Fontconfig improvements. Fix potential memory leaks and null pointer dereferencing (!217) · Merge requests · fontconfig / fontconfig

Closed Grigory requested to merge h0tc0d3/fontconfig:main into main Jan 10, 2022

Fixed potential memory leaks and null pointer dereferencing
Rewrited locking mutex
Replaced malloc and memset with safe calloc, malloc(sizeof(obj)*num) with calloc(num, sizeof(obj)) https://pvs-studio.com/en/blog/posts/cpp/0388/ https://pvs-studio.com/en/blog/posts/cpp/0558/
Replaced cache md5 with murmur3 hash. Better use cpu cache and not using malloc.
Cleaned and rewrited FcRandom. FcRandom use RDRAND CPU instruction for x86_64 and for other permuted congruential generator. Improved entropy. https://en.wikipedia.org/wiki/RDRAND Intel Digital Random Number Generator (DRNG): Software Implementation Guide, Revision 1.1 http://software.intel.com/sites/default/files/m/d/4/1/d/8/441_Intel_R__DRNG_Software_Implementation_Guide_final_Aug7.pdf https://en.wikipedia.org/wiki/Permuted_congruential_generator
Other improvements.
Fixed #305

Need to check on AIX, Windows 64 - 32, ARM 64 - 32.

Before:

src/fcfs.c	50	err	V595 The 's->fonts' pointer was utilized before it was verified against nullptr. Check lines: 50, 51.
src/fcdefault.c	96	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcdefault.c	118	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcdefault.c	223	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcdefault.c	234	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcdir.c	107	warn	V522 There might be dereferencing of a potential null pointer 's'. Check lines: 107, 105.
src/fcdir.c	257	warn	V560 A part of conditional expression is always true: strlen(e->d_name) < 4096.
src/fccharset.c	186	warn	V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'numbers' is lost. Consider assigning realloc() to a temporary pointer.
src/fccharset.c	197	warn	V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'numbers' is lost. Consider assigning realloc() to a temporary pointer.
src/fccharset.c	204	err	V774 The expression '(char *) leaves' contains a pointer, which is used after the memory was reallocated.
src/fccharset.c	204	warn	V782 There is no sense in evaluating the distance between elements from different arrays: '(char *) new_leaves - (char *) leaves'.
src/fccache.c	184	warn	V575 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 184, 183.
src/fcmutex.h	121	warn	V522 Dereferencing of the null pointer 'm' might take place. The potential null pointer is passed into 'FcMutexInit' function. Inspect the first argument. Check lines: 'fcmutex.h:121', 'fccache.c:497', 'fccache.c:496'.
src/fccache.c	543	err	V501 There are identical sub-expressions to the left and to the right of the '|' operator: FcRandom() | FcRandom()
src/fccache.c	592	warn	V1020 The function exited without calling the 'unlock_cache' function. Check lines: 592, 565.
src/fccache.c	686	err	V595 The 's' pointer was utilized before it was verified against nullptr. Check lines: 686, 690.
src/fccache.c	947	warn	V560 A part of conditional expression is always false.
src/fccache.c	1013	err	V611 The memory was allocated using 'malloc' function but was released using the 'munmap' function. Consider inspecting operation logics behind the 'cache' variable.
src/fccache.c	1162	warn	V547 Expression is always false.
src/fccache.c	1665	warn	V547 Expression 'fd != - 1' is always true.
src/fcmutex.h	121	warn	V522 Dereferencing of the null pointer 'm' might take place. The potential null pointer is passed into 'FcMutexInit' function. Inspect the first argument. Check lines: 'fcmutex.h:121', 'fccfg.c:55', 'fccfg.c:54'.
src/fccfg.c	124	warn	V547 Expression 'FcConfigEnsure()' is always true.
src/fccfg.c	637	warn	V547 Expression 'salt' is always true.
src/fccfg.c	1059	warn	V1037 Two or more case-branches perform the same actions. Check lines: 1059, 1077
src/fccfg.c	1588	err	V547 Expression 'flags & FcOpFlagIgnoreBlanks' is always false.
src/fccfg.c	1609	warn	V522 There might be dereferencing of a potential null pointer 'fe'. Check lines: 1609, 1608.
src/fccfg.c	2203	warn	V547 Expression 'thisValue' is always true.
src/fccfg.c	2711	warn	V1048 The 'file' variable was assigned the same value.
src/fccfg.c	3165	warn	V547 Expression 'r->u.test->kind == ((FcMatchKind) - 1)' is always false.
src/fcfreetype.c	1402	warn	V575 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 1402, 1401.
src/fcfreetype.c	1426	warn	V522 There might be dereferencing of a potential null pointer 'name_mapping'. Check lines: 1426, 1421.
src/fcfreetype.c	1430	warn	V522 There might be dereferencing of a potential null pointer 'p'.
src/fcfreetype.c	1666	warn	V575 The potential null pointer is passed into 'strncpy' function. Inspect the first argument. Check lines: 1666, 1665.
src/fcfreetype.c	2726	warn	V1051 Consider checking for misprints. It's possible that the 'cur_offset' should be used inside 'ftglue_stream_seek' function.
build/src/fcobjshash.h	32	err	V011 Presence of #line directives may cause some diagnostic messages to have incorrect file name and line number.
src/fcname.c	359	warn	V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible.
src/fcname.c	359	warn	V576 Incorrect format. Consider checking the fourth actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible.
src/fcname.c	506	warn	V1037 Two or more case-branches perform the same actions. Check lines: 506, 514
src/fcstat.c	410	warn	V547 Expression 'p' is always false.
src/fcstr.c	1272	err	V595 The 'set->strs' pointer was utilized before it was verified against nullptr. Check lines: 1272, 1273.
src/fcstr.c	1609	err	V595 The 'set->strs' pointer was utilized before it was verified against nullptr. Check lines: 1609, 1610.
src/fcpat.c	240	warn	V522 There might be dereferencing of a potential null pointer 't'.
src/fcpat.c	543	err	V774 The 'e0' pointer was used after the memory was reallocated.
src/fcmatch.c	539	warn	V522 There might be dereferencing of a potential null pointer 'e'. Check lines: 539, 538.
src/fcmatch.c	998	warn	V575 The potential null pointer is passed into 'strchr' function. Inspect the first argument. Check lines: 998, 991.
src/fcxml.c	706	warn	V1037 Two or more case-branches perform the same actions. Check lines: 706, 754
src/fcxml.c	2131	warn	V560 A part of conditional expression is always false: !prefix.
src/fcxml.c	2182	warn	V1037 Two or more case-branches perform the same actions. Check lines: 2182, 2209
src/fcxml.c	2321	warn	V560 A part of conditional expression is always false: !prefix.
src/fcxml.c	2467	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcxml.c	2473	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcxml.c	2537	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcxml.c	2552	err	V647 The value of 'int' type is assigned to the pointer of 'unsigned char' type.
src/fcxml.c	3428	warn	V547 Expression 'ret' is always true.

After:

Probably there are no errors, but it's worth double-checking. In snprintf and sscanf I think we having this errors: https://pvs-studio.com/en/blog/posts/cpp/k0023/ https://pvs-studio.com/en/blog/posts/cpp/k0046/ But clang warn to "%llx", "%llu".

src/fccache.c	169	err	V576 Incorrect format. Consider checking the fourth actual argument of the 'snprintf' function. The memsize type argument is expected.
src/fccache.c	169	err	V576 Incorrect format. Consider checking the fifth actual argument of the 'snprintf' function. The memsize type argument is expected.
src/fccache.c	961	err	V611 The memory was allocated using 'malloc' function but was released using the 'munmap' function. Consider inspecting operation logics behind the 'cache' variable.
src/fccache.c	1111	warn	V547 Expression is always false.
src/fccfg.c	1046	warn	V1037 Two or more case-branches perform the same actions. Check lines: 1046, 1064
src/fccfg.c	1575	err	V547 Expression 'flags & FcOpFlagIgnoreBlanks' is always false.
src/fccfg.c	2190	warn	V547 Expression 'thisValue' is always true.
src/fccfg.c	3148	warn	V547 Expression 'r->u.test->kind == ((FcMatchKind) - 1)' is always false.
src/fcfreetype.c	2724	warn	V1051 Consider checking for misprints. It's possible that the 'cur_offset' should be used inside 'ftglue_stream_seek' function.
build/src/fcobjshash.h	32	err	V011 Presence of #line directives may cause some diagnostic messages to have incorrect file name and line number.
src/fcstat.c	407	warn	V547 Expression 'p' is always false.
src/fcname.c	359	warn	V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible.
src/fcname.c	359	warn	V576 Incorrect format. Consider checking the fourth actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible.
src/fcname.c	506	warn	V1037 Two or more case-branches perform the same actions. Check lines: 506, 514
src/fcpat.c	545	err	V774 The 'e' pointer was used after the memory was reallocated.
src/fcxml.c	706	warn	V1037 Two or more case-branches perform the same actions. Check lines: 706, 754
src/fcxml.c	2178	warn	V1037 Two or more case-branches perform the same actions. Check lines: 2178, 2205

Edited Jan 10, 2022 by Grigory