[konkretcmpi] Set format(printf) attribute to __KReturn2 function

Radek Novacek rnovacek at fedoraproject.org
Mon Aug 26 14:12:22 UTC 2013 

commit 06eef26fe51275f918ca97dfc9e732b87f24ccda
Author: Radek Novacek <rnovacek at redhat.com>
Date:   Mon Aug 26 16:12:10 2013 +0200

    Set format(printf) attribute to __KReturn2 function
    
    - Fix possible integer overflow

 konkretcmpi-0.9.1-fix-integer-overflow.patch       |   46 ++++++++++++++++++++
 ...retcmpi-0.9.1-set-format-printf-attribute.patch |   24 ++++++++++
 konkretcmpi.spec                                   |   14 ++++++-
 3 files changed, 83 insertions(+), 1 deletions(-)
---
diff --git a/konkretcmpi-0.9.1-fix-integer-overflow.patch b/konkretcmpi-0.9.1-fix-integer-overflow.patch
new file mode 100644
index 0000000..49ebc0b
--- /dev/null
+++ b/konkretcmpi-0.9.1-fix-integer-overflow.patch
@@ -0,0 +1,46 @@
+commit 4ac996b1a0d907469a3294d356a49b633af64d58
+Author: Radek Novacek <rnovacek at redhat.com>
+Date:   Mon Aug 26 14:28:59 2013 +0200
+
+    Fix possible integer overflow
+
+diff --git a/src/mof/MOF_Buffer.cpp b/src/mof/MOF_Buffer.cpp
+index ee78691..ab49473 100644
+--- a/src/mof/MOF_Buffer.cpp
++++ b/src/mof/MOF_Buffer.cpp
+@@ -26,10 +26,11 @@
+ */
+ 
+ #include "MOF_Buffer.h"
++#include "MOF_Error.h"
+ 
+-inline MOF_uint32 _next_pow_2(MOF_uint32 x)
++inline size_t _next_pow_2(size_t x)
+ {
+-    MOF_uint32 r = 1;
++    size_t r = 1;
+ 
+     while (r < x)
+         r <<= 1;
+@@ -37,7 +38,7 @@ inline MOF_uint32 _next_pow_2(MOF_uint32 x)
+     return r;
+ }
+ 
+-inline MOF_uint32 _round_capacity(MOF_uint32 capacity)
++inline size_t _round_capacity(size_t capacity)
+ {
+     return capacity < 16 ? 16 : _next_pow_2(capacity);
+ }
+@@ -54,6 +55,12 @@ void MOF_Buffer::reserve(size_t capacity)
+ 
+ void MOF_Buffer::append(const char* data, size_t size)
+ {
++    if (_size + size < _size) {
++        // It would overflow, because both size and _size are unsigned
++        // and their sum can't be lower than any of them
++        MOF_error_printf("Integer overflow detected");
++        return;
++    }
+     reserve(_size + size);
+     memcpy(_data + _size, data, size);
+     _size += size;
diff --git a/konkretcmpi-0.9.1-set-format-printf-attribute.patch b/konkretcmpi-0.9.1-set-format-printf-attribute.patch
new file mode 100644
index 0000000..ec42912
--- /dev/null
+++ b/konkretcmpi-0.9.1-set-format-printf-attribute.patch
@@ -0,0 +1,24 @@
+commit 0495c3f18170f9690d32b5e0771232e4b92eb34f
+Author: Radek Novacek <rnovacek at redhat.com>
+Date:   Mon Aug 26 14:59:25 2013 +0200
+
+    Set format(printf) attribute to __KReturn2 function
+    
+    This way, users of this function will get notified when they use options
+    (like invalid number of formatted variables).
+
+diff --git a/src/konkret/konkret.h b/src/konkret/konkret.h
+index a9bb57d..40d66b3 100644
+--- a/src/konkret/konkret.h
++++ b/src/konkret/konkret.h
+@@ -205,8 +205,9 @@ KINLINE void KPutStatus(CMPIStatus* st)
+         fprintf(stderr, "CMPIStatus{%u, %s}\n", st->rc, KChars(st->msg));
+ }
+ 
++__attribute__((format(printf, 3, 4)))
+ KINLINE CMPIStatus __KReturn2(
+-    const CMPIBroker* cb, 
++    const CMPIBroker* cb,
+     CMPIrc rc,
+     const char* format,
+     ...)
diff --git a/konkretcmpi.spec b/konkretcmpi.spec
index 356b3e7..27eaa13 100644
--- a/konkretcmpi.spec
+++ b/konkretcmpi.spec
@@ -1,11 +1,13 @@
 Name:           konkretcmpi
 Version:        0.9.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Tool for rapid CMPI providers development
 
 License:        MIT
 Source0:        https://github.com/rnovacek/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
 Patch0:         konkretcmpi-0.9.1-fix-instance-to-string.patch
+Patch1:         konkretcmpi-0.9.1-fix-integer-overflow.patch
+Patch2:         konkretcmpi-0.9.1-set-format-printf-attribute.patch
 
 BuildRequires:  sblim-cmpi-devel
 BuildRequires:  cmake
@@ -35,7 +37,13 @@ This package contains python binding for konkretcmpi.
 
 %prep
 %setup -q
+# Fix instance type to string conversion
 %patch0 -p1
+# Fix possible integer overflow
+%patch1 -p1
+# Set format(printf) attribute to __KReturn2 function
+%patch2 -p1
+
 
 %build
 mkdir -p %{_target_platform}
@@ -75,6 +83,10 @@ rm -rf $RPM_BUILD_ROOT/usr/lib*/libkonkret.la
 
 
 %changelog
+* Mon Aug 26 2013 Radek Novacek <rnovacek at redhat.com> 0.9.1-3
+- Set format(printf) attribute to __KReturn2 function
+- Fix possible integer overflow
+
 * Wed Jul 31 2013 Radek Novacek <rnovacek at redhat.com> 0.9.1-2
 - Fix instance to string

More information about the scm-commits mailing list