diff --git a/backport-Fix-a-couple-small-static-analysis-findings-for-uninitialized-structs.patch b/backport-Fix-a-couple-small-static-analysis-findings-for-uninitialized-structs.patch new file mode 100644 index 0000000..f082e31 --- /dev/null +++ b/backport-Fix-a-couple-small-static-analysis-findings-for-uninitialized-structs.patch @@ -0,0 +1,69 @@ +From 2c4ee52a948a9ccff2242cd02ac8ce81a0559deb Mon Sep 17 00:00:00 2001 +From: David Cantrell +Date: Tue, 26 Mar 2024 12:13:55 -0400 +Subject: [PATCH] Fix a couple small static analysis findings for uninitialized + structs + +The memset() on the KeyValue is more explicit even though if you trace +the code you will see it fills out the struct. However, it's possible +that not every struct member will be initialized and adding the +memset() makes things more obvious and appeases the static analyzer. + +Conflict:NA +Reference:https://github.com/openSUSE/libsolv/commit/2c4ee52a948a9ccff2242cd02ac8ce81a0559deb.patch + +--- + ext/repo_rpmmd.c | 2 ++ + ext/repo_susetags.c | 1 + + ext/testcase.c | 3 +++ + 3 files changed, 6 insertions(+) + +diff --git a/ext/repo_rpmmd.c b/ext/repo_rpmmd.c +index 1232e43..5d0f5fe 100644 +--- a/ext/repo_rpmmd.c ++++ b/ext/repo_rpmmd.c +@@ -609,6 +609,8 @@ fill_cshash_from_new_solvables(struct parsedata *pd) + KeyValue kv; + Repokey *key; + ++ memset(&kv, 0, sizeof(kv)); ++ + for (i = pd->first; i < pool->nsolvables; i++) + { + if (pool->solvables[i].repo != pd->repo) +diff --git a/ext/repo_susetags.c b/ext/repo_susetags.c +index dc60aa4..86bb1e9 100644 +--- a/ext/repo_susetags.c ++++ b/ext/repo_susetags.c +@@ -339,6 +339,7 @@ lookup_shared_id(Repodata *data, Id p, Id keyname, Id voidid, int uninternalized + if (uninternalized) + { + KeyValue kv; ++ memset(&kv, 0, sizeof(kv)); + Repokey *key = repodata_lookup_kv_uninternalized(data, p, keyname, &kv); + if (!key) + return 0; +diff --git a/ext/testcase.c b/ext/testcase.c +index f46f738..3e22546 100644 +--- a/ext/testcase.c ++++ b/ext/testcase.c +@@ -1440,6 +1440,7 @@ testcase_solverresult(Solver *solv, int resultflags) + { + Queue q; + ++ + queue_init(&q); + solver_get_orphaned(solv, &q); + for (i = 0; i < q.count; i++) +@@ -1497,6 +1498,8 @@ testcase_solverresult(Solver *solv, int resultflags) + if ((resultflags & TESTCASE_RESULT_USERINSTALLED) != 0) + { + Queue q; ++ ++ queue_init(&q); + solver_get_userinstalled(solv, &q, 0); + for (i = 0; i < q.count; i++) + { +-- +2.9.3.windows.1 + diff --git a/libsolv.spec b/libsolv.spec index ed045af..a409e23 100644 --- a/libsolv.spec +++ b/libsolv.spec @@ -15,7 +15,7 @@ Name: libsolv Version: 0.7.24 -Release: 1 +Release: 2 Summary: Package dependency solver License: BSD URL: https://github.com/openSUSE/libsolv @@ -24,6 +24,7 @@ Source: https://github.com/openSUSE/libsolv/archive/refs/tags/%{v Patch6001: backport-Treat-condition-both-as-positive-and-negative-literal-in-pool_add_pos_literals_complex_dep.patch Patch6002: backport-Add-testcase-for-last-commit.patch Patch6003: backport-choice-rules-also-do-solver_choicerulecheck-for-package-downgrades.patch +Patch6004: backport-Fix-a-couple-small-static-analysis-findings-for-uninitialized-structs.patch BuildRequires: cmake gcc-c++ ninja-build pkgconfig(rpm) zlib-devel BuildRequires: libxml2-devel xz-devel bzip2-devel @@ -217,6 +218,9 @@ Python 3 version. %{_mandir}/man3/%{name}*.3* %changelog +* Tue Jun 18 2024 guojunding - 0.7.24-2 +- Fix a couple small static analysis findings for uninitialized structs + * Sun Feb 4 2024 hanhuihui - 0.7.24-1 - DESC:update libsolv to 0.7.24-1