[wget/f19] Fix deadcode and possible use of NULL in vprintf (#913153)

Thu Jul 11 09:09:06 UTC 2013

commit 85b6b720f3d8a7e57c94cd28aaf80010c1721599
Author: Tomas Hozza <thozza at redhat.com>
Date:   Thu Jul 11 10:41:32 2013 +0200

    Fix deadcode and possible use of NULL in vprintf (#913153)
    
    Signed-off-by: Tomas Hozza <thozza at redhat.com>

 wget-1.14-Fix-deadcode-and-possible-NULL-use.patch |   47 ++++++++++++++++++++
 wget.spec                                          |    7 +++-
 2 files changed, 53 insertions(+), 1 deletions(-)
---

diff --git a/wget-1.14-Fix-deadcode-and-possible-NULL-use.patch b/wget-1.14-Fix-deadcode-and-possible-NULL-use.patch
new file mode 100644
index 0000000..20c4f33
--- /dev/null
+++ b/wget-1.14-Fix-deadcode-and-possible-NULL-use.patch
@@ -0,0 +1,47 @@
+From 613d8639c48b950f76d132b70d27e518ba6d6891 Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza at redhat.com>
+Date: Fri, 26 Apr 2013 14:42:30 +0200
+Subject: [PATCH] Fix using deadcode and possible use of NULL pointer
+
+Fix for deadcode in unique_create() so that "opened_name" parameter is
+always initialized to a valid string or NULL when returning from
+function.
+
+Fix for redirect_output() so that "logfile" is not blindly used in
+fprintf() call and checked if it is not NULL.
+
+Signed-off-by: Tomas Hozza <thozza at redhat.com>
+---
+ src/log.c   | 2 +-
+ src/utils.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/log.c b/src/log.c
+index 0185df1..4f93a21 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -871,7 +871,7 @@ redirect_output (void)
+          can do but disable printing completely. */
+       fprintf (stderr, _("\n%s received.\n"), redirect_request_signal_name);
+       fprintf (stderr, _("%s: %s; disabling logging.\n"),
+-               logfile, strerror (errno));
++               (logfile) ? logfile : DEFAULT_LOGFILE, strerror (errno));
+       inhibit_logging = true;
+     }
+   save_context_p = false;
+diff --git a/src/utils.c b/src/utils.c
+index 567dc35..7cc942f 100644
+--- a/src/utils.c
++++ b/src/utils.c
+@@ -703,7 +703,7 @@ unique_create (const char *name, bool binary, char **opened_name)
+       xfree (uname);
+       uname = unique_name (name, false);
+     }
+-  if (opened_name && fp != NULL)
++  if (opened_name)
+     {
+       if (fp)
+         *opened_name = uname;
+-- 
+1.8.1.4
+
diff --git a/wget.spec b/wget.spec
index 3b35ad7..7bc61ba 100644
--- a/wget.spec
+++ b/wget.spec
@@ -1,7 +1,7 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
 Version: 1.14
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv3+
 Group: Applications/Internet
 Url: http://www.gnu.org/software/wget/
@@ -13,6 +13,7 @@ Patch3: wget-1.14-sslreadtimeout.patch
 Patch4: wget-1.14-manpage-tex5.patch
 Patch5: wget-1.14-add_missing_options_doc.patch
 Patch6: wget-1.14-fix-double-free-of-iri-orig_url.patch
+Patch7: wget-1.14-Fix-deadcode-and-possible-NULL-use.patch
 
 Provides: webclient
 Provides: bundled(gnulib) 
@@ -38,6 +39,7 @@ support for Proxy servers, and configurability.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 if pkg-config openssl ; then
@@ -74,6 +76,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*
 
 %changelog
+* Thu Jul 11 2013 Tomas Hozza <thozza at redhat.com> - 1.14-8
+- Fix deadcode and possible use of NULL in vprintf (#913153)
+
 * Wed Jul 10 2013 Tomas Hozza <thozza at redhat.com> - 1.14-7
 - Fix double free of iri->orig_url (#981778)
 
