[newlib-cygwin] strace: Fix Coverity issues

Corinna Vinschen corinna@sourceware.org
Sun Oct 23 14:45:00 GMT 2016


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=5e087a83734fac4674a45a8ca8dd7e8bb1eb5d5e

commit 5e087a83734fac4674a45a8ca8dd7e8bb1eb5d5e
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Sun Oct 23 16:38:48 2016 +0200

    strace: Fix Coverity issues
    
    CID 66964: Don't trust environment variable without length check
    CID 66968: Add missing va_end
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/utils/strace.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/winsup/utils/strace.cc b/winsup/utils/strace.cc
index eb96a61..4046cce 100644
--- a/winsup/utils/strace.cc
+++ b/winsup/utils/strace.cc
@@ -88,6 +88,7 @@ warn (int geterrno, const char *fmt, ...)
       fputs (buf, stderr);
       fputs ("\n", stderr);
     }
+  va_end (args);
 }
 
 static void __attribute__ ((noreturn))
@@ -351,13 +352,16 @@ create_child (char **argv)
   make_command_line (one_line, argv);
 
   SetConsoleCtrlHandler (NULL, 0);
+
   const char *cygwin_env = getenv ("CYGWIN");
   const char *space;
-  if (cygwin_env)
+
+  if (cygwin_env && strlen (cygwin_env) <= 256) /* sanity check */
     space = " ";
   else
     space = cygwin_env = "";
-  char *newenv = (char *) malloc (sizeof ("CYGWIN=noglob") + strlen (space) + strlen (cygwin_env));
+  char *newenv = (char *) malloc (sizeof ("CYGWIN=noglob")
+				  + strlen (space) + strlen (cygwin_env));
   sprintf (newenv, "CYGWIN=noglob%s%s", space, cygwin_env);
   _putenv (newenv);
   ret = CreateProcess (0, one_line.buf,	/* command line */



More information about the Cygwin-cvs mailing list