add a bunch of fixes for problems found by coverity

2016-03-02 10:20:04 +01:00 · 2016-03-02 10:20:04 +01:00 · 0e13c05d9d
parent 3040e705d9
commit 0e13c05d9d
9 changed files with 352 additions and 1 deletions
--- a/0003-coverity-avoid-possible-memory-leak.patch
+++ b/0003-coverity-avoid-possible-memory-leak.patch
@ -0,0 +1,25 @@
+From b65d92d8e3e53f4fe16f7d6be3fec1525bdb4ee0 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Tue, 1 Mar 2016 10:06:48 +0100
+Subject: [PATCH 03/37] coverity: avoid possible memory leak
+
+---
+ qa/mockup/mockup-config.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/qa/mockup/mockup-config.cxx b/qa/mockup/mockup-config.cxx
+index 043b03e..f830fff 100644
+--- a/qa/mockup/mockup-config.cxx
+++ b/qa/mockup/mockup-config.cxx
+@@ -353,7 +353,7 @@ char* curl_mockup_HttpRequest_getHeader( const struct HttpRequest* request, cons
+ {
+     char* value = NULL;
+     size_t i = 0;
+-    while ( request->headers[i] != NULL )
+    while ( request->headers[i] != NULL && value == NULL )
+     {
+         string header = request->headers[i];
+         const string prefix = string( name ) + ":";
+-- 
+2.5.0
+
--- a/0028-coverity-avoid-possible-null-ptr-deref.patch
+++ b/0028-coverity-avoid-possible-null-ptr-deref.patch
@ -0,0 +1,36 @@
+From 66c23c95db133bd616e2e35eb49e0993270add9e Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Tue, 1 Mar 2016 20:20:00 +0100
+Subject: [PATCH 28/37] coverity: avoid possible null ptr deref
+
+This way dynamic_cast will throw an exception if the dynamic type does
+not match.
+---
+ src/libcmis/atom-object.cxx | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/libcmis/atom-object.cxx b/src/libcmis/atom-object.cxx
+index b7832d6..1eb33fa 100644
+--- a/src/libcmis/atom-object.cxx
+++ b/src/libcmis/atom-object.cxx
+@@ -106,13 +106,13 @@ libcmis::ObjectPtr AtomObject::updateProperties( const PropertyPtrMap& propertie
+         libcmis::ObjectPtr object;
+         if ( getBaseType( ) == "cmis:document" )
+         {
+-            AtomDocument* thisDoc = dynamic_cast< AtomDocument* >( this );
+-            object.reset( new AtomDocument( *thisDoc ) );
+            const AtomDocument& thisDoc = dynamic_cast< const AtomDocument& >( *this );
+            object.reset( new AtomDocument( thisDoc ) );
+         }
+         else if ( getBaseType( ) == "cmis:folder" )
+         {
+-            AtomFolder* thisFolder = dynamic_cast< AtomFolder* >( this );
+-            object.reset( new AtomFolder( *thisFolder ) );
+            const AtomFolder& thisFolder = dynamic_cast< const AtomFolder& >( *this );
+            object.reset( new AtomFolder( thisFolder ) );
+         }
+         return object;
+     }
+-- 
+2.5.0
+
--- a/0029-coverity-avoid-possible-null-ptr-deref.patch
+++ b/0029-coverity-avoid-possible-null-ptr-deref.patch
@ -0,0 +1,34 @@
+From 913ff7df2c13517282e3de85fc717e44f88f72d0 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Tue, 1 Mar 2016 20:21:32 +0100
+Subject: [PATCH 29/37] coverity: avoid possible null ptr deref
+
+---
+ src/libcmis/ws-object.cxx | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/libcmis/ws-object.cxx b/src/libcmis/ws-object.cxx
+index b771aed..0eee69f 100644
+--- a/src/libcmis/ws-object.cxx
+++ b/src/libcmis/ws-object.cxx
+@@ -87,13 +87,13 @@ libcmis::ObjectPtr WSObject::updateProperties(
+         libcmis::ObjectPtr object;
+         if ( getBaseType( ) == "cmis:document" )
+         {
+-            WSDocument* thisDoc = dynamic_cast< WSDocument* >( this );
+-            object.reset( new WSDocument( *thisDoc ) );
+            const WSDocument& thisDoc = dynamic_cast< const WSDocument& >( *this );
+            object.reset( new WSDocument( thisDoc ) );
+         }
+         else if ( getBaseType( ) == "cmis:folder" )
+         {
+-            WSFolder* thisFolder = dynamic_cast< WSFolder* >( this );
+-            object.reset( new WSFolder( *thisFolder ) );
+            const WSFolder& thisFolder = dynamic_cast< const WSFolder& >( *this );
+            object.reset( new WSFolder( thisFolder ) );
+         }
+         return object;
+     }
+-- 
+2.5.0
+
--- a/0030-coverity-likely-intent.patch
+++ b/0030-coverity-likely-intent.patch
@ -0,0 +1,25 @@
+From 203f5aec0c7021343adb298dbaf5d9c288ae8f41 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 2 Mar 2016 07:23:27 +0100
+Subject: [PATCH 30/37] coverity: likely intent
+
+---
+ qa/mockup/mockup-config.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/qa/mockup/mockup-config.cxx b/qa/mockup/mockup-config.cxx
+index f830fff..f6b84ad 100644
+--- a/qa/mockup/mockup-config.cxx
+++ b/qa/mockup/mockup-config.cxx
+@@ -331,7 +331,7 @@ int curl_mockup_getRequestsCount( const char* urlBase,
+                                   ( url.find( urlBaseString ) == 0 );
+             bool matchParams = matchParamString.empty( ) ||
+                                   ( params.find( matchParamString ) != string::npos );
+-            bool matchBodyPart = !matchBody ||
+            bool matchBodyPart = matchBodyStr.empty() ||
+                                   ( it->m_body.find( matchBodyStr ) != string::npos );
+ 
+             if ( matchBaseUrl && matchParams && matchBodyPart )
+-- 
+2.5.0
+
--- a/0031-coverity-honor-exception-specs.patch
+++ b/0031-coverity-honor-exception-specs.patch
@ -0,0 +1,88 @@
+From a9351aa0e6744cdb4c5b6ce426f3b394804677f2 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 2 Mar 2016 07:24:10 +0100
+Subject: [PATCH 31/37] coverity: honor exception specs
+
+---
+ src/libcmis/sharepoint-session.cxx | 26 +++++++++++++++-----------
+ src/libcmis/sharepoint-session.hxx |  2 ++
+ 2 files changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/src/libcmis/sharepoint-session.cxx b/src/libcmis/sharepoint-session.cxx
+index d19868b..5310f4e 100644
+--- a/src/libcmis/sharepoint-session.cxx
+++ b/src/libcmis/sharepoint-session.cxx
+@@ -379,7 +379,7 @@ libcmis::HttpResponsePtr SharePointSession::httpPutRequest( std::string url,
+     }
+     catch ( const CurlException& e )
+     {
+-        fetchDigestCode( );
+        fetchDigestCodeCurl( );
+         response = HttpSession::httpPutRequest( url, is, headers );
+     }
+     return response;
+@@ -398,7 +398,7 @@ libcmis::HttpResponsePtr SharePointSession::httpPostRequest( const std::string&
+     }
+     catch ( const CurlException& e )
+     {
+-        fetchDigestCode( );
+        fetchDigestCodeCurl( );
+         response = HttpSession::httpPostRequest( url, is, contentType, redirect );
+     }
+     return response;
+@@ -413,26 +413,30 @@ void SharePointSession::httpDeleteRequest( std::string url )
+     }
+     catch ( const CurlException& e )
+     {
+-        fetchDigestCode( );
+        fetchDigestCodeCurl( );
+         HttpSession::httpDeleteRequest( url );
+     }
+ }
+ 
+ void SharePointSession::fetchDigestCode( )
+     throw ( libcmis::Exception )
+try
+{
+    fetchDigestCodeCurl( );
+}
+catch ( const CurlException& e )
+{
+    throw e.getCmisException( );
+}
+
+void SharePointSession::fetchDigestCodeCurl( )
+    throw ( CurlException )
+ {
+     istringstream is( "empty" );
+     libcmis::HttpResponsePtr response;
+     // url = http://host/_api/contextinfo, first we remove the '/web' part
+     string url = m_bindingUrl.substr( 0, m_bindingUrl.size( ) - 4 ) + "/contextinfo";
+-    try 
+-    {   
+-        response = HttpSession::httpPostRequest( url, is, "" );
+-    }
+-    catch ( const CurlException& e )
+-    {   
+-        throw e.getCmisException( );
+-    }
+    response = HttpSession::httpPostRequest( url, is, "" );
+     string res = response->getStream( )->str( );
+     Json jsonRes = Json::parse( res );
+     m_digestCode = jsonRes["d"]["GetContextWebInformation"]["FormDigestValue"].toString( );
+diff --git a/src/libcmis/sharepoint-session.hxx b/src/libcmis/sharepoint-session.hxx
+index de365c5..d11a5d5 100644
+--- a/src/libcmis/sharepoint-session.hxx
+++ b/src/libcmis/sharepoint-session.hxx
+@@ -95,6 +95,8 @@ class SharePointSession : public BaseSession
+ 
+     private:
+         SharePointSession( );
+        void fetchDigestCodeCurl( )
+            throw ( CurlException );
+         std::string m_digestCode;
+ };
+ 
+-- 
+2.5.0
+
--- a/0032-coverity-honor-exception-specs.patch
+++ b/0032-coverity-honor-exception-specs.patch
@ -0,0 +1,34 @@
+From a6bb2256802b53d481261f24439c9bc9de7f4136 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 2 Mar 2016 07:35:05 +0100
+Subject: [PATCH 32/37] coverity: honor exception specs
+
+---
+ src/libcmis/http-session.cxx | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/src/libcmis/http-session.cxx b/src/libcmis/http-session.cxx
+index 47fff50..79b5f86 100644
+--- a/src/libcmis/http-session.cxx
+++ b/src/libcmis/http-session.cxx
+@@ -699,13 +699,12 @@ void HttpSession::oauth2Authenticate( ) throw ( libcmis::Exception )
+ 
+     m_inOAuth2Authentication = true;
+ 
+-    // Try to get the authentication code using the given provider.
+-    authCode = m_oauth2Handler->oauth2Authenticate( );
+-
+-
+-    // If that didn't work, call the fallback provider from SessionFactory
+     try
+     {
+        // Try to get the authentication code using the given provider.
+        authCode = m_oauth2Handler->oauth2Authenticate( );
+
+        // If that didn't work, call the fallback provider from SessionFactory
+         if ( authCode.empty( ) )
+         {
+             libcmis::OAuth2AuthCodeProvider fallbackProvider = libcmis::SessionFactory::getOAuth2AuthCodeProvider( );
+-- 
+2.5.0
+
--- a/0034-coverity-honor-exception-specs.patch
+++ b/0034-coverity-honor-exception-specs.patch
@ -0,0 +1,50 @@
+From 60a728ff002d71215b4573d5a32c440cd4a5a094 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 2 Mar 2016 07:48:09 +0100
+Subject: [PATCH 34/37] coverity: honor exception specs
+
+---
+ src/libcmis/http-session.cxx | 6 ++++++
+ src/libcmis/http-session.hxx | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/libcmis/http-session.cxx b/src/libcmis/http-session.cxx
+index 9b6c460..2a5d6b2 100644
+--- a/src/libcmis/http-session.cxx
+++ b/src/libcmis/http-session.cxx
+@@ -692,6 +692,8 @@ void HttpSession::httpRunRequest( string url, vector< string > headers, bool red
+ 
+ 
+ void HttpSession::checkOAuth2( string url )
+    throw ( CurlException )
+try
+ {
+     if ( m_oauth2Handler )
+     {
+@@ -700,6 +702,10 @@ void HttpSession::checkOAuth2( string url )
+             oauth2Authenticate( );
+     }
+ }
+catch ( const libcmis::Exception& e )
+{
+    throw CurlException( e.what( ) );
+}
+ 
+ long HttpSession::getHttpStatus( )
+ {
+diff --git a/src/libcmis/http-session.hxx b/src/libcmis/http-session.hxx
+index eadd455..245e00b 100644
+--- a/src/libcmis/http-session.hxx
+++ b/src/libcmis/http-session.hxx
+@@ -168,7 +168,7 @@ class HttpSession
+ 
+     private:
+         void checkCredentials( ) throw ( CurlException );
+-        void checkOAuth2( std::string url );
+        void checkOAuth2( std::string url ) throw ( CurlException );
+         void oauth2Refresh( );
+         void initProtocols( );
+ };
+-- 
+2.5.0
+
--- a/0035-coverity-honor-exception-specs.patch
+++ b/0035-coverity-honor-exception-specs.patch
@ -0,0 +1,48 @@
+From fd2bd50813350811c9882d81117152f5cad5d9b5 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 2 Mar 2016 07:52:10 +0100
+Subject: [PATCH 35/37] coverity: honor exception specs
+
+---
+ src/libcmis/http-session.cxx | 6 ++++++
+ src/libcmis/http-session.hxx | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/libcmis/http-session.cxx b/src/libcmis/http-session.cxx
+index 2a5d6b2..9bbb9bd 100644
+--- a/src/libcmis/http-session.cxx
+++ b/src/libcmis/http-session.cxx
+@@ -773,11 +773,17 @@ string HttpSession::getRefreshToken( ) throw ( libcmis::Exception )
+ }
+ 
+ void HttpSession::oauth2Refresh( )
+    throw ( CurlException )
+try
+ {
+     m_inOAuth2Authentication = true;
+     m_oauth2Handler->refresh( );
+     m_inOAuth2Authentication = false;
+ }
+catch ( const libcmis::Exception& e )
+{
+    throw CurlException( e.what() );
+}
+ 
+ void HttpSession::initProtocols( )
+ {
+diff --git a/src/libcmis/http-session.hxx b/src/libcmis/http-session.hxx
+index 245e00b..22827db 100644
+--- a/src/libcmis/http-session.hxx
+++ b/src/libcmis/http-session.hxx
+@@ -169,7 +169,7 @@ class HttpSession
+     private:
+         void checkCredentials( ) throw ( CurlException );
+         void checkOAuth2( std::string url ) throw ( CurlException );
+-        void oauth2Refresh( );
+        void oauth2Refresh( ) throw ( CurlException );
+         void initProtocols( );
+ };
+ 
+-- 
+2.5.0
+
--- a/libcmis.spec
+++ b/libcmis.spec
@ -2,7 +2,7 @@

 Name: libcmis
 Version: 0.5.0
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: A C++ client library for CM interfaces

 License: GPLv2+ or LGPLv2+ or MPLv1.1
@ -22,6 +22,14 @@ Patch0: 0001-fix-boost-configuration-with-gcc-5.patch
 Patch1: 0001-avoid-use-after-delete.patch
 # https://sourceforge.net/p/libcmis/tickets/13/
 Patch2: 0005-Remove-invalid-comments-from-test-JSON-file.patch
+Patch3: 0003-coverity-avoid-possible-memory-leak.patch
+Patch4: 0028-coverity-avoid-possible-null-ptr-deref.patch
+Patch5: 0029-coverity-avoid-possible-null-ptr-deref.patch
+Patch6: 0030-coverity-likely-intent.patch
+Patch7: 0031-coverity-honor-exception-specs.patch
+Patch8: 0032-coverity-honor-exception-specs.patch
+Patch9: 0034-coverity-honor-exception-specs.patch
+Patch10: 0035-coverity-honor-exception-specs.patch

 %description
 LibCMIS is a C++ client library for working with CM (content management)
@ -90,6 +98,9 @@ make check
 %{_mandir}/man1/cmis-client.1*

 %changelog
+* Wed Mar 02 2016 David Tardon <dtardon@redhat.com> - 0.5.0-12
+- add a bunch of fixes for problems found by coverity
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild