@-boundswrite@*/ static void findTag(char * name, const headerTagTableEntry tags, const headerSprintfExtension extensions, /*@out@*/ headerTagTableEntry * tagMatch, @@ -2123,6 +2154,7 @@ static void findTag(char * name, const headerTagTableEntry tags, return; } } +/*@=boundswrite@*/ /* forward ref */ static int parseExpression(sprintfToken token, char * str, @@ -2133,6 +2165,7 @@ static int parseExpression(sprintfToken token, char * str, /** */ +/*@-boundswrite@*/ static int parseFormat(/*@null@*/ char * str, const headerTagTableEntry tags, const headerSprintfExtension extensions, /*@out@*/sprintfToken * formatPtr, /*@out@*/int * numTokensPtr, @@ -2383,9 +2416,11 @@ static int parseFormat(/*@null@*/ char * str, const headerTagTableEntry tags, return 0; } +/*@=boundswrite@*/ /** */ +/*@-boundswrite@*/ static int parseExpression(sprintfToken token, char * str, const headerTagTableEntry tags, const headerSprintfExtension extensions, @@ -2511,6 +2546,7 @@ static int parseExpression(sprintfToken token, char * str, return 0; } +/*@=boundswrite@*/ /** * @return 0 on success, 1 on failure @@ -2528,9 +2564,11 @@ static int getExtension(Header h, headerTagTagFunction fn, ext->avail = 1; } +/*@-boundswrite@*/ if (typeptr) *typeptr = ext->type; if (data) *data = ext->data; if (countptr) *countptr = ext->count; +/*@=boundswrite@*/ return 0; } @@ -2589,7 +2627,9 @@ static char * formatValue(sprintfTag tag, Header h, type = RPM_INT32_TYPE; } +/*@-boundswrite@*/ (void) stpcpy( stpcpy(buf, "%"), tag->format); +/*@=boundswrite@*/ if (tag->type) { ext = extensions; @@ -2696,6 +2736,7 @@ static char * formatValue(sprintfTag tag, Header h, static char hex[] = "0123456789abcdef"; const char * s = data; +/*@-boundswrite@*/ need = 2*count + tag->pad; val = t = xmalloc(need+1); while (count-- > 0) { @@ -2705,6 +2746,7 @@ static char * formatValue(sprintfTag tag, Header h, *t++ = hex[ (i ) & 0xf ]; } *t = '\0'; +/*@=boundswrite@*/ #endif } break; @@ -2718,6 +2760,7 @@ static char * formatValue(sprintfTag tag, Header h, /*@-branchstate@*/ if (val && need > 0) { +/*@-boundswrite@*/ if (((*vallenp) + need) >= (*allocedp)) { if ((*allocedp) <= need) (*allocedp) += need; @@ -2732,6 +2775,7 @@ static char * formatValue(sprintfTag tag, Header h, te = stpcpy(t, val); (*vallenp) += (te - t); val = _free(val); +/*@=boundswrite@*/ } /*@=branchstate@*/ @@ -2762,6 +2806,7 @@ static char * singleSprintf(Header h, sprintfToken token, break; case PTOK_STRING: +/*@-boundswrite@*/ need = token->u.string.len; if (need <= 0) break; if (((*vallenp) + need) >= (*allocedp)) { @@ -2777,6 +2822,7 @@ static char * singleSprintf(Header h, sprintfToken token, t = (*valp) + (*vallenp); te = stpcpy(t, token->u.string.string); (*vallenp) += (te - t); +/*@=boundswrite@*/ break; case PTOK_TAG: @@ -2798,6 +2844,7 @@ static char * singleSprintf(Header h, sprintfToken token, need = condNumFormats * 20; if (condFormat == NULL || need <= 0) break; +/*@-boundswrite@*/ if (((*vallenp) + need) >= (*allocedp)) { if ((*allocedp) <= need) (*allocedp) += need; @@ -2808,6 +2855,7 @@ static char * singleSprintf(Header h, sprintfToken token, (*valp) = xrealloc((*valp), (*allocedp)+1); /*@=unqualifiedtrans@*/ } +/*@=boundswrite@*/ t = (*valp) + (*vallenp); for (i = 0; i < condNumFormats; i++) @@ -2837,6 +2885,7 @@ static char * singleSprintf(Header h, sprintfToken token, /*@loopbreak@*/ break; } +/*@-boundswrite@*/ if (numElements == -1) { need = sizeof("(none)") - 1; if (((*vallenp) + need) >= (*allocedp)) { @@ -2874,6 +2923,7 @@ static char * singleSprintf(Header h, sprintfToken token, valp, vallenp, allocedp); } } +/*@=boundswrite@*/ break; } @@ -2914,7 +2964,9 @@ freeExtensionCache(const headerSprintfExtension extensions, int i = 0; while (ext->type != HEADER_EXT_LAST) { +/*@-boundswrite@*/ if (cache[i].freeit) cache[i].data = _free(cache[i].data); +/*@=boundswrite@*/ i++; if (ext->type == HEADER_EXT_MORE) @@ -2999,11 +3051,13 @@ static char * octalFormat(int_32 type, hPTR_t data, if (type != RPM_INT32_TYPE) { val = xstrdup(_("(not a number)")); } else { +/*@-boundswrite@*/ val = xmalloc(20 + padding); strcat(formatPrefix, "o"); /*@-formatconst@*/ sprintf(val, formatPrefix, *((int_32 *) data)); /*@=formatconst@*/ +/*@=boundswrite@*/ } return val; @@ -3020,11 +3074,13 @@ static char * hexFormat(int_32 type, hPTR_t data, if (type != RPM_INT32_TYPE) { val = xstrdup(_("(not a number)")); } else { +/*@-boundswrite@*/ val = xmalloc(20 + padding); strcat(formatPrefix, "x"); /*@-formatconst@*/ sprintf(val, formatPrefix, *((int_32 *) data)); /*@=formatconst@*/ +/*@=boundswrite@*/ } return val; @@ -3045,6 +3101,7 @@ static char * realDateFormat(int_32 type, hPTR_t data, struct tm * tstruct; char buf[50]; +/*@-boundswrite@*/ val = xmalloc(50 + padding); strcat(formatPrefix, "s"); @@ -3058,6 +3115,7 @@ static char * realDateFormat(int_32 type, hPTR_t data, /*@-formatconst@*/ sprintf(val, formatPrefix, buf); /*@=formatconst@*/ +/*@=boundswrite@*/ } return val; @@ -3084,6 +3142,7 @@ static char * dayFormat(int_32 type, hPTR_t data, /** */ +/*@-boundswrite@*/ static char * shescapeFormat(int_32 type, hPTR_t data, char * formatPrefix, int padding, /*@unused@*/int element) /*@modifies formatPrefix @*/ @@ -3122,6 +3181,7 @@ static char * shescapeFormat(int_32 type, hPTR_t data, return result; } +/*@=boundswrite@*/ /*@-type@*/ /* FIX: cast? */ const struct headerSprintfExtension_s headerDefaultFormats[] = { @@ -3237,8 +3297,10 @@ int headerNextIterator(HeaderIterator hi, hi->next_index++; /*@=noeffect@*/ +/*@-boundswrite@*/ if (tag) *tag = entry->info.tag; +/*@=boundswrite@*/ rc = copyEntry(entry, type, p, c, 0); diff --git a/rpmdb/header_internal.c b/rpmdb/header_internal.c index 309b453de..87849c231 100644 --- a/rpmdb/header_internal.c +++ b/rpmdb/header_internal.c @@ -21,9 +21,11 @@ char ** headerGetLangs(Header h) if ((table = (char **)xcalloc((count+1), sizeof(char *))) == NULL) return NULL; +/*@-boundswrite@*/ for (i = 0, e = *s; i < count > 0; i++, e += strlen(e)+1) table[i] = e; table[count] = NULL; +/*@=boundswrite@*/ /*@-nullret@*/ return table; /*@=nullret@*/ /* LCL: double indirection? */ } diff --git a/rpmdb/legacy.c b/rpmdb/legacy.c index babe013d7..b859e69cc 100644 --- a/rpmdb/legacy.c +++ b/rpmdb/legacy.c @@ -53,6 +53,7 @@ static int open_dso(const char * path, /*@null@*/ pid_t * pidp, /*@null@*/ size_ initted++; } +/*@-boundswrite@*/ if (pidp) *pidp = 0; if (fsizep) { @@ -61,6 +62,7 @@ static int open_dso(const char * path, /*@null@*/ pid_t * pidp, /*@null@*/ size_ return -1; *fsizep = st->st_size; } +/*@=boundswrite@*/ fdno = open(path, O_RDONLY); if (fdno < 0) @@ -107,6 +109,7 @@ static int open_dso(const char * path, /*@null@*/ pid_t * pidp, /*@null@*/ size_ } /*@=branchstate =uniondef @*/ +/*@-boundswrite@*/ if (pidp != NULL && bingo) { int pipes[2]; int xx; @@ -131,6 +134,7 @@ static int open_dso(const char * path, /*@null@*/ pid_t * pidp, /*@null@*/ size_ fdno = pipes[0]; xx = close(pipes[1]); } +/*@=boundswrite@*/ exit: if (elf) (void) elf_end(elf); @@ -224,10 +228,12 @@ int domd5(const char * fn, unsigned char * digest, int asAscii, size_t *fsizep) } exit: +/*@-boundswrite@*/ if (fsizep) *fsizep = fsize; if (!rc) memcpy(digest, md5sum, md5len); +/*@=boundswrite@*/ md5sum = _free(md5sum); return rc; @@ -246,6 +252,7 @@ static int dncmp(const void * a, const void * b) return strcmp(*first, *second); } +/*@-bounds@*/ void compressFilelist(Header h) { HGE_t hge = (HGE_t)headerGetEntryMinMemory; @@ -336,6 +343,7 @@ exit: xx = hre(h, RPMTAG_OLDFILENAMES); } +/*@=bounds@*/ /* * This is pretty straight-forward. The only thing that even resembles a trick diff --git a/rpmdb/merge.c b/rpmdb/merge.c index e3fbd0d8f..531d63364 100644 --- a/rpmdb/merge.c +++ b/rpmdb/merge.c @@ -1,4 +1,4 @@ -/*@-mustmod -sizeoftype @*/ +/*@-bounds -mustmod -sizeoftype @*/ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. @@ -353,4 +353,4 @@ COPY: b = t; /*@=usereleased@*/ return (0); } -/*@=mustmod =sizeoftype @*/ +/*@=bounds =mustmod =sizeoftype @*/ diff --git a/rpmdb/poptDB.c b/rpmdb/poptDB.c index 6d5ea3570..2d7e51dbe 100644 --- a/rpmdb/poptDB.c +++ b/rpmdb/poptDB.c @@ -6,7 +6,6 @@ #include "system.h" #include -#include "legacy.h" /* XXX _noDirTokens */ #include "debug.h" diff --git a/rpmdb/rpmdb.h b/rpmdb/rpmdb.h index d97d2a208..459636635 100644 --- a/rpmdb/rpmdb.h +++ b/rpmdb/rpmdb.h @@ -1,5 +1,6 @@ #ifndef H_RPMDB #define H_RPMDB +/*@-bounds@*/ /** \ingroup rpmdb dbi db1 db3 * \file rpmdb/rpmdb.h @@ -1023,4 +1024,5 @@ int mergesort(void *base, size_t nmemb, size_t size, } #endif +/*@=bounds@*/ #endif /* H_RPMDB */ diff --git a/rpmdb/rpmhash.c b/rpmdb/rpmhash.c index 49c36787c..ac4c27099 100644 --- a/rpmdb/rpmhash.c +++ b/rpmdb/rpmhash.c @@ -98,6 +98,7 @@ hashTable htCreate(int numBuckets, int keySize, int freeData, return ht; } +/*@-boundswrite@*/ void htAddEntry(hashTable ht, const void * key, const void * data) { unsigned int hash; @@ -129,6 +130,7 @@ void htAddEntry(hashTable ht, const void * key, const void * data) b->data = xrealloc(b->data, sizeof(*b->data) * (b->dataCount + 1)); b->data[b->dataCount++] = data; } +/*@=boundswrite@*/ hashTable htFree(hashTable ht) { @@ -139,15 +141,19 @@ hashTable htFree(hashTable ht) b = ht->buckets[i]; if (b == NULL) continue; +/*@-boundswrite@*/ ht->buckets[i] = NULL; +/*@=boundswrite@*/ if (ht->keySize > 0) b->key = _free(b->key); do { n = b->next; /*@-branchstate@*/ if (b->data) { +/*@-boundswrite@*/ if (ht->freeData) *b->data = _free(*b->data); +/*@=boundswrite@*/ b->data = _free(b->data); } /*@=branchstate@*/ @@ -175,12 +181,14 @@ int htGetEntry(hashTable ht, const void * key, const void *** data, if ((b = findEntry(ht, key)) == NULL) return 1; +/*@-boundswrite@*/ if (data) *data = (const void **) b->data; if (dataCount) *dataCount = b->dataCount; if (tableKey) *tableKey = b->key; +/*@=boundswrite@*/ return 0; } diff --git a/rpmdb/tagname.c b/rpmdb/tagname.c index d30c2a54e..443493243 100644 --- a/rpmdb/tagname.c +++ b/rpmdb/tagname.c @@ -37,6 +37,7 @@ const char *const tagName(int tag) } strcpy(nameBuf, "(unknown)"); +/*@-boundswrite@*/ for (i = 0; i < rpmTagTableSize; i++) { if (tag != rpmTagTable[i].val) continue; @@ -47,6 +48,7 @@ const char *const tagName(int tag) *s = xtolower(*s); break; } +/*@=boundswrite@*/ return nameBuf; } diff --git a/rpmio/.cvsignore b/rpmio/.cvsignore index 3ee447e40..80c7e73cc 100644 --- a/rpmio/.cvsignore +++ b/rpmio/.cvsignore @@ -5,6 +5,7 @@ Makefile Makefile.in .libs *.la +*.lcd *.lo tdigest tdir diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am index 68bac6c10..ee348777b 100644 --- a/rpmio/Makefile.am +++ b/rpmio/Makefile.am @@ -45,6 +45,19 @@ $(top_builddir)/beecrypt/listobjs: clean-local: rm -f $(BEECRYPTLOBJS) *.o .created +BUILT_SOURCES = rpmio.lcd + +rpmio.lcd: Makefile.am ${librpmio_la_SOURCES} ${pkginc_HEADERS} ${noinst_HEADERS} + -lclint -load ../beecrypt/beecrypt.lcd $(DEFS) $(INCLUDES) $(librpmio_la_SOURCES) -dump $@ 2>/dev/null + +.PHONY: sources +sources: + @echo $(librpmio_la_SOURCES:%=rpmio/%) + +.PHONY: lclint +lclint: + lclint $(DEFS) $(INCLUDES) $(librpmio_la_SOURCES) + tdigest_SOURCES = tdigest.c tdigest_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la @@ -77,14 +90,6 @@ trpmio_LDADD = librpmio.la $(top_builddir)/popt/libpopt.la dumpasn1_SOURCES = dumpasn1.c -.PHONY: sources -sources: - @echo $(librpmio_la_SOURCES:%=rpmio/%) - -.PHONY: lclint -lclint: - lclint $(DEFS) $(INCLUDES) $(librpmio_la_SOURCES) - tficl.o: tficl.c $(COMPILE) -I/usr/include/ficl -o $@ -c tficl.c diff --git a/rpmio/rpmio_internal.h b/rpmio/rpmio_internal.h index dbd34be17..9bb9b7362 100644 --- a/rpmio/rpmio_internal.h +++ b/rpmio/rpmio_internal.h @@ -1,5 +1,6 @@ #ifndef H_RPMIO_INTERNAL #define H_RPMIO_INTERNAL +/*@-bounds@*/ /** \ingroup rpmio * \file rpmio/rpmio_internal.h @@ -550,4 +551,5 @@ int rpmioSlurp(const char * fn, } #endif +/*@=bounds@*/ #endif /* H_RPMIO_INTERNAL */ diff --git a/rpmio/rpmpgp.h b/rpmio/rpmpgp.h index ec4004ae6..e330a3d4b 100644 --- a/rpmio/rpmpgp.h +++ b/rpmio/rpmpgp.h @@ -1,5 +1,6 @@ #ifndef H_RPMPGP #define H_RPMPGP +/*@-bounds@*/ /** \ingroup rpmio * \file rpmio/rpmpgp.h @@ -1290,4 +1291,5 @@ uint32 pgpCRC(const byte *octets, size_t len) #endif /*@=fcnuse@*/ +/*@=bounds@*/ #endif /* H_RPMPGP */ diff --git a/system.h b/system.h index 7a5d25548..a313e0d32 100644 --- a/system.h +++ b/system.h @@ -175,7 +175,7 @@ char *realpath(const char *path, char resolved_path []); #if defined(__LCLINT__) /*@-declundef -incondefs @*/ /* LCL: missing annotation */ /*@only@*/ /*@out@*/ void * alloca (size_t __size) - /*@ensures MaxSet(result) == (__size - 1) @*/ + /*@ensures maxSet(result) == (__size - 1) @*/ /*@*/; /*@=declundef =incondefs @*/ #endif @@ -265,13 +265,13 @@ extern int _tolower(int) __THROW /*@*/; */ /*@mayexit@*/ /*@only@*/ /*@out@*/ void * xmalloc (size_t size) /*@globals errno @*/ - /*@ensures MaxSet(result) == (size - 1) @*/ + /*@ensures maxSet(result) == (size - 1) @*/ /*@modifies errno @*/; /** */ /*@mayexit@*/ /*@only@*/ void * xcalloc (size_t nmemb, size_t size) - /*@ensures MaxSet(result) == (nmemb - 1) @*/ + /*@ensures maxSet(result) == (nmemb - 1) @*/ /*@*/; /** @@ -279,7 +279,7 @@ extern int _tolower(int) __THROW /*@*/; */ /*@mayexit@*/ /*@only@*/ void * xrealloc (/*@null@*/ /*@only@*/ void * ptr, size_t size) - /*@ensures MaxSet(result) == (size - 1) @*/ + /*@ensures maxSet(result) == (size - 1) @*/ /*@modifies *ptr @*/; /** diff --git a/tools/rpmarchive.c b/tools/rpmarchive.c index 210fda1f1..34a06a059 100644 --- a/tools/rpmarchive.c +++ b/tools/rpmarchive.c @@ -2,7 +2,7 @@ #include "system.h" -#include "header.h" +#include #include "rpmlead.h" #include "signature.h" diff --git a/tools/rpmheader.c b/tools/rpmheader.c index 2cc79ec48..9633d9f3a 100644 --- a/tools/rpmheader.c +++ b/tools/rpmheader.c @@ -2,7 +2,7 @@ #include "system.h" -#include "header.h" +#include #include "rpmlead.h" #include "signature.h" #include "debug.h" diff --git a/tools/rpmlead.c b/tools/rpmlead.c index 7eb5c02f4..ff67fdb89 100644 --- a/tools/rpmlead.c +++ b/tools/rpmlead.c @@ -2,7 +2,7 @@ #include "system.h" -#include "rpmio.h" +#include #include "rpmlead.h" #include "debug.h" diff --git a/tools/rpmsignature.c b/tools/rpmsignature.c index e39c5142a..f916f5ec4 100644 --- a/tools/rpmsignature.c +++ b/tools/rpmsignature.c @@ -2,6 +2,7 @@ #include "system.h" +#include #include "rpmlead.h" #include "signature.h" #include "debug.h" diff --git a/zlib/.cvsignore b/zlib/.cvsignore index c81a83f61..d82285b88 100644 --- a/zlib/.cvsignore +++ b/zlib/.cvsignore @@ -26,5 +26,6 @@ mkinstalldirs stamp-h stamp-h.in *.la +*.lcd *.lo zlib-*.tar.gz diff --git a/zlib/.lclintrc b/zlib/.lclintrc index 64a631d07..1919ecfd8 100644 --- a/zlib/.lclintrc +++ b/zlib/.lclintrc @@ -12,17 +12,56 @@ -unrecogcomments # XXX ignore doxygen markings +strict # lclint level --includenest 16 # getting deep, sigh - -# --- not yet --retvalint # painful - --protoparammatch # 22 +# --- in progress +-abstract +-aliasunique +-branchstate +-casebreak +-castfcnptr +-commenterror +-compdef +-compmempass +-dependenttrans +-evalorder +-globs +-globstate +-immediatetrans +-infloopsuncon +-internalglobs +-kepttrans +-looploopbreak +-looploopcontinue +-loopswitchbreak +-modfilesys +-modnomods +-modobserveruncon +-moduncon +-modunconnomods +-mustmod +-noeffect -noeffectuncon # 22 - --sizeoftype # 110 +-nullderef +-nullpass +-nullret -nullstate # 36 +-observertrans +-oldstyle +-paramuse +-protoparammatch # 22 +-readonlytrans +-redef +-retalias +-retvalint # painful +-sizeoftype # 110 +-statictrans +-switchswitchbreak +-temptrans +-type +-unqualifiedtrans +-unsignedcompare +-usereleased +-whileempty # --- +partial artifacts -declundef @@ -47,8 +86,6 @@ -incondefs # heartburn -matchfields # heartburn -namechecks # tedious ANSI compliance checks --numenummembers 1024 # RPMTAG has 138 members --numstructfields 256 # Java jni.h has 229 fields -ptrarith # tedious -compdestroy diff --git a/zlib/Makefile.am b/zlib/Makefile.am index 43ad82565..3e6c29cdf 100644 --- a/zlib/Makefile.am +++ b/zlib/Makefile.am @@ -4,8 +4,6 @@ EXTRA_DIST = algorithm.txt ChangeLog Doxyfile FAQ INDEX README \ zlib.3 zlib.spec \ amiga/* contrib/* msdos/* nt/* os2/* -BUILT_SOURCES = Doxyfile - # crc32.h noinst_HEADERS = \ deflate.h infblock.h infcodes.h inffast.h inffixed.h \ @@ -26,6 +24,11 @@ example_LDFLAGS = -L. -lz minigzip_SOURCES = minigzip.c minigzip_LDFLAGS = -L. -lz +BUILT_SOURCES = Doxyfile zlib.lcd + +zlib.lcd: Makefile.am ${libz_la_SOURCES} ${noinst_HEADERS} + -lclint ${DEFS} ${INCLUDES} ${libz_la_SOURCES} -dump $@ 2>/dev/null + .PHONY: sources sources: @echo $(libz_la_SOURCES:%=zlib/%) diff --git a/zlib/Makefile.in b/zlib/Makefile.in index f943c7102..f649fb3de 100644 --- a/zlib/Makefile.in +++ b/zlib/Makefile.in @@ -93,8 +93,6 @@ EXTRA_DIST = algorithm.txt ChangeLog Doxyfile FAQ INDEX README \ amiga/* contrib/* msdos/* nt/* os2/* -BUILT_SOURCES = Doxyfile - # crc32.h noinst_HEADERS = \ deflate.h infblock.h infcodes.h inffast.h inffixed.h \ @@ -116,6 +114,8 @@ example_LDFLAGS = -L. -lz minigzip_SOURCES = minigzip.c minigzip_LDFLAGS = -L. -lz + +BUILT_SOURCES = Doxyfile zlib.lcd subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs @@ -469,6 +469,9 @@ uninstall-am: uninstall-info-am tags uninstall uninstall-am uninstall-info-am +zlib.lcd: Makefile.am ${libz_la_SOURCES} ${noinst_HEADERS} + -lclint ${DEFS} ${INCLUDES} ${libz_la_SOURCES} -dump $@ 2>/dev/null + .PHONY: sources sources: @echo $(libz_la_SOURCES:%=zlib/%) diff --git a/zlib/trees.c b/zlib/trees.c index 584ee4ef2..80db721b0 100644 --- a/zlib/trees.c +++ b/zlib/trees.c @@ -34,7 +34,7 @@ * Addison-Wesley, 1983. ISBN 0-201-06672-6. */ -/* @(#) $Id$ */ +/* @(#) $Id: trees.c,v 1.8 2002/03/17 15:46:23 jbj Exp $ */ /* #define GEN_TREES_H */ @@ -747,10 +747,7 @@ local void build_tree(deflate_state * s, tree_desc * desc) * @param tree the tree to be scanned * @param max_code and its largest code of non zero frequency */ -local void scan_tree (s, tree, max_code) - deflate_state *s; - ct_data *tree; /* the tree to be scanned */ - int max_code; /* and its largest code of non zero frequency */ +local void scan_tree (deflate_state *s, ct_data *tree, int max_code) { int n; /* iterates over all tree elements */ int prevlen = -1; /* last emitted length */ -- cgit v1.2.3