From cd037c90cbeb11198b1f3b1a37c27218fbd065a1 Mon Sep 17 00:00:00 2001
From: christos <christos@NetBSD.org>
Date: Thu, 4 May 2006 15:39:34 +0000
Subject: [PATCH] Coverity fixes upstream from Mark D. Baushke

---
 gnu/dist/xcvs/src/ChangeLog  | 19 +++++++++++++++++
 gnu/dist/xcvs/src/buffer.c   |  7 +++++-
 gnu/dist/xcvs/src/commit.c   |  3 ++-
 gnu/dist/xcvs/src/filesubr.c | 23 ++++++++++++++++----
 gnu/dist/xcvs/src/import.c   |  3 ++-
 gnu/dist/xcvs/src/login.c    |  3 ++-
 gnu/dist/xcvs/src/logmsg.c   |  5 +++--
 gnu/dist/xcvs/src/patch.c    | 41 ++++++++++++++++++++++++------------
 gnu/dist/xcvs/src/server.c   | 10 +++++----
 9 files changed, 87 insertions(+), 27 deletions(-)

diff --git a/gnu/dist/xcvs/src/ChangeLog b/gnu/dist/xcvs/src/ChangeLog
index 3462a1a30d5d..7d082e9d4863 100644
--- a/gnu/dist/xcvs/src/ChangeLog
+++ b/gnu/dist/xcvs/src/ChangeLog
@@ -1,3 +1,22 @@
+2006-05-04  Mark D. Baushke  <mdb@gnu.org>
+
+ 	* filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d
+ 	storage laying around.
+ 	* commit.c (commit): Handle possible NULL filename values
+ 	returned from cvs_temp_file().
+ 	* filesubr.c (cvs_temp_name): Ditto.
+ 	* import.c (import): Ditto.
+ 	* login.c (password_entry_operation): Ditto.
+ 	* logmsg.c (do_verify): Ditto.
+ 	* patch.c (patch_fileproc): Ditto.
+ 	[Fixes NetBSD coverity cid-2545.]
+
+ 	* buffer.c (packetizing_buffer_output): Initialize outdata.
+ 	[Fixes NetBSD coverity cid-2474.]
+
+	* server.c (server_updated): Fix NetBSD coverity cid-1352
+	NetBSD-sparc64 of 2006-May-02 03:02:46.
+
 2005-09-26  Conrad T. Pino  <Conrad@Pino.com>
 
 	* rcs.c: Use "#ifdef HAVE_FSYNC" just like every where else.
diff --git a/gnu/dist/xcvs/src/buffer.c b/gnu/dist/xcvs/src/buffer.c
index 98d2d5624079..94993a274073 100644
--- a/gnu/dist/xcvs/src/buffer.c
+++ b/gnu/dist/xcvs/src/buffer.c
@@ -1845,7 +1845,7 @@ packetizing_buffer_output (closure, data, have, wrote)
     struct packetizing_buffer *pb = (struct packetizing_buffer *) closure;
     char inbuf[BUFFER_DATA_SIZE + 2];
     char stack_outbuf[BUFFER_DATA_SIZE + PACKET_SLOP + 4];
-    struct buffer_data *outdata;
+    struct buffer_data *outdata = NULL;
     char *outbuf;
     int size, status, translated;
 
@@ -1900,6 +1900,11 @@ packetizing_buffer_output (closure, data, have, wrote)
 	buf_output (pb->buf, outbuf, translated + 2);
     else
     {
+	/* if ((have + PACKET_SLOP + 4) > BUFFER_DATA_SIZE), then
+	   outdata may be NULL. */
+	if (outdata == NULL)
+	    abort ();
+
 	outdata->size = translated + 2;
 	buf_append_data (pb->buf, outdata, outdata);
     }
diff --git a/gnu/dist/xcvs/src/commit.c b/gnu/dist/xcvs/src/commit.c
index d57e23c75cb8..1b6aa6ffe8ef 100644
--- a/gnu/dist/xcvs/src/commit.c
+++ b/gnu/dist/xcvs/src/commit.c
@@ -642,7 +642,8 @@ commit (argc, argv)
 
 	    fp = cvs_temp_file (&fname);
 	    if (fp == NULL)
-		error (1, 0, "cannot create temporary file %s", fname);
+		error (1, 0, "cannot create temporary file %s",
+		       fname ? fname : "(null)");
 	    if (fwrite (saved_message, 1, strlen (saved_message), fp)
 		!= strlen (saved_message))
 		error (1, errno, "cannot write temporary file %s", fname);
diff --git a/gnu/dist/xcvs/src/filesubr.c b/gnu/dist/xcvs/src/filesubr.c
index c0f29957222c..99c7d2d46cc0 100644
--- a/gnu/dist/xcvs/src/filesubr.c
+++ b/gnu/dist/xcvs/src/filesubr.c
@@ -733,7 +733,8 @@ cvs_temp_name ()
 
     fp = cvs_temp_file (&fn);
     if (fp == NULL)
-	error (1, errno, "Failed to create temporary file");
+	error (1, errno, "Failed to create temporary file %s",
+	       fn ? fn : "(null)");
     if (fclose (fp) == EOF)
 	error (0, errno, "Failed to close temporary file %s", fn);
     return fn;
@@ -770,7 +771,8 @@ cvs_temp_name ()
  * NFS locking thing, but until I hear of more problems, I'm not going to
  * bother.
  */
-FILE *cvs_temp_file (filename)
+FILE *
+cvs_temp_file (filename)
     char **filename;
 {
     char *fn;
@@ -809,7 +811,11 @@ FILE *cvs_temp_file (filename)
 	errno = save_errno;
     }
 
-    if (fp == NULL) free (fn);
+    if (fp == NULL)
+    {
+	free (fn);
+	fn = NULL;
+    }
     /* mkstemp is defined to open mode 0600 using glibc 2.0.7+ */
     /* FIXME - configure can probably tell us which version of glibc we are
      * linking to and not chmod for 2.0.7+
@@ -824,7 +830,11 @@ FILE *cvs_temp_file (filename)
 
     fn = tempnam (Tmpdir, "cvs");
     if (fn == NULL) fp = NULL;
-    else if ((fp = CVS_FOPEN (fn, "w+")) == NULL) free (fn);
+    else if ((fp = CVS_FOPEN (fn, "w+")) == NULL)
+    {
+	free (fn);
+	fn = NULL;
+    }
     else chmod (fn, 0600);
 
     /* tempnam returns a pointer to a newly malloc'd string, so there's
@@ -874,6 +884,11 @@ FILE *cvs_temp_file (filename)
 #endif
 
     *filename = fn;
+    if (fn == NULL && fp != NULL)
+    {
+	fclose (fp);
+	fp = NULL;
+    }
     return fp;
 }
 
diff --git a/gnu/dist/xcvs/src/import.c b/gnu/dist/xcvs/src/import.c
index 772e1dc1c74c..ea65677a16b0 100644
--- a/gnu/dist/xcvs/src/import.c
+++ b/gnu/dist/xcvs/src/import.c
@@ -317,7 +317,8 @@ import (argc, argv)
 
     /* Create the logfile that will be logged upon completion */
     if ((logfp = cvs_temp_file (&tmpfile)) == NULL)
-	error (1, errno, "cannot create temporary file `%s'", tmpfile);
+	error (1, errno, "cannot create temporary file `%s'",
+	       tmpfile ? tmpfile : "(null)");
     /* On systems where we can unlink an open file, do so, so it will go
        away no matter how we exit.  FIXME-maybe: Should be checking for
        errors but I'm not sure which error(s) we get if we are on a system
diff --git a/gnu/dist/xcvs/src/login.c b/gnu/dist/xcvs/src/login.c
index 1c9ce553632f..fe95544a0342 100644
--- a/gnu/dist/xcvs/src/login.c
+++ b/gnu/dist/xcvs/src/login.c
@@ -387,7 +387,8 @@ process:
 
 	/* create and open a temp file */
 	if ((tmp_fp = cvs_temp_file (&tmp_name)) == NULL)
-	    error (1, errno, "unable to open temp file %s", tmp_name);
+	    error (1, errno, "unable to open temp file %s",
+		   tmp_name ? tmp_name : "(null)");
 
 	line = 0;
 	while ((line_length = getline (&linebuf, &linebuf_len, fp)) >= 0)
diff --git a/gnu/dist/xcvs/src/logmsg.c b/gnu/dist/xcvs/src/logmsg.c
index f8eae4cb59eb..7afd2e15e345 100644
--- a/gnu/dist/xcvs/src/logmsg.c
+++ b/gnu/dist/xcvs/src/logmsg.c
@@ -441,7 +441,8 @@ do_verify (messagep, repository)
        temp file, and close the file.  */
 
     if ((fp = cvs_temp_file (&fname)) == NULL)
-	error (1, errno, "cannot create temporary file %s", fname);
+	error (1, errno, "cannot create temporary file %s",
+	       fname ? fname : "(null)");
 
     if (*messagep != NULL)
 	fputs (*messagep, fp);
@@ -547,7 +548,7 @@ do_verify (messagep, repository)
     if (unlink_file (fname) < 0)
 	error (0, errno, "cannot remove %s", fname);
     free (fname);
-    free( verifymsg_script );
+    free (verifymsg_script);
     verifymsg_script = NULL;
 }
 
diff --git a/gnu/dist/xcvs/src/patch.c b/gnu/dist/xcvs/src/patch.c
index cd6e7ec07321..15848b1bc19e 100644
--- a/gnu/dist/xcvs/src/patch.c
+++ b/gnu/dist/xcvs/src/patch.c
@@ -518,7 +518,8 @@ patch_fileproc (callerdat, finfo)
      */
     if ((fp1 = cvs_temp_file (&tmpfile1)) == NULL)
     {
-	error (0, errno, "cannot create temporary file %s", tmpfile1);
+	error (0, errno, "cannot create temporary file %s",
+	       tmpfile1 ? tmpfile1 : "(null)");
 	ret = 1;
 	goto out;
     }
@@ -527,7 +528,8 @@ patch_fileproc (callerdat, finfo)
 	    error (0, errno, "warning: cannot close %s", tmpfile1);
     if ((fp2 = cvs_temp_file (&tmpfile2)) == NULL)
     {
-	error (0, errno, "cannot create temporary file %s", tmpfile2);
+	error (0, errno, "cannot create temporary file %s",
+	       tmpfile2 ? tmpfile2 : "(null)");
 	ret = 1;
 	goto out;
     }
@@ -536,7 +538,8 @@ patch_fileproc (callerdat, finfo)
 	    error (0, errno, "warning: cannot close %s", tmpfile2);
     if ((fp3 = cvs_temp_file (&tmpfile3)) == NULL)
     {
-	error (0, errno, "cannot create temporary file %s", tmpfile3);
+	error (0, errno, "cannot create temporary file %s",
+	       tmpfile3 ? tmpfile3 : "(null)");
 	ret = 1;
 	goto out;
     }
@@ -752,16 +755,28 @@ failed to read diff file header %s for %s: end of file", tmpfile3, rcs);
         free (line1);
     if (line2)
         free (line2);
-    if (CVS_UNLINK (tmpfile1) < 0)
-	error (0, errno, "cannot unlink %s", tmpfile1);
-    if (CVS_UNLINK (tmpfile2) < 0)
-	error (0, errno, "cannot unlink %s", tmpfile2);
-    if (CVS_UNLINK (tmpfile3) < 0)
-	error (0, errno, "cannot unlink %s", tmpfile3);
-    free (tmpfile1);
-    free (tmpfile2);
-    free (tmpfile3);
-    tmpfile1 = tmpfile2 = tmpfile3 = NULL;
+    if (tmpfile1 != NULL)
+    {
+	if (CVS_UNLINK (tmpfile1) < 0)
+	    error (0, errno, "cannot unlink %s", tmpfile1);
+	free (tmpfile1);
+	tmpfile1 = NULL;
+    }
+    if (tmpfile2 != NULL)
+    {
+	if (CVS_UNLINK (tmpfile2) < 0)
+	    error (0, errno, "cannot unlink %s", tmpfile2);
+	free (tmpfile2);
+	tmpfile2 = NULL;
+    }
+    if (tmpfile3 != NULL)
+    {
+	if (CVS_UNLINK (tmpfile3) < 0)
+	    error (0, errno, "cannot unlink %s", tmpfile3);
+	free (tmpfile3);
+	tmpfile3 = NULL;
+    }
+
     if (dargc)
     {
 	run_arg_free_p (dargc, dargv);
diff --git a/gnu/dist/xcvs/src/server.c b/gnu/dist/xcvs/src/server.c
index 8834bcfa6851..65b77a14e0a1 100644
--- a/gnu/dist/xcvs/src/server.c
+++ b/gnu/dist/xcvs/src/server.c
@@ -4218,7 +4218,6 @@ CVS server internal error: no mode in server_updated");
 	if (updated == SERVER_UPDATED)
 	{
 	    Node *node;
-	    Entnode *entnode;
 
 	    if (!(supported_response ("Created")
 		  && supported_response ("Update-existing")))
@@ -4236,9 +4235,12 @@ CVS server internal error: no mode in server_updated");
 	       in case we end up processing it again (e.g. modules3-6
 	       in the testsuite).  */
 	    node = findnode_fn (finfo->entries, finfo->file);
-	    entnode = node->data;
-	    free (entnode->timestamp);
-	    entnode->timestamp = xstrdup ("=");
+	    if (node != NULL)
+	    {
+		Entnode *entnode = node->data;
+		free (entnode->timestamp);
+		entnode->timestamp = xstrdup ("=");
+	    }
 	}
 	else if (updated == SERVER_MERGED)
 	    buf_output0 (protocol, "Merged ");