From dbbcadfc9cfe0ae671bbe66bcc0e0a52b7923752 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Wed, 6 Sep 2023 15:51:02 +0800 Subject: [PATCH] codecheck fix Signed-off-by: zhangxiaoyu (cherry picked from commit 7e6d92b3dce2cff7d06c4073cce6a4d27514b239) --- 0027-add-loongarch64-support-for-lxc.patch | 46 +- ...ost-return-codes-of-spawned-processe.patch | 6 +- 0035-codecheck-fix.patch | 650 ++++++++++++++++++ lxc.spec | 9 +- 4 files changed, 684 insertions(+), 27 deletions(-) create mode 100644 0035-codecheck-fix.patch diff --git a/0027-add-loongarch64-support-for-lxc.patch b/0027-add-loongarch64-support-for-lxc.patch index 7f68cf1..a688afd 100644 --- a/0027-add-loongarch64-support-for-lxc.patch +++ b/0027-add-loongarch64-support-for-lxc.patch @@ -9,10 +9,10 @@ Subject: [PATCH] add loongarch64 support for lxc 2 files changed, 77 insertions(+) diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c -index ebbba80..94dc23a 100644 +index a6e6d42..cba1031 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c -@@ -310,6 +310,7 @@ enum lxc_hostarch_t { +@@ -306,6 +306,7 @@ enum lxc_hostarch_t { lxc_seccomp_arch_ppc64, lxc_seccomp_arch_ppc64le, lxc_seccomp_arch_ppc, @@ -20,7 +20,7 @@ index ebbba80..94dc23a 100644 lxc_seccomp_arch_mips, lxc_seccomp_arch_mips64, lxc_seccomp_arch_mips64n32, -@@ -344,6 +345,8 @@ int get_hostarch(void) +@@ -340,6 +341,8 @@ int get_hostarch(void) return lxc_seccomp_arch_ppc64; else if (strncmp(uts.machine, "ppc", 3) == 0) return lxc_seccomp_arch_ppc; @@ -29,7 +29,7 @@ index ebbba80..94dc23a 100644 else if (strncmp(uts.machine, "mips64", 6) == 0) return MIPS_ARCH_N64; else if (strncmp(uts.machine, "mips", 4) == 0) -@@ -400,6 +403,11 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, +@@ -396,6 +399,11 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, arch = SCMP_ARCH_PPC; break; #endif @@ -41,7 +41,7 @@ index ebbba80..94dc23a 100644 #ifdef SCMP_ARCH_MIPS case lxc_seccomp_arch_mips: arch = SCMP_ARCH_MIPS; -@@ -738,6 +746,16 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c +@@ -739,6 +747,16 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c goto bad; #endif #endif @@ -58,7 +58,7 @@ index ebbba80..94dc23a 100644 #ifdef SCMP_ARCH_MIPS } else if (native_arch == lxc_seccomp_arch_mips64) { cur_rule_arch = lxc_seccomp_arch_all; -@@ -906,6 +924,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c +@@ -904,6 +922,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c cur_rule_arch = lxc_seccomp_arch_ppc; } #endif @@ -76,7 +76,7 @@ index ebbba80..94dc23a 100644 #ifdef SCMP_ARCH_MIPS else if (strcmp(line, "[mips64]") == 0 || strcmp(line, "[MIPS64]") == 0) { -@@ -1263,6 +1292,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c +@@ -1237,6 +1266,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c goto bad; #endif #endif @@ -94,7 +94,7 @@ index ebbba80..94dc23a 100644 #ifdef SCMP_ARCH_MIPS } else if (native_arch == lxc_seccomp_arch_mips64) { cur_rule_arch = lxc_seccomp_arch_all; -@@ -1434,6 +1474,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c +@@ -1408,6 +1448,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c cur_rule_arch = lxc_seccomp_arch_ppc; } #endif @@ -113,10 +113,10 @@ index ebbba80..94dc23a 100644 else if (strcmp(line, "[mips64]") == 0 || strcmp(line, "[MIPS64]") == 0) { diff --git a/src/lxc/syscall_numbers.h b/src/lxc/syscall_numbers.h -index c68cf24..01aa68d 100644 +index 803eab7..44a6494 100644 --- a/src/lxc/syscall_numbers.h +++ b/src/lxc/syscall_numbers.h -@@ -49,6 +49,8 @@ +@@ -51,6 +51,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_keyctl 5241 #endif @@ -125,7 +125,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_keyctl not defined for your architecture" -@@ -84,6 +86,8 @@ +@@ -88,6 +90,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 #define __NR_memfd_create 5314 #endif @@ -134,7 +134,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_memfd_create not defined for your architecture" -@@ -117,6 +121,8 @@ +@@ -123,6 +127,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_pivot_root 5151 #endif @@ -143,7 +143,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_pivot_root not defined for your architecture" -@@ -150,6 +156,8 @@ +@@ -158,6 +164,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_setns 5303 #endif @@ -152,7 +152,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_setns not defined for your architecture" -@@ -183,6 +191,8 @@ +@@ -193,6 +201,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_sethostname 5165 #endif @@ -161,7 +161,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_sethostname not defined for your architecture" -@@ -216,6 +226,8 @@ +@@ -228,6 +238,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_signalfd 5276 #endif @@ -170,7 +170,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_signalfd not defined for your architecture" -@@ -249,6 +261,8 @@ +@@ -263,6 +275,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_signalfd4 5283 #endif @@ -179,7 +179,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_signalfd4 not defined for your architecture" -@@ -282,6 +296,8 @@ +@@ -298,6 +312,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_unshare 5262 #endif @@ -188,7 +188,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_unshare not defined for your architecture" -@@ -315,6 +331,8 @@ +@@ -333,6 +349,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_bpf 5315 #endif @@ -197,7 +197,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_bpf not defined for your architecture" -@@ -348,6 +366,8 @@ +@@ -368,6 +386,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_faccessat 5259 #endif @@ -206,7 +206,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_faccessat not defined for your architecture" -@@ -401,6 +421,8 @@ +@@ -425,6 +445,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_seccomp 5312 #endif @@ -215,7 +215,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_seccomp not defined for your architecture" -@@ -434,6 +456,8 @@ +@@ -460,6 +482,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_gettid 5178 #endif @@ -224,7 +224,7 @@ index c68cf24..01aa68d 100644 #else #define -1 #warning "__NR_gettid not defined for your architecture" -@@ -471,6 +495,8 @@ +@@ -499,6 +523,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_execveat 5316 #endif @@ -234,5 +234,5 @@ index c68cf24..01aa68d 100644 #define -1 #warning "__NR_execveat not defined for your architecture" -- -2.33.0 +2.25.1 diff --git a/0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch b/0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch index cef5a25..a9d9a34 100644 --- a/0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch +++ b/0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch @@ -22,10 +22,10 @@ Signed-off-by: Mohammed Ajmal Siddiqui 1 file changed, 2 insertions(+) diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c -index fa303c7b4..6482b0aee 100644 +index fc0529a..96ed27b 100644 --- a/src/lxc/tools/lxc_attach.c +++ b/src/lxc/tools/lxc_attach.c -@@ -399,6 +399,8 @@ int lxc_attach_main(int argc, char *argv[]) +@@ -844,6 +844,8 @@ int main(int argc, char *argv[]) } if (WIFEXITED(ret)) wexit = WEXITSTATUS(ret); @@ -35,5 +35,5 @@ index fa303c7b4..6482b0aee 100644 out: lxc_container_put(c); -- -2.33.0 +2.25.1 diff --git a/0035-codecheck-fix.patch b/0035-codecheck-fix.patch new file mode 100644 index 0000000..ac498e5 --- /dev/null +++ b/0035-codecheck-fix.patch @@ -0,0 +1,650 @@ +From 103aff2c11b16a2b53b0339b0033a77b3348fec3 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Wed, 6 Sep 2023 15:14:06 +0800 +Subject: [PATCH] codecheck fix + +Signed-off-by: zhangxiaoyu +--- + src/lxc/af_unix.c | 4 +-- + src/lxc/attach.c | 2 +- + src/lxc/commands.c | 27 +++++++++++++---- + src/lxc/conf.c | 46 +++++++++++++++++++++++++++-- + src/lxc/exec_commands.c | 2 +- + src/lxc/file_utils.c | 2 +- + src/lxc/isulad_utils.c | 23 ++++++++++----- + src/lxc/json/json_common.c | 4 +-- + src/lxc/path.c | 32 ++++++++++++++++++-- + src/lxc/start.c | 60 +++++++++++++++++++++++++++++++------- + src/lxc/terminal.c | 24 ++++++++++++--- + 11 files changed, 186 insertions(+), 40 deletions(-) + +diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c +index 0be9368..d98a1f9 100644 +--- a/src/lxc/af_unix.c ++++ b/src/lxc/af_unix.c +@@ -170,10 +170,10 @@ int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data, + #ifdef HAVE_ISULAD + static int lxc_abstract_unix_recv_fds_iov(int fd, int *recvfds, int num_recvfds, + struct iovec *iov, size_t iovlen, unsigned int timeout) +-#else ++#else + static int lxc_abstract_unix_recv_fds_iov(int fd, int *recvfds, int num_recvfds, + struct iovec *iov, size_t iovlen) +-#endif ++#endif + { + __do_free char *cmsgbuf = NULL; + int ret; +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 24d020d..0ac37cc 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -735,7 +735,7 @@ static int attach_child_main(struct attach_clone_payload *payload) + ret = sigfillset(&mask); + if (ret < 0) { + SYSERROR("Failed to fill signal mask"); +- goto on_error;; ++ goto on_error; + } + ret = sigprocmask(SIG_UNBLOCK, &mask, NULL); + if (ret < 0) { +diff --git a/src/lxc/commands.c b/src/lxc/commands.c +index c2a5665..d6b9939 100644 +--- a/src/lxc/commands.c ++++ b/src/lxc/commands.c +@@ -1504,17 +1504,32 @@ int lxc_cmd_set_terminal_fifos(const char *name, const char *lxcpath, const char + const char *out_fifo, const char *err_fifo) + { + int ret = 0, stopped = 0; +- int len = 0; ++ size_t len = 0; + char *tmp = NULL; + const char *split = "&&&&", *none_fifo_name = "none"; + const char *cmd_in_fifo = in_fifo ? in_fifo : none_fifo_name; + const char *cmd_out_fifo = out_fifo ? out_fifo : none_fifo_name; + const char *cmd_err_fifo = err_fifo ? err_fifo : none_fifo_name; + +- if (len + strlen(cmd_in_fifo) + strlen(split) + strlen(cmd_out_fifo) + +- strlen(split) + strlen(cmd_err_fifo) == SIZE_MAX) ++ if (name == NULL) { + return -1; +- len += strlen(cmd_in_fifo) + strlen(split) + strlen(cmd_out_fifo) + strlen(split) + strlen(cmd_err_fifo) + 1; ++ } ++ ++ // format: cmd_in_fifo + split + cmd_out_fifo + split + cmd_err_fifo + '\0' ++ if (strlen(cmd_in_fifo) > SIZE_MAX - strlen(split) - strlen(split) - 1) { ++ return -1; ++ } ++ len += strlen(cmd_in_fifo) + strlen(split) + strlen(split) + 1; ++ ++ if (strlen(cmd_out_fifo) > SIZE_MAX - len) { ++ return -1; ++ } ++ len += strlen(cmd_out_fifo); ++ ++ if (strlen(cmd_err_fifo) > SIZE_MAX - len) { ++ return -1; ++ } ++ len += strlen(cmd_err_fifo); + tmp = malloc(len); + if (tmp == NULL) + return -1; +@@ -1556,7 +1571,7 @@ static int lxc_cmd_set_terminal_fifos_callback(int fd, struct lxc_cmd_req *req, + struct lxc_cmd_rsp rsp; + memset(&rsp, 0, sizeof(rsp)); + +- rsp.ret = lxc_terminal_add_fifos(handler->conf, req->data);; ++ rsp.ret = lxc_terminal_add_fifos(handler->conf, req->data); + + return lxc_cmd_rsp_send(fd, &rsp); + } +@@ -1602,7 +1617,7 @@ static int lxc_cmd_set_terminal_winch_callback(int fd, struct lxc_cmd_req *req, + struct lxc_cmd_set_terminal_winch_request *data = (struct lxc_cmd_set_terminal_winch_request *)(req->data); + memset(&rsp, 0, sizeof(rsp)); + +- rsp.ret = lxc_set_terminal_winsz(&handler->conf->console, data->height, data->width);; ++ rsp.ret = lxc_set_terminal_winsz(&handler->conf->console, data->height, data->width); + + return lxc_cmd_rsp_send(fd, &rsp); + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index a5573ac..3e31691 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -4640,7 +4640,11 @@ static struct lxc_list *get_minimal_idmap(const struct lxc_conf *conf, + int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data, + const char *fn_name) + { ++#ifdef HAVE_ISULAD ++ struct lxc_list *idmap = NULL; ++#else + call_cleaner(lxc_free_idmap) struct lxc_list *idmap = NULL; ++#endif + int ret = -1, status = -1; + char c = '1'; + struct userns_fn_data d = { +@@ -4659,8 +4663,16 @@ int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data, + return ret_errno(ENOENT); + + ret = pipe2(pipe_fds, O_CLOEXEC); ++#ifdef HAVE_ISULAD ++ if (ret < 0) { ++ lxc_free_idmap(idmap); ++ free(idmap); ++ return -errno; ++ } ++#else + if (ret < 0) + return -errno; ++#endif + + d.p[0] = pipe_fds[0]; + d.p[1] = pipe_fds[1]; +@@ -4710,6 +4722,11 @@ on_error: + if (status < 0) + ret = -1; + ++#ifdef HAVE_ISULAD ++ lxc_free_idmap(idmap); ++ free(idmap); ++#endif ++ + return ret; + } + +@@ -4717,7 +4734,11 @@ int userns_exec_minimal(const struct lxc_conf *conf, + int (*fn_parent)(void *), void *fn_parent_data, + int (*fn_child)(void *), void *fn_child_data) + { ++#ifdef HAVE_ISULAD ++ struct lxc_list *idmap = NULL; ++#else + call_cleaner(lxc_free_idmap) struct lxc_list *idmap = NULL; ++#endif + uid_t resuid = LXC_INVALID_UID; + gid_t resgid = LXC_INVALID_GID; + char c = '1'; +@@ -4733,8 +4754,16 @@ int userns_exec_minimal(const struct lxc_conf *conf, + return ret_errno(ENOENT); + + ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, sock_fds); ++#ifdef HAVE_ISULAD ++ if (ret < 0) { ++ lxc_free_idmap(idmap); ++ free(idmap); ++ return -errno; ++ } ++#else + if (ret < 0) + return -errno; ++#endif + + pid = fork(); + if (pid < 0) { +@@ -4830,6 +4859,11 @@ on_error: + close_prot_errno_disarm(sock_fds[0]); + close_prot_errno_disarm(sock_fds[1]); + ++#ifdef HAVE_ISULAD ++ lxc_free_idmap(idmap); ++ free(idmap); ++#endif ++ + /* Wait for child to finish. */ + if (pid < 0) + return -1; +@@ -5468,6 +5502,10 @@ int lxc_drop_caps(struct lxc_conf *conf) + struct lxc_list *caps = NULL; + int *caplist = NULL; + ++ if (conf == NULL) { ++ return -1; ++ } ++ + if (lxc_list_empty(&conf->keepcaps)) + return 0; + +@@ -5654,7 +5692,7 @@ static int mount_entry_with_loop_dev(const char *src, const char *dest, const ch + if (srcfd < 0) + return srcfd; + ret = snprintf(srcbuf, sizeof(srcbuf), "/proc/self/fd/%d", srcfd); +- if (ret < 0 || ret > sizeof(srcbuf)) { ++ if (ret < 0 || (size_t)ret >= sizeof(srcbuf)) { + close(srcfd); + ERROR("Failed to print string"); + return -EINVAL; +@@ -5673,7 +5711,7 @@ static int mount_entry_with_loop_dev(const char *src, const char *dest, const ch + } + + ret = snprintf(destbuf, sizeof(destbuf), "/proc/self/fd/%d", destfd); +- if (ret < 0 || ret > sizeof(destbuf)) { ++ if (ret < 0 || (size_t)ret >= sizeof(destbuf)) { + if (srcfd != -1) + close(srcfd); + close(destfd); +@@ -6245,6 +6283,7 @@ static char **merge_ocihook_env(char **oldenvs, size_t env_len, size_t *merge_en + size_t env_buf_len = 0; + tmpenv = getenv(lxc_envs[j]); + if (tmpenv && i < (result_len - 1)) { ++ int nret = 0; + if (strlen(tmpenv) > (SIZE_MAX - 1 - 1 - strlen(lxc_envs[j]))) { + lxc_free_array((void **)result, free); + return NULL; +@@ -6255,7 +6294,8 @@ static char **merge_ocihook_env(char **oldenvs, size_t env_len, size_t *merge_en + lxc_free_array((void **)result, free); + return NULL; + } +- if (snprintf(lxcenv_buf, env_buf_len, "%s=%s", lxc_envs[j], tmpenv) < 0) { ++ nret = snprintf(lxcenv_buf, env_buf_len, "%s=%s", lxc_envs[j], tmpenv); ++ if (nret < 0 || nret >= env_buf_len) { + free(lxcenv_buf); + continue; + } +diff --git a/src/lxc/exec_commands.c b/src/lxc/exec_commands.c +index 50246fa..52067e1 100644 +--- a/src/lxc/exec_commands.c ++++ b/src/lxc/exec_commands.c +@@ -228,7 +228,7 @@ static int lxc_exec_cmd_set_terminal_winch_callback(int fd, struct lxc_exec_cmd_ + struct lxc_exec_cmd_set_terminal_winch_request *data = (struct lxc_exec_cmd_set_terminal_winch_request *)(req->data); + memset(&rsp, 0, sizeof(rsp)); + +- rsp.ret = lxc_set_terminal_winsz(handler->terminal, data->height, data->width);; ++ rsp.ret = lxc_set_terminal_winsz(handler->terminal, data->height, data->width); + + return lxc_exec_cmd_rsp_send(fd, &rsp); + +diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c +index 681207b..1c18769 100644 +--- a/src/lxc/file_utils.c ++++ b/src/lxc/file_utils.c +@@ -128,7 +128,7 @@ ssize_t lxc_write_nointr_for_fifo(int fd, const char *buf, size_t count) + ssize_t nret = 0; + ssize_t nwritten; + +- if (buf == NULL) { ++ if (fd < 0 || buf == NULL) { + return -1; + } + +diff --git a/src/lxc/isulad_utils.c b/src/lxc/isulad_utils.c +index ee39302..c71bb5b 100644 +--- a/src/lxc/isulad_utils.c ++++ b/src/lxc/isulad_utils.c +@@ -42,14 +42,14 @@ int lxc_mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize) + { + void *tmp = NULL; + +- if (newsize == 0) { +- goto err_out; ++ if (newptr == NULL || newsize == 0) { ++ return -1; + } + + tmp = lxc_common_calloc_s(newsize); + if (tmp == NULL) { + ERROR("Failed to malloc memory"); +- goto err_out; ++ return -1; + } + + if (oldptr != NULL) { +@@ -62,9 +62,6 @@ int lxc_mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize) + + *newptr = tmp; + return 0; +- +-err_out: +- return -1; + } + + char *safe_strdup(const char *src) +@@ -87,6 +84,10 @@ int lxc_open(const char *filename, int flags, mode_t mode) + { + char rpath[PATH_MAX] = {0x00}; + ++ if (filename == NULL) { ++ return -1; ++ } ++ + if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) { + return -1; + } +@@ -101,6 +102,10 @@ FILE *lxc_fopen(const char *filename, const char *mode) + { + char rpath[PATH_MAX] = {0x00}; + ++ if (filename == NULL || mode == NULL || strlen(mode) == 0) { ++ return NULL; ++ } ++ + if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) { + return NULL; + } +@@ -137,6 +142,10 @@ int lxc_file2str(const char *filename, char ret[], int cap) + { + int fd, num_read; + ++ if (filename == NULL || ret == NULL || cap == 0) { ++ return -1; ++ } ++ + if ((fd = lxc_open(filename, O_RDONLY | O_CLOEXEC, 0)) == -1) + return -1; + if ((num_read = read(fd, ret, cap - 1)) <= 0) +@@ -455,7 +464,7 @@ static int parse_line_pw(const char delim, char *line, struct passwd *result) + return 0; + } + +-char *util_left_trim_space(char *str) ++static char *util_left_trim_space(char *str) + { + char *begin = str; + char *tmp = str; +diff --git a/src/lxc/json/json_common.c b/src/lxc/json/json_common.c +index ec20c59..dd4dfcd 100755 +--- a/src/lxc/json/json_common.c ++++ b/src/lxc/json/json_common.c +@@ -682,7 +682,7 @@ yajl_gen_status gen_json_map_int_string(void *ctx, json_map_int_string *map, str + if (yajl_gen_status_ok != stat) { + GEN_SET_ERROR_AND_RETURN(stat, err); + } +- stat = reformat_string(g, map->values[i], strlen(map->values[i]));; ++ stat = reformat_string(g, map->values[i], strlen(map->values[i])); + if (yajl_gen_status_ok != stat) { + GEN_SET_ERROR_AND_RETURN(stat, err); + } +@@ -1048,7 +1048,7 @@ yajl_gen_status gen_json_map_string_string(void *ctx, json_map_string_string *ma + if (yajl_gen_status_ok != stat) { + GEN_SET_ERROR_AND_RETURN(stat, err); + } +- stat = reformat_string(g, map->values[i], strlen(map->values[i]));; ++ stat = reformat_string(g, map->values[i], strlen(map->values[i])); + if (yajl_gen_status_ok != stat) { + GEN_SET_ERROR_AND_RETURN(stat, err); + } +diff --git a/src/lxc/path.c b/src/lxc/path.c +index c0529b7..25dd68d 100644 +--- a/src/lxc/path.c ++++ b/src/lxc/path.c +@@ -30,6 +30,10 @@ bool specify_current_dir(const char *path) + char *basec = NULL, *bname = NULL; + bool res = false; + ++ if (path == NULL) { ++ return false; ++ } ++ + basec = safe_strdup(path); + + bname = basename(basec); +@@ -59,6 +63,10 @@ char *preserve_trailing_dot_or_separator(const char *cleanedpath, + char *respath = NULL; + size_t len; + ++ if (cleanedpath == NULL || originalpath == NULL) { ++ return NULL; ++ } ++ + if (strlen(cleanedpath) > (SIZE_MAX - 3)) { + return NULL; + } +@@ -96,6 +104,10 @@ bool filepath_split(const char *path, char **dir, char **base) + ssize_t i; + size_t len; + ++ if (path == NULL || dir == NULL || base == NULL) { ++ return false; ++ } ++ + len = strlen(path); + if (len >= PATH_MAX) { + ERROR("Invalid path"); +@@ -138,7 +150,7 @@ static bool do_clean_path_continue(const char *endpos, const char *stpos, const + return false; + } + +-int do_clean_path(const char *respath, const char *limit_respath, ++static int do_clean_path(const char *respath, const char *limit_respath, + const char *stpos, char **dst) + { + char *dest = *dst; +@@ -515,6 +527,11 @@ char *follow_symlink_in_scope(const char *fullpath, const char *rootpath) + char resfull[PATH_MAX] = {0}, *full = NULL; + char resroot[PATH_MAX] = {0}, *root = NULL; + ++ if (fullpath == NULL || rootpath == NULL) { ++ ERROR("Invalid arguments"); ++ return NULL; ++ } ++ + full = cleanpath(fullpath, resfull, PATH_MAX); + if (!full) { + ERROR("Failed to get cleaned path"); +@@ -544,6 +561,7 @@ int get_resource_path(const char *rootpath, const char *path, + char resolved[PATH_MAX] = {0}, *cleanedpath = NULL; + char *fullpath = NULL; + size_t len; ++ int nret = 0; + + if (!rootpath || !path || !scopepath) + return -1; +@@ -562,7 +580,12 @@ int get_resource_path(const char *rootpath, const char *path, + ERROR("Out of memory"); + return -1; + } +- snprintf(fullpath, len, "%s%s", rootpath, cleanedpath); ++ nret = snprintf(fullpath, len, "%s%s", rootpath, cleanedpath); ++ if (nret < 0 || nret >= len) { ++ ERROR("Failed to snprintf"); ++ free(fullpath); ++ return -1; ++ } + + *scopepath = follow_symlink_in_scope(fullpath, rootpath); + +@@ -584,6 +607,11 @@ char *path_relative(const char *basepath, const char *targpath) + char restarg[PATH_MAX] = {0}, *targ = NULL; + size_t bl = 0, tl = 0, b0 = 0, bi = 0, t0 = 0, ti = 0; + ++ if (basepath == NULL || targpath == NULL) { ++ ERROR("Invalid arguments"); ++ return NULL; ++ } ++ + base = cleanpath(basepath, resbase, PATH_MAX); + if (!base) { + ERROR("Failed to get cleaned path"); +diff --git a/src/lxc/start.c b/src/lxc/start.c +index 6fe1203..5de444d 100644 +--- a/src/lxc/start.c ++++ b/src/lxc/start.c +@@ -906,7 +906,7 @@ struct start_timeout_conf { + int errfd; + }; + +-void trim_line(char *s) ++static void trim_line(char *s) + { + size_t len; + +@@ -1005,7 +1005,7 @@ static int _recursive_read_cgroup_procs(const char *dirpath, pid_t **pids, size_ + return failed ? -1 : 0; + } + +-int get_all_pids(struct cgroup_ops *cg_ops, pid_t **pids, size_t *len) ++static int get_all_pids(struct cgroup_ops *cg_ops, pid_t **pids, size_t *len) + { + const char *devices_path = NULL; + +@@ -2875,6 +2875,7 @@ static int clean_resource_set_env(struct lxc_handler *handler) + } + + for (; i < conf->ocihooks->poststop_len; i++) { ++ int nret = 0; + size_t cap = conf->ocihooks->poststop[i]->env_len; + size_t newcap = cap + len + 1; + if (lxc_grow_array((void ***)&(conf->ocihooks->poststop[i]->env), &cap, newcap, 1) != 0) { +@@ -2883,38 +2884,70 @@ static int clean_resource_set_env(struct lxc_handler *handler) + j = conf->ocihooks->poststop[i]->env_len; + /* Start of environment variable setup for hooks. */ + if (name) { +- snprintf(bufstr, PATH_MAX + 1, "LXC_NAME=%s", name); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_NAME=%s", name); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + } + if (conf->rcfile) { +- snprintf(bufstr, PATH_MAX + 1, "LXC_CONFIG_FILE=%s", conf->rcfile); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CONFIG_FILE=%s", conf->rcfile); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + } + if (conf->rootfs.mount) { +- snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_MOUNT=%s", conf->rootfs.mount); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_MOUNT=%s", conf->rootfs.mount); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + } + if (conf->rootfs.path) { +- snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_PATH=%s", conf->rootfs.path); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_PATH=%s", conf->rootfs.path); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + } + if (conf->console.path) { +- snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE=%s", conf->console.path); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE=%s", conf->console.path); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + } + if (conf->console.log_path) { +- snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE_LOGPATH=%s", conf->console.log_path); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE_LOGPATH=%s", conf->console.log_path); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup("LXC_CGNS_AWARE=1"); ++ conf->ocihooks->poststop[i]->env_len++; + +- snprintf(bufstr, PATH_MAX + 1, "LXC_PID=%d", handler->pid); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_PID=%d", handler->pid); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + if (handler->cgroup_ops->container_cgroup) { +- snprintf(bufstr, PATH_MAX + 1, "LXC_CGROUP_PATH=%s", handler->cgroup_ops->container_cgroup); ++ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CGROUP_PATH=%s", handler->cgroup_ops->container_cgroup); ++ if (nret < 0 || nret > PATH_MAX) { ++ return -1; ++ } + conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr); ++ conf->ocihooks->poststop[i]->env_len++; + } +- conf->ocihooks->poststop[i]->env_len = j; + /* End of environment variable setup for hooks. */ + } + return 0; +@@ -3075,6 +3108,11 @@ int do_lxcapi_get_pids(char *name, char *lxcpath, struct lxc_conf *conf, pid_t * + struct lxc_handler *handler = NULL; + struct cgroup_ops *cg_ops = NULL; + ++ if (conf == NULL || pids == NULL || pids_len == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ + handler = lxc_init_pids_handler(name, lxcpath, conf); + if (!handler) { + ERROR("Failed to init container %s clean handler", name); +diff --git a/src/lxc/terminal.c b/src/lxc/terminal.c +index 0539eca..88d4d94 100644 +--- a/src/lxc/terminal.c ++++ b/src/lxc/terminal.c +@@ -194,6 +194,11 @@ int lxc_set_terminal_winsz(struct lxc_terminal *terminal, unsigned int height, u + int ret = 0; + struct winsize wsz; + ++ if (terminal == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ + if (terminal->ptmx < 0) { + return 0; + } +@@ -225,6 +230,10 @@ static int lxc_terminal_rename_old_log_file(struct lxc_terminal *terminal) + char tmp[PATH_MAX] = {0}; + char *rename_fname = NULL; + ++ if (terminal->log_rotate == 0) { ++ return 0; ++ } ++ + for (i = terminal->log_rotate - 1; i > 1; i--) { + ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, i); + if (ret < 0 || ret >= PATH_MAX) { +@@ -413,10 +422,12 @@ static bool get_time_buffer(struct timespec *timestamp, char *timebuffer, + + seconds = (time_t)timestamp->tv_sec; + gmtime_r(&seconds, &tm_utc); +- strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc); ++ len = strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc); ++ if (len == 0) { ++ return false; ++ } + + nanos = (int32_t)timestamp->tv_nsec; +- len = strlen(timebuffer); + ret = snprintf(timebuffer + len, (maxsize - len), ".%09dZ", nanos); + if (ret < 0 || ret >= (maxsize - len)) { + return false; +@@ -1548,7 +1559,7 @@ static int terminal_fifo_open(const char *fifo_path, int flags) + return fd; + } + +-bool fifo_exists(const char *path) ++static bool fifo_exists(const char *path) + { + struct stat sb; + int ret; +@@ -1715,11 +1726,16 @@ err: + int lxc_terminal_add_fifos(struct lxc_conf *conf, const char *fifonames) + { + int ret = 0; +- struct lxc_terminal *terminal = &conf->console; ++ struct lxc_terminal *terminal = NULL; + int fifofd_in = -1; + char *tmp = NULL, *saveptr = NULL, *in = NULL, *out = NULL, *err = NULL; + const char *none_fifo_name = "none"; + ++ if (conf == NULL || fifonames == NULL) { ++ return -1; ++ } ++ ++ terminal = &conf->console; + tmp = safe_strdup(fifonames); + + in = strtok_r(tmp, "&&&&", &saveptr); +-- +2.25.1 + diff --git a/lxc.spec b/lxc.spec index 013d402..eb47190 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2022102421 +%global _release 2022102422 Name: lxc Version: 4.0.3 @@ -42,6 +42,7 @@ Patch0031: 0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch Patch0032: 0032-fix-load-bpf-failed.patch Patch0033: 0033-fix-mount-device-path-incorrect.patch Patch0034: 0034-add-secure-compile-macro.patch +Patch0035: 0035-codecheck-fix.patch BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: pkgconfig(libseccomp) @@ -228,6 +229,12 @@ rm -rf %{buildroot}%{_sysconfdir}/default/%{name} %endif %changelog +* Wed Sep 06 2023 zhangxiaoyu - 4.0.3-2022102422 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: codecheck fix + * Mon Jul 10 2023 mzzhou<1362843687@qq.com> - 4.0.3-2022102421 - Type:enhancement - ID:NA -- Gitee