From 6b34fa1ddd9da97868be920deeef8a515923adb7 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Wed, 17 Aug 2022 10:18:52 +0800 Subject: [PATCH] sync from upstream iSulad 1. fix clang analyzer report bugs; 2. add clean path for all path; Signed-off-by: haozi007 --- 0001-do-not-use-tmpfile.patch | 2 +- 0002-use-only-TLS-v1.2-or-later.patch | 2 +- ...eable-dirs-if-user-set-mount-for-dev.patch | 2 +- ...te-arch-unspecified-seccomp-profiles.patch | 2 +- ...CI-test-case-checking-seccomp-option.patch | 2 +- ...ach-when-stdout-and-stderr-are-false.patch | 2 +- ...-quota-out-of-range-when-update-to-1.patch | 2 +- ...ck-monitor-before-stopping-container.patch | 2 +- 0009-set-dup_option-null-after-free.patch | 2 +- ...ring-must-have-space-store-null-char.patch | 2 +- 0011-remove-unused-include-files.patch | 2 +- 0012-fix-lose-override-flag.patch | 2 +- ...cute-permissions-for-libhttpclient.s.patch | 2 +- ...uest_to_rest-forgot-to-handle-suffix.patch | 2 +- 0015-add-fuzz-dict.patch | 2 +- ...nsure-agrument-with-nonnull-attirbut.patch | 121 ++++++++++ ...=> 0017-change-default-umask-to-0022.patch | 2 +- ...lang-analyzer-remove-dead-assignment.patch | 208 ++++++++++++++++++ ...nsure-derenference-of-non-null-point.patch | 188 ++++++++++++++++ ...o-clean-path-and-check-if-file-exist.patch | 141 ++++++++++++ ...r-fix-memory-leak-and-use-after-free.patch | 157 +++++++++++++ iSulad.spec | 15 +- 22 files changed, 844 insertions(+), 18 deletions(-) create mode 100644 0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch rename 0016-change-default-umask-to-0022.patch => 0017-change-default-umask-to-0022.patch (93%) create mode 100644 0018-clang-analyzer-remove-dead-assignment.patch create mode 100644 0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch create mode 100644 0020-do-clean-path-and-check-if-file-exist.patch create mode 100644 0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch diff --git a/0001-do-not-use-tmpfile.patch b/0001-do-not-use-tmpfile.patch index 30ec977..05d7e57 100644 --- a/0001-do-not-use-tmpfile.patch +++ b/0001-do-not-use-tmpfile.patch @@ -1,7 +1,7 @@ From 2e404b3aa5fcea87a905fbd7ff3465b6135b701e Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Wed, 20 Jul 2022 14:26:58 +0800 -Subject: [PATCH 01/15] do not use tmpfile() +Subject: [PATCH 01/21] do not use tmpfile() Signed-off-by: WangFengTu --- diff --git a/0002-use-only-TLS-v1.2-or-later.patch b/0002-use-only-TLS-v1.2-or-later.patch index 56df6fd..8eaf761 100644 --- a/0002-use-only-TLS-v1.2-or-later.patch +++ b/0002-use-only-TLS-v1.2-or-later.patch @@ -1,7 +1,7 @@ From 025d2c2dad2786eda40f2367cdd727a36b8249df Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Thu, 21 Jul 2022 15:37:07 +0800 -Subject: [PATCH 02/15] use only TLS v1.2 or later +Subject: [PATCH 02/21] use only TLS v1.2 or later Signed-off-by: WangFengTu --- diff --git a/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch b/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch index e4ad6c9..a186f9e 100644 --- a/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch +++ b/0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch @@ -1,7 +1,7 @@ From a475d8da1122af712dbc79dc5d92f1cb95d519f9 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Mon, 25 Jul 2022 20:31:15 +0800 -Subject: [PATCH 03/15] don't mount shareable dirs if user set mount for dev +Subject: [PATCH 03/21] don't mount shareable dirs if user set mount for dev shm Signed-off-by: zhangxiaoyu diff --git a/0004-tolerate-arch-unspecified-seccomp-profiles.patch b/0004-tolerate-arch-unspecified-seccomp-profiles.patch index 60ac49a..5f27074 100644 --- a/0004-tolerate-arch-unspecified-seccomp-profiles.patch +++ b/0004-tolerate-arch-unspecified-seccomp-profiles.patch @@ -1,7 +1,7 @@ From 73e02e66102b3e066d5d6424624461c3024cabe4 Mon Sep 17 00:00:00 2001 From: chengzrz Date: Fri, 29 Jul 2022 14:44:55 +0800 -Subject: [PATCH 04/15] tolerate arch unspecified seccomp profiles +Subject: [PATCH 04/21] tolerate arch unspecified seccomp profiles Signed-off-by: chengzrz --- diff --git a/0005-add-a-CI-test-case-checking-seccomp-option.patch b/0005-add-a-CI-test-case-checking-seccomp-option.patch index 61b7a13..38ee6ee 100644 --- a/0005-add-a-CI-test-case-checking-seccomp-option.patch +++ b/0005-add-a-CI-test-case-checking-seccomp-option.patch @@ -1,7 +1,7 @@ From c9c2bb6bfbe2060bdc6af53ca0d752572b21594d Mon Sep 17 00:00:00 2001 From: chengzrz Date: Fri, 29 Jul 2022 14:45:20 +0800 -Subject: [PATCH 05/15] add a CI test case, checking seccomp option +Subject: [PATCH 05/21] add a CI test case, checking seccomp option Signed-off-by: chengzrz --- diff --git a/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch b/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch index ea520ff..353ad30 100644 --- a/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch +++ b/0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch @@ -1,7 +1,7 @@ From 9498a8df59f69acbf75f9aa69fef465350288bb8 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Mon, 1 Aug 2022 11:20:31 +0800 -Subject: [PATCH 06/15] fix cri attach when stdout and stderr are false +Subject: [PATCH 06/21] fix cri attach when stdout and stderr are false Signed-off-by: zhangxiaoyu --- diff --git a/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch b/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch index de284ca..c9f24e0 100644 --- a/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch +++ b/0007-fix-cpu-quota-out-of-range-when-update-to-1.patch @@ -1,7 +1,7 @@ From 5174fd2608a25a8f7f4b61be79d125b19fb420f9 Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Tue, 26 Jul 2022 02:08:43 -0700 -Subject: [PATCH 07/15] fix cpu-quota out of range when update to -1 +Subject: [PATCH 07/21] fix cpu-quota out of range when update to -1 Signed-off-by: Neil.wrz --- diff --git a/0008-stop-health-check-monitor-before-stopping-container.patch b/0008-stop-health-check-monitor-before-stopping-container.patch index 1d6d498..3eb88f8 100644 --- a/0008-stop-health-check-monitor-before-stopping-container.patch +++ b/0008-stop-health-check-monitor-before-stopping-container.patch @@ -1,7 +1,7 @@ From b8fd21e636b643fe9f257a77808d53b067f3d105 Mon Sep 17 00:00:00 2001 From: songbuhuang <544824346@qq.com> Date: Wed, 3 Aug 2022 16:06:16 +0800 -Subject: [PATCH 08/15] stop health check monitor before stopping container +Subject: [PATCH 08/21] stop health check monitor before stopping container Signed-off-by: songbuhuang <544824346@qq.com> --- diff --git a/0009-set-dup_option-null-after-free.patch b/0009-set-dup_option-null-after-free.patch index e7775fe..cc333be 100644 --- a/0009-set-dup_option-null-after-free.patch +++ b/0009-set-dup_option-null-after-free.patch @@ -1,7 +1,7 @@ From 3d8258777c2265ea00c9fe13a11d37d0b3320e4c Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Fri, 5 Aug 2022 14:37:38 +0800 -Subject: [PATCH 09/15] set dup_option null after free +Subject: [PATCH 09/21] set dup_option null after free Signed-off-by: zhangxiaoyu --- diff --git a/0010-ensure-read-string-must-have-space-store-null-char.patch b/0010-ensure-read-string-must-have-space-store-null-char.patch index 2868baf..0866b0d 100644 --- a/0010-ensure-read-string-must-have-space-store-null-char.patch +++ b/0010-ensure-read-string-must-have-space-store-null-char.patch @@ -1,7 +1,7 @@ From 6e0b890c16d851bd29009b8a778234ce9e82339e Mon Sep 17 00:00:00 2001 From: haozi007 Date: Mon, 8 Aug 2022 16:46:22 +0800 -Subject: [PATCH 10/15] ensure read string must have space store null char +Subject: [PATCH 10/21] ensure read string must have space store null char Signed-off-by: haozi007 --- diff --git a/0011-remove-unused-include-files.patch b/0011-remove-unused-include-files.patch index 69e159d..83fa3fa 100644 --- a/0011-remove-unused-include-files.patch +++ b/0011-remove-unused-include-files.patch @@ -1,7 +1,7 @@ From 448e4c5b0327916c05d8354e4e99565de7a8129d Mon Sep 17 00:00:00 2001 From: haozi007 Date: Tue, 9 Aug 2022 14:36:33 +0800 -Subject: [PATCH 11/15] remove unused include files +Subject: [PATCH 11/21] remove unused include files Signed-off-by: haozi007 --- diff --git a/0012-fix-lose-override-flag.patch b/0012-fix-lose-override-flag.patch index 3cdec2a..bd478f5 100644 --- a/0012-fix-lose-override-flag.patch +++ b/0012-fix-lose-override-flag.patch @@ -1,7 +1,7 @@ From ec627e1564baf4e77311c917bde9bddf23b63b9b Mon Sep 17 00:00:00 2001 From: haozi007 Date: Wed, 10 Aug 2022 17:40:36 +0800 -Subject: [PATCH 12/15] fix lose override flag +Subject: [PATCH 12/21] fix lose override flag Signed-off-by: haozi007 --- diff --git a/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch b/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch index c2e0172..e1d6758 100644 --- a/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch +++ b/0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch @@ -1,7 +1,7 @@ From e524923aeeeb96f999dd153ea51f778289fade52 Mon Sep 17 00:00:00 2001 From: zhongtao Date: Fri, 12 Aug 2022 17:17:44 +0800 -Subject: [PATCH 13/15] Add read and execute permissions for libhttpclient.so +Subject: [PATCH 13/21] Add read and execute permissions for libhttpclient.so and libisulad_tools.so for other users, so that non-root users who join the isula group can use the isula command normally diff --git a/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch b/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch index fa13a5d..7a7a6d0 100644 --- a/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch +++ b/0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch @@ -1,7 +1,7 @@ From dfcd1cbd6403af11d7afed96b0c8e3ca292722f9 Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Fri, 12 Aug 2022 15:30:50 -0700 -Subject: [PATCH 14/15] fix exec_request_to_rest forgot to handle suffix +Subject: [PATCH 14/21] fix exec_request_to_rest forgot to handle suffix Signed-off-by: Neil.wrz --- diff --git a/0015-add-fuzz-dict.patch b/0015-add-fuzz-dict.patch index f863d85..51a99e4 100644 --- a/0015-add-fuzz-dict.patch +++ b/0015-add-fuzz-dict.patch @@ -1,7 +1,7 @@ From 13c9523f3f69bafc62be8465dea235bdc7e6df4f Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Thu, 11 Aug 2022 20:30:48 +0800 -Subject: [PATCH 15/15] add fuzz dict +Subject: [PATCH 15/21] add fuzz dict Signed-off-by: WangFengTu --- diff --git a/0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch b/0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch new file mode 100644 index 0000000..b832840 --- /dev/null +++ b/0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch @@ -0,0 +1,121 @@ +From 9d365a82ceea7e50bce8069a9b14a529b6467299 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Mon, 15 Aug 2022 19:34:42 +0800 +Subject: [PATCH 16/21] [clang-analyzer] ensure agrument with nonnull attirbute + passed nonnull + +Signed-off-by: haozi007 +--- + src/daemon/executor/container_cb/execution_create.c | 3 ++- + .../storage/layer_store/graphdriver/devmapper/deviceset.c | 8 +++----- + .../layer_store/graphdriver/devmapper/wrapper_devmapper.c | 4 ++-- + src/daemon/modules/spec/specs_mount.c | 6 ++++-- + src/utils/cutils/utils_file.c | 3 +-- + 5 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 626cfbc6..da01a57f 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -833,7 +833,8 @@ static int prepare_host_channel(const host_config_host_channel *host_channel, co + } + #endif + +- if (host_channel == NULL) { ++ if (host_channel == NULL || host_channel->path_on_host == NULL) { ++ DEBUG("Host channel is not setting."); + goto out; + } + if (util_dir_exists(host_channel->path_on_host)) { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 10c7fafd..78d8737d 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -3340,15 +3340,14 @@ static int umount_deactivate_dev_all(const struct device_set *devset) + mnt_root = util_path_join(devset->root, "mnt"); + if (mnt_root == NULL) { + ERROR("devmapper:join path %s/mnt failed", devset->root); +- ret = -1; +- goto out; ++ return -1; + } + + dp = opendir(mnt_root); + if (dp == NULL) { + ERROR("devmapper: open dir %s failed", mnt_root); +- ret = -1; +- goto out; ++ free(mnt_root); ++ return -1; + } + + // Do my best to umount all of the device that has been mounted +@@ -3398,7 +3397,6 @@ static int umount_deactivate_dev_all(const struct device_set *devset) + devmapper_device_info_ref_dec(device_info); + } + +-out: + closedir(dp); + free(mnt_root); + return ret; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +index 07d64318..8a1dfff5 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +@@ -393,13 +393,13 @@ void dev_udev_wait(uint32_t cookie) + + if (gettimeofday(&start, NULL) != 0) { + ERROR("devmapper: get time failed"); +- goto free_out; ++ return; + } + + uwait = util_common_calloc_s(sizeof(udev_wait_pth_t)); + if (uwait == NULL) { + ERROR("Out of memory"); +- goto free_out; ++ return; + } + uwait->cookie = cookie; + uwait->state = DEV_INIT; +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index 8966293f..12f66d8c 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -3358,7 +3358,7 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai + + /* mounts to mount filesystem */ + ret = merge_fs_mounts_to_v2_spec(all_fs_mounts, all_fs_mounts_len, v2_spec); +- if (ret) { ++ if (ret != 0) { + ERROR("Failed to merge mounts in to v2 spec"); + goto out; + } +@@ -3404,7 +3404,9 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai + } + } + +- qsort(all_fs_mounts, all_fs_mounts_len, sizeof(all_fs_mounts[0]), destination_compare); ++ if (all_fs_mounts_len > 0) { ++ qsort(all_fs_mounts, all_fs_mounts_len, sizeof(all_fs_mounts[0]), destination_compare); ++ } + + ret = merge_fs_mounts_to_oci_spec(oci_spec, all_fs_mounts, all_fs_mounts_len); + if (ret) { +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 00f586f1..67e7a707 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -1531,8 +1531,7 @@ int util_atomic_write_file(const char *fname, const char *content, size_t conten + tmp_file = get_random_tmp_file(fname); + if (tmp_file == NULL) { + ERROR("Failed to get tmp file for %s", fname); +- ret = -1; +- goto free_out; ++ return -1; + } + + ret = do_atomic_write_file(tmp_file, content, content_len, mode, sync); +-- +2.25.1 + diff --git a/0016-change-default-umask-to-0022.patch b/0017-change-default-umask-to-0022.patch similarity index 93% rename from 0016-change-default-umask-to-0022.patch rename to 0017-change-default-umask-to-0022.patch index a47a82b..00d40c7 100644 --- a/0016-change-default-umask-to-0022.patch +++ b/0017-change-default-umask-to-0022.patch @@ -1,7 +1,7 @@ From 53ba0431c50a618bee0e17315ec176e6c400ed86 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Mon, 15 Aug 2022 19:41:27 +0800 -Subject: [PATCH] change default umask to 0022 +Subject: [PATCH 17/21] change default umask to 0022 Signed-off-by: WangFengTu --- diff --git a/0018-clang-analyzer-remove-dead-assignment.patch b/0018-clang-analyzer-remove-dead-assignment.patch new file mode 100644 index 0000000..2b68790 --- /dev/null +++ b/0018-clang-analyzer-remove-dead-assignment.patch @@ -0,0 +1,208 @@ +From 348c79c8ee9379f5237d1fdbcdb3678c9a9e9527 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 16 Aug 2022 10:23:39 +0800 +Subject: [PATCH 18/21] [clang-analyzer] remove dead assignment + +Signed-off-by: haozi007 +--- + src/cmd/isulad-shim/process.c | 2 +- + src/cmd/options/opt_log.c | 4 ++++ + src/daemon/executor/container_cb/execution_network.c | 1 - + src/daemon/modules/image/oci/oci_import.c | 2 -- + src/daemon/modules/image/oci/registry/auths.c | 2 +- + src/daemon/modules/image/oci/registry/registry.c | 4 +--- + .../graphdriver/overlay2/driver_overlay2.c | 2 +- + .../image/oci/storage/layer_store/layer_store.c | 12 ++++++++---- + src/daemon/modules/log/log_gather.c | 1 - + src/daemon/modules/plugin/plugin.c | 1 - + src/utils/cutils/map/map.c | 2 +- + src/utils/cutils/path.c | 2 +- + 12 files changed, 18 insertions(+), 17 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index 4d665b26..c8ce7a44 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -297,7 +297,7 @@ static void *do_io_copy(void *data) + } + + fd_node_t *fn = ioc->fd_to; +- fd_node_t *next = fn; ++ fd_node_t *next = NULL; + for (; fn != NULL; fn = next) { + next = fn->next; + if (fn->is_log) { +diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c +index 7ec7591f..b1abcfaf 100644 +--- a/src/cmd/options/opt_log.c ++++ b/src/cmd/options/opt_log.c +@@ -162,6 +162,10 @@ bool parse_container_log_opt(const char *key, const char *val, json_map_string_s + } + nret = append_json_map_string_string(opts, support_parsers[i].real_key, parsed_val); + free(parsed_val); ++ if (nret != 0) { ++ ERROR("Out of memory."); ++ return false; ++ } + return true; + } + } +diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c +index 6ca79a8c..fa0ec612 100644 +--- a/src/daemon/executor/container_cb/execution_network.c ++++ b/src/daemon/executor/container_cb/execution_network.c +@@ -625,7 +625,6 @@ static int merge_resolv(const host_config *host_spec, const char *rootfs, const + if (ret != 0) { + WARN("Failed to handle resolv config %s, skip", pline); + free(tmp_content); +- ret = 0; + } else { + free(content); + content = tmp_content; +diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c +index ae2f547a..335ee8d4 100644 +--- a/src/daemon/modules/image/oci/oci_import.c ++++ b/src/daemon/modules/image/oci/oci_import.c +@@ -335,8 +335,6 @@ static int register_image(import_desc *desc) + ret = -1; + goto out; + } +- +- ret = 0; + } + + image_created = true; +diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c +index 02b9753c..a95127f2 100644 +--- a/src/daemon/modules/image/oci/registry/auths.c ++++ b/src/daemon/modules/image/oci/registry/auths.c +@@ -218,7 +218,7 @@ out: + free(err); + err = NULL; + +- return 0; ++ return ret; + } + + static int add_allocated_auth(registry_auths *auths, char *host, char *auth) +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index e6369f90..17464c34 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -696,6 +696,7 @@ static int create_image(pull_descriptor *desc, char *image_id, bool *reuse) + goto out; + } + ++ *reuse = false; + ret = storage_img_create(image_id, top_layer_id, NULL, &opts); + if (ret != 0) { + pre_top_layer = storage_get_img_top_layer(image_id); +@@ -712,10 +713,7 @@ static int create_image(pull_descriptor *desc, char *image_id, bool *reuse) + goto out; + } + +- ret = 0; + *reuse = true; +- } else { +- *reuse = false; + } + + ret = storage_img_add_name(image_id, desc->dest_image_name); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 7a45f880..eac40eb4 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -475,7 +475,7 @@ static int do_diff_symlink(const char *id, char *link_id, const char *driver_hom + } + + nret = symlink(target_path, clean_path); +- if (ret < 0) { ++ if (nret < 0) { + SYSERROR("Failed to create symlink from \"%s\" to \"%s\"", clean_path, target_path); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 208bb3bc..cd18c6aa 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -885,12 +885,12 @@ static char *caculate_playload(struct archive *ar) + break; + } + if (r != ARCHIVE_OK) { +- nret = -1; +- break; ++ ERROR("Read archive failed"); ++ goto out; + } + if (!isula_crc_update(ctab, &crc, block_buf, block_size)) { +- nret = -1; +- break; ++ ERROR("Do crc update failed"); ++ goto out; + } + empty = false; + } +@@ -930,6 +930,10 @@ static int archive_entry_parse(struct archive_entry *entry, struct archive *ar, + sentry.position = position; + // caculate playload + sentry.payload = caculate_playload(ar); ++ if (sentry.payload == NULL) { ++ ERROR("Caculate playload failed."); ++ goto out; ++ } + + data = storage_entry_generate_json(&sentry, &ctx, &jerr); + if (data == NULL) { +diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c +index 51c112a3..49facaa2 100644 +--- a/src/daemon/modules/log/log_gather.c ++++ b/src/daemon/modules/log/log_gather.c +@@ -342,7 +342,6 @@ static int init_log(const struct log_gather_conf *lgconf) + break; + case LOG_GATHER_DRIVER_NOSET: + g_save_log_op = write_into_stdout; +- driver = LOG_GATHER_DRIVER_STDOUT; + COMMAND_ERROR("Unset log driver, use stderr to log."); + break; + default: +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index 501271ae..725bca5b 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -1268,7 +1268,6 @@ int pm_init(void) + + ret = pthread_rwlock_init(&gpm->pm_rwlock, NULL); + if (ret != 0) { +- ret = -1; + goto bad; + } + +diff --git a/src/utils/cutils/map/map.c b/src/utils/cutils/map/map.c +index 2fe96a54..cca04fe5 100644 +--- a/src/utils/cutils/map/map.c ++++ b/src/utils/cutils/map/map.c +@@ -340,7 +340,7 @@ map_t *map_new(map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfre + } else { + freer = kvfree; + } +- cmpor = comparator; ++ + if (is_key_ptr(kvtype) && (comparator == MAP_DEFAULT_CMP_FUNC)) { + cmpor = rbtree_ptr_cmp; + } else if (is_key_int(kvtype) && (comparator == MAP_DEFAULT_CMP_FUNC)) { +diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c +index 2446f479..79cd7af6 100644 +--- a/src/utils/cutils/path.c ++++ b/src/utils/cutils/path.c +@@ -55,7 +55,7 @@ static int do_clean_path(const char *respath, const char *limit_respath, const c + char *dest = *dst; + const char *endpos = NULL; + +- for (endpos = stpos; *stpos; stpos = endpos) { ++ for (; *stpos; stpos = endpos) { + while (ISSLASH(*stpos)) { + ++stpos; + } +-- +2.25.1 + diff --git a/0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch b/0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch new file mode 100644 index 0000000..a3e841c --- /dev/null +++ b/0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch @@ -0,0 +1,188 @@ +From befc89eb26ff693ecb4fc5209985da9183bfd796 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 16 Aug 2022 16:12:13 +0800 +Subject: [PATCH 19/21] [clang-anaylzer] ensure derenference of non-null + pointer + +1. ensure derenference non-null pointer; +2. fix double free; + +Signed-off-by: haozi007 +--- + src/cmd/isula/information/ps.c | 5 ++--- + .../entry/cri/cri_pod_sandbox_manager_service_impl.cc | 2 +- + src/daemon/executor/image_cb/image_cb.c | 10 ++++------ + .../modules/container/container_events_handler.c | 3 +-- + .../modules/container/health_check/health_check.c | 3 ++- + src/daemon/modules/image/oci/registry/http_request.c | 5 ++--- + .../image/oci/storage/image_store/image_store.c | 2 +- + src/daemon/modules/spec/specs.c | 5 +++-- + 8 files changed, 16 insertions(+), 19 deletions(-) + +diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c +index 805cbbd6..71c01acb 100644 +--- a/src/cmd/isula/information/ps.c ++++ b/src/cmd/isula/information/ps.c +@@ -731,6 +731,7 @@ static int append_first_non_header_field(const char *index, struct filters *ff) + goto out; + } + tmp->name = first_non_field; ++ first_non_field = NULL; + tmp->is_field = false; + if (append_field(ff, tmp) != 0) { + ERROR("Failed to append field"); +@@ -738,7 +739,6 @@ static int append_first_non_header_field(const char *index, struct filters *ff) + goto out; + } + tmp = NULL; +- first_non_field = NULL; + + out: + free_filter_field(tmp); +@@ -870,15 +870,14 @@ static int append_header_item_field(const char *index, const char *prefix, const + goto out; + } + field->name = filter_string; ++ filter_string = NULL; + field->is_field = true; + if (append_field(ff, field) != 0) { + ERROR("Failed to append field"); + ret = -1; + goto out; + } +- + field = NULL; +- filter_string = NULL; + + out: + free(sub_patten); +diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +index f0c0c6bb..fc0616e8 100644 +--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc +@@ -851,7 +851,7 @@ auto PodSandboxManagerServiceImpl::RemoveAllContainersInSandbox(const std::strin + } + + // Remove all containers in the sandbox. +- for (size_t i = 0; i < list_response->containers_len; i++) { ++ for (size_t i = 0; list_response != nullptr && i < list_response->containers_len; i++) { + Errors rmError; + CRIHelpers::RemoveContainer(m_cb, list_response->containers[i]->id, rmError); + if (rmError.NotEmpty() && !CRIHelpers::IsContainerNotFoundError(rmError.GetMessage())) { +diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c +index 75ae7b74..55e12d51 100644 +--- a/src/daemon/executor/image_cb/image_cb.c ++++ b/src/daemon/executor/image_cb/image_cb.c +@@ -1009,8 +1009,7 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima + *response = util_common_calloc_s(sizeof(image_pull_image_response)); + if (*response == NULL) { + ERROR("Out of memory"); +- cc = ISULAD_ERR_MEMOUT; +- goto out; ++ return ISULAD_ERR_MEMOUT; + } + + EVENT("Image Event: {Object: %s, Type: Pulling}", request->image_name); +@@ -1030,12 +1029,11 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima + EVENT("Image Event: {Object: %s, Type: Pulled}", request->image_name); + + out: +- if (*response != NULL) { +- (*response)->image_ref = util_strdup_s(im_rsp->image_ref); +- (*response)->cc = cc; ++ (*response)->cc = cc; ++ if (im_rsp != NULL) { + (*response)->errmsg = util_strdup_s(im_rsp->errmsg); ++ (*response)->image_ref = util_strdup_s(im_rsp->image_ref); + } +- + free_im_pull_request(im_req); + free_im_pull_response(im_rsp); + +diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c +index 994c11cc..55dbfbe6 100644 +--- a/src/daemon/modules/container/container_events_handler.c ++++ b/src/daemon/modules/container/container_events_handler.c +@@ -282,8 +282,7 @@ int container_events_handler_post_events(const struct isulad_events_format *even + cont = containers_store_get(event->id); + if (cont == NULL) { + ERROR("No such container:%s", event->id); +- ret = -1; +- goto out; ++ return -1; + } + + it = util_common_calloc_s(sizeof(struct linked_list)); +diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c +index 273d3531..e9dcbdb9 100644 +--- a/src/daemon/modules/container/health_check/health_check.c ++++ b/src/daemon/modules/container/health_check/health_check.c +@@ -813,7 +813,8 @@ static void *health_check_monitor(void *arg) + cont = containers_store_get(container_id); + if (cont == NULL) { + ERROR("Failed to get container info"); +- goto out; ++ free(container_id); ++ return NULL; + } + set_monitor_exist_flag(cont->health_check, true); + if (util_get_now_time_stamp(&start_timestamp) == false) { +diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c +index e812f947..f29c2017 100644 +--- a/src/daemon/modules/image/oci/registry/http_request.c ++++ b/src/daemon/modules/image/oci/registry/http_request.c +@@ -704,9 +704,8 @@ int http_request_file(pull_descriptor *desc, const char *url, const char **custo + + options = util_common_calloc_s(sizeof(struct http_get_options)); + if (options == NULL) { +- ERROR("Failed to malloc http_get_options"); +- ret = -1; +- goto out; ++ ERROR("Out of memory"); ++ return -1; + } + + memset(options, 0x00, sizeof(struct http_get_options)); +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index 3ee69ee7..9dab66fd 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -2026,7 +2026,7 @@ static bool validate_digest(const char *digest) + char *encode = NULL; + + // contains ':' and is not the last character +- if (index == NULL && index - value + 1 == strlen(value)) { ++ if (index == NULL || index - value + 1 == strlen(value)) { + INFO("Invalid checksum digest format"); + ret = false; + goto out; +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index cf4aa111..44e38674 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -1794,12 +1794,12 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch + continue; + } + +- if (split_security_opt(host_spec->security_opt[i], &items, &items_size)) { ++ if (split_security_opt(host_spec->security_opt[i], &items, &items_size) != 0) { + ret = -1; + goto out; + } + +- if (items_size != 2) { ++ if (items == NULL || items_size != 2) { + ERROR("invalid --security-opt: %s", host_spec->security_opt[i]); + ret = -1; + goto out; +@@ -1823,6 +1823,7 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch + } + util_free_array(items); + items = NULL; ++ items_size = 0; + } + + out: +-- +2.25.1 + diff --git a/0020-do-clean-path-and-check-if-file-exist.patch b/0020-do-clean-path-and-check-if-file-exist.patch new file mode 100644 index 0000000..64377a1 --- /dev/null +++ b/0020-do-clean-path-and-check-if-file-exist.patch @@ -0,0 +1,141 @@ +From 2cc83682862c28c05f68c0070b26f8dfa36bd2f7 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Tue, 16 Aug 2022 10:07:09 +0800 +Subject: [PATCH 20/21] do clean path and check if file exist + +Signed-off-by: WangFengTu +--- + src/daemon/executor/image_cb/image_cb.c | 19 +++++++++++++++++-- + src/daemon/modules/image/oci/oci_export.c | 20 ++++++++++++++++++-- + 2 files changed, 35 insertions(+), 4 deletions(-) + +diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c +index 55e12d51..5beda5f4 100644 +--- a/src/daemon/executor/image_cb/image_cb.c ++++ b/src/daemon/executor/image_cb/image_cb.c +@@ -55,11 +55,13 @@ + #include "utils_regex.h" + #include "utils_timestamp.h" + #include "utils_verify.h" ++#include "path.h" + + static int do_import_image(const char *file, const char *tag, char **id) + { + int ret = 0; + im_import_request *request = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; + + if (file == NULL || tag == NULL || id == NULL) { + ERROR("Invalid input arguments"); +@@ -67,6 +69,12 @@ static int do_import_image(const char *file, const char *tag, char **id) + goto out; + } + ++ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("clean path for %s failed", file); ++ ret = -1; ++ goto out; ++ } ++ + request = util_common_calloc_s(sizeof(im_import_request)); + if (request == NULL) { + ERROR("Out of memory"); +@@ -75,7 +83,7 @@ static int do_import_image(const char *file, const char *tag, char **id) + } + + request->tag = util_strdup_s(tag); +- request->file = util_strdup_s(file); ++ request->file = util_strdup_s(cleanpath); + + ret = im_import_image(request, id); + if (ret != 0) { +@@ -147,6 +155,7 @@ static int do_load_image(const char *file, const char *tag, const char *type) + int ret = 0; + im_load_request *request = NULL; + im_load_response *response = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; + + if (file == NULL || type == NULL) { + ERROR("Invalid input arguments"); +@@ -154,6 +163,12 @@ static int do_load_image(const char *file, const char *tag, const char *type) + goto out; + } + ++ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("clean path for %s failed", file); ++ ret = -1; ++ goto out; ++ } ++ + request = util_common_calloc_s(sizeof(im_load_request)); + if (request == NULL) { + ERROR("Out of memory"); +@@ -163,7 +178,7 @@ static int do_load_image(const char *file, const char *tag, const char *type) + if (tag != NULL) { + request->tag = util_strdup_s(tag); + } +- request->file = util_strdup_s(file); ++ request->file = util_strdup_s(cleanpath); + request->type = util_strdup_s(type); + + ret = im_load_image(request, &response); +diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c +index 4b9d5183..e27ed6d8 100644 +--- a/src/daemon/modules/image/oci/oci_export.c ++++ b/src/daemon/modules/image/oci/oci_export.c +@@ -15,11 +15,14 @@ + #include "oci_export.h" + #include + #include ++#include + + #include "storage.h" + #include "isula_libutils/log.h" + #include "err_msg.h" + #include "util_archive.h" ++#include "path.h" ++#include "utils_file.h" + + int oci_do_export(char *id, char *file) + { +@@ -27,12 +30,25 @@ int oci_do_export(char *id, char *file) + int ret2 = 0; + char *mount_point = NULL; + char *errmsg = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; + + if (id == NULL || file == NULL) { + ERROR("Invalid NULL param"); + return -1; + } + ++ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("clean path for %s failed", file); ++ ret = -1; ++ goto out; ++ } ++ ++ if (util_fileself_exists(cleanpath)) { ++ ERROR("dst file %s exist", cleanpath); ++ ret = -1; ++ goto out; ++ } ++ + mount_point = storage_rootfs_mount(id); + if (mount_point == NULL) { + ERROR("mount container %s failed", id); +@@ -40,9 +56,9 @@ int oci_do_export(char *id, char *file) + return -1; + } + +- ret = archive_chroot_tar(mount_point, file, &errmsg); ++ ret = archive_chroot_tar(mount_point, cleanpath, &errmsg); + if (ret != 0) { +- ERROR("failed to export container %s to file %s: %s", id, file, errmsg); ++ ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg); + isulad_set_error_message("Failed to export rootfs with error: %s", errmsg); + goto out; + } +-- +2.25.1 + diff --git a/0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch b/0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch new file mode 100644 index 0000000..b8c91df --- /dev/null +++ b/0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch @@ -0,0 +1,157 @@ +From 1530d542f0beaf9aca8eee68096996240a755b1c Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 16 Aug 2022 19:50:29 +0800 +Subject: [PATCH 21/21] [clang-analyzer] fix memory leak and use after free + +Signed-off-by: haozi007 +--- + .../connect/grpc/grpc_containers_client.cc | 5 +++++ + .../entry/cri/websocket/service/ws_server.cc | 1 + + .../oci/storage/layer_store/layer_store.c | 21 +++++++++---------- + src/utils/cpputils/url.cc | 2 +- + src/utils/cutils/utils_file.c | 2 +- + 5 files changed, 18 insertions(+), 13 deletions(-) + +diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc +index 85cafe9b..33c7c631 100644 +--- a/src/client/connect/grpc/grpc_containers_client.cc ++++ b/src/client/connect/grpc/grpc_containers_client.cc +@@ -1926,6 +1926,7 @@ public: + ClientBaseConstants::COMMON_NAME_LEN); + if (ret != 0) { + ERROR("Failed to get common name in: %s", m_certFile.c_str()); ++ delete ctx; + return -1; + } + ctx->context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value))); +@@ -1945,11 +1946,15 @@ public: + ERROR("Invalid json: %s", err); + free(err); + CopyFromContainerFinish(ctx, &response->errmsg); ++ delete ctx->reader; ++ delete ctx; + return -1; + } + free(err); + } else { + CopyFromContainerFinish(ctx, &response->errmsg); ++ delete ctx->reader; ++ delete ctx; + return -1; + } + // Ignore the first reader which is used for transform metadata +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc +index 08f2cff0..63afc9dd 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.cc ++++ b/src/daemon/entry/cri/websocket/service/ws_server.cc +@@ -391,6 +391,7 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept + } + if (GenerateSessionData(session, containerID) != 0) { + ERROR("failed to fill generate session data"); ++ delete session; + return -1; + } + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index cd18c6aa..e563a8ef 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -853,7 +853,7 @@ static void free_storage_entry_data(storage_entry *entry) + } + } + +-static char *caculate_playload(struct archive *ar) ++static int caculate_playload(struct archive *ar, char **result) + { + int r = 0; + unsigned char *block_buf = NULL; +@@ -863,8 +863,7 @@ static char *caculate_playload(struct archive *ar) + #else + off_t block_offset = 0; + #endif +- char *ret = NULL; +- int nret = 0; ++ int ret = 0; + const isula_crc_table_t *ctab = NULL; + uint64_t crc = 0; + // max crc bits is 8 +@@ -876,7 +875,7 @@ static char *caculate_playload(struct archive *ar) + ctab = new_isula_crc_table(ISO_POLY); + + if (ctab == NULL) { +- return NULL; ++ return -1; + } + + for (;;) { +@@ -886,10 +885,12 @@ static char *caculate_playload(struct archive *ar) + } + if (r != ARCHIVE_OK) { + ERROR("Read archive failed"); ++ ret = -1; + goto out; + } + if (!isula_crc_update(ctab, &crc, block_buf, block_size)) { + ERROR("Do crc update failed"); ++ ret = -1; + goto out; + } + empty = false; +@@ -903,10 +904,9 @@ static char *caculate_playload(struct archive *ar) + for (r = 0; r < 8; r++) { + tmp_data[r] = sum_data[r]; + } +- nret = util_base64_encode(tmp_data, 8, &ret); +- +- if (nret != 0) { +- return NULL; ++ ret = util_base64_encode(tmp_data, 8, result); ++ if (ret != 0) { ++ ERROR("Do encode failed"); + } + + out: +@@ -929,9 +929,8 @@ static int archive_entry_parse(struct archive_entry *entry, struct archive *ar, + sentry.size = archive_entry_size(entry); + sentry.position = position; + // caculate playload +- sentry.payload = caculate_playload(ar); +- if (sentry.payload == NULL) { +- ERROR("Caculate playload failed."); ++ if (caculate_playload(ar, &sentry.payload) != 0) { ++ ERROR("Caculate playload failed"); + goto out; + } + +diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc +index ab1355a3..c78cf787 100644 +--- a/src/utils/cpputils/url.cc ++++ b/src/utils/cpputils/url.cc +@@ -32,7 +32,7 @@ bool GetHexDigit(char c, char &d) + d = c - '0'; + } else if (c >= 'a' && c <= 'f') { + d = c - 'a' + 10; +- } else if (c >= 'A' && c <= 'F') { ++ } else { + d = c - 'A' + 10; + } + return true; +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 67e7a707..f06f4d49 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -1549,10 +1549,10 @@ int util_atomic_write_file(const char *fname, const char *content, size_t conten + } + + free_out: +- free(tmp_file); + if (ret != 0 && unlink(tmp_file) != 0 && errno != ENOENT) { + SYSERROR("Failed to remove temp file:%s", tmp_file); + } ++ free(tmp_file); + return ret; + } + +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index ea88b12..a4442f1 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.15 -%global _release 4 +%global _release 5 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -28,7 +28,12 @@ Patch6011: 0012-fix-lose-override-flag.patch Patch6012: 0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch Patch6013: 0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch Patch6014: 0015-add-fuzz-dict.patch -Patch6015: 0016-change-default-umask-to-0022.patch +Patch6015: 0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch +Patch6016: 0017-change-default-umask-to-0022.patch +Patch6017: 0018-clang-analyzer-remove-dead-assignment.patch +Patch6018: 0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch +Patch6019: 0020-do-clean-path-and-check-if-file-exist.patch +Patch6020: 0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -256,6 +261,12 @@ fi %endif %changelog +* Wed Aug 17 2022 haozi007 - 2.0.15-5 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: sycn patches from openeuler + * Mon Aug 15 2022 wangfengtu - 2.0.15-4 - Type: enhancement - ID: NA