Fixed two Coverity defects by dimkr · Pull Request #146 · antirez/linenoise

dimkr · 2017-08-15T06:15:07Z

strlen() on uninitialized string
Ignoring the return value of chmod()

Sonophoto · 2017-08-15T16:50:17Z

    umask(old_umask);
    if (fp == NULL) return -1;
-    chmod(filename,S_IRUSR|S_IWUSR);
+    if (chmod(filename,S_IRUSR|S_IWUSR) < 0) {


So what happens in the very odd case where we can get a file handle but can't immediately run a system call on it?

I would however cast the return value (void) as a reminder we didn't need the return value.

So what happens in the very odd case where we can get a file handle but can't immediately run a system call on it?

Theoretically, fopen() and chmod() can be replaced with a combination of open(), chmod() and fdopen(), but I can't think of a good reason to do so.

Or you could fchmod(fileno(fp), ...)

Unless you want "run a system call on it" to happen before "get a file handle", for some reason

Admittedly, I've paid zero attention to the larger context but...

fopen(..., "w") creates a new file... it's possible that the file doesn't exist prior to the fopen

I'm guessing that the intent of this snippet is to create a file and make it read/write only for the creator (0600)... what the author is protecting against, I don't know.

oh, I see your point -- meh, not sure that deferring the creation of the FILE * saves all that much

so FYI, all of this is here because of an old bug in redis where the history file (passwords et. al.) were being saved world readable if the user did not have a sane umask set.

So the fix, if one is needed, should be in the context of solving the actual problem more correctly - not just quieting Coverity.

Personally I would just cast the return on chmod() (void).

This was the fix for the history file saving issue:

c894b9e

As I commented on the referenced commit, why have the chmod at all?

MMI

No idea how I became a reviewer but I think these changes are sane.

rain-1 · 2018-03-30T23:19:22Z

This implements the same change as #151

also adds a (void) cast to chmod, I can understand the value of coverity but I don't see this as a valuable addition at the moment.

This patch does not need to be merged.

dimkr · 2018-04-01T17:32:36Z

I can understand the value of coverity but I don't see this as a valuable addition at the moment.

Compiler warnings aside (unused return value, etc'), the value I see is getting rid of one (useless) Coverity error in every project that uses linenoise upstream as a git submodule.

Sonophoto · 2018-04-04T01:59:03Z

@rain-1 All of this has been discussed to death, this is done differently than #151, as has been discussed at length as well. @antirez has never chosen to accept these changes but they have been left open if he changes his mind at some future time.

rain-1 · 2018-05-15T16:58:38Z

Merged rain-1@6d759a8

Fixed two Coverity defects

30a662b

Sonophoto reviewed Aug 15, 2017

View reviewed changes

Ignored the return value of chmod()

0cf1255

MMI approved these changes Dec 30, 2017

View reviewed changes

Conversation

dimkr commented Aug 15, 2017

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

MMI left a comment

Choose a reason for hiding this comment

Uh oh!

rain-1 commented Mar 30, 2018

Uh oh!

dimkr commented Apr 1, 2018

Uh oh!

Sonophoto commented Apr 4, 2018

Uh oh!

rain-1 commented May 15, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants