Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package netcdf for openSUSE:Factory checked in at 2021-10-26 20:13:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/netcdf (Old) and /work/SRC/openSUSE:Factory/.netcdf.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netcdf" Tue Oct 26 20:13:42 2021 rev:63 rq:927360 version:4.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/netcdf/netcdf.changes 2021-07-08 22:49:17.636063933 +0200 +++ /work/SRC/openSUSE:Factory/.netcdf.new.1890/netcdf.changes 2021-10-26 20:14:21.562030903 +0200 @@ -1,0 +2,64 @@ +Mon Oct 25 14:09:10 UTC 2021 - Egbert Eich <e...@suse.com> + +- Fix: + * CVE-2019-20007 https://sourceforge.net/p/ezxml/bugs/13 + * CVE-2019-20006 https://sourceforge.net/p/ezxml/bugs/15 + * CVE-2019-20201 https://sourceforge.net/p/ezxml/bugs/16 + * CVE-2019-20202 https://sourceforge.net/p/ezxml/bugs/17 + * CVE-2019-20199 https://sourceforge.net/p/ezxml/bugs/18 + * CVE-2019-20200 https://sourceforge.net/p/ezxml/bugs/19 + * CVE-2019-20198 https://sourceforge.net/p/ezxml/bugs/20 + * CVE-2021-26221 https://sourceforge.net/p/ezxml/bugs/21 + * CVE-2021-26222 https://sourceforge.net/p/ezxml/bugs/22 + * CVE-2021-30485 https://sourceforge.net/p/ezxml/bugs/25 + * CVE-2021-31229 https://sourceforge.net/p/ezxml/bugs/26 + * CVE-2021-31347 & + * CVE-2021-31348 https://sourceforge.net/p/ezxml/bugs/27 + * CVE-2021-31598 https://sourceforge.net/p/ezxml/bugs/28 + (bsc#1191856) + Note: + * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 + not relevant for netcdf: code isn't used. + * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 + Issue cannot be reproduced and no patch is available upstream. + Added: + * Fix-CVE-2021-30485-bug-25.patch + * Fix-CVE-2021-31229-bug-26-CVE-2019-20201-bug-16-CVE-2019-20198-bug-20.patch + * Fix-CVE-2021-31347-bug-27.patch + * Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-31598-ezxml-bug-15-17-28.patch + * Fix-for-CVE-2019-20007-ezxml-bug-13.patch + * Fix-for-CVE-2019-20199-ezxml-bug-18.patch + * Fix-for-CVE-2019-20200-ezxml-bug-19.patch + * Fix-for-CVE-2021-26221-ezxml-bug-21.patch + * Fix-for-CVE-2021-26222-ezxml-bug-22.patch + +------------------------------------------------------------------- +Thu Oct 21 17:32:47 UTC 2021 - Egbert Eich <e...@suse.com> + +- Add Patches: + These should allow us to reenable strict aliasing. + * swap-4-8-b-Satisfy-strict-aliasing-rules.patch + * Fix-type-punning-in-val_NC_check_voff-by-using-memcpy-instead-of-assignment.patch + * Fix-type-punning-in-xxdrntohdouble-by-using-memcpy-instead-of-assignment.patch + * NCD4_dumpbytes-use-correct-swapline-for-object-size.patch + * d4util.h-make-swapinlineXX-more-robust-against-type-punning.patch + * parseServers-Fix-uninitialized-variable-simplify-error-path.patch + * bin_reclaim_compound-Fixed-uninitialized-variable.patch + * val_NC_check_voff-Fix-uninitialized-variable-warning.patch + * pr_att-Fix-uninitialized-variable.patch + * NCD4_dumpbytes-Add-missing-initialization-of-float-types.patch + * NCZ_def_var_chunking-make-sure-cs-is-set-before-used.patch + * Fix-spurious-uninitialized-variable-warning.patch + +------------------------------------------------------------------- +Sun Aug 8 22:01:06 UTC 2021 - Egbert Eich <e...@suse.com> + +- Removed generation of libsrc/ncx.c: + This was an issue with an older version and has been fixed since. + With this, no longer requiring m4 explicitly. +- Valgrind is used for validation tests only, these have not been + performed. When they were added some of them failed. This requires + further investigations. For now, valgrind testing has been made + optional. + +------------------------------------------------------------------- New: ---- Fix-CVE-2021-30485-bug-25.patch Fix-CVE-2021-31229-bug-26-CVE-2019-20201-bug-16-CVE-2019-20198-bug-20.patch Fix-CVE-2021-31347-bug-27.patch Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-31598-ezxml-bug-15-17-28.patch Fix-for-CVE-2019-20007-ezxml-bug-13.patch Fix-for-CVE-2019-20199-ezxml-bug-18.patch Fix-for-CVE-2019-20200-ezxml-bug-19.patch Fix-for-CVE-2021-26221-ezxml-bug-21.patch Fix-for-CVE-2021-26222-ezxml-bug-22.patch Fix-spurious-uninitialized-variable-warning.patch Fix-type-punning-in-val_NC_check_voff-by-using-memcpy-instead-of-assignment.patch Fix-type-punning-in-xxdrntohdouble-by-using-memcpy-instead-of-assignment.patch NCD4_dumpbytes-Add-missing-initialization-of-float-types.patch NCD4_dumpbytes-use-correct-swapline-for-object-size.patch NCZ_def_var_chunking-make-sure-cs-is-set-before-used.patch bin_reclaim_compound-Fixed-uninitialized-variable.patch d4util.h-make-swapinlineXX-more-robust-against-type-punning.patch parseServers-Fix-uninitialized-variable-simplify-error-path.patch pr_att-Fix-uninitialized-variable.patch swap-4-8-b-Satisfy-strict-aliasing-rules.patch val_NC_check_voff-Fix-uninitialized-variable-warning.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ netcdf.spec ++++++ --- /var/tmp/diff_new_pack.XJMzOP/_old 2021-10-26 20:14:22.558031428 +0200 +++ /var/tmp/diff_new_pack.XJMzOP/_new 2021-10-26 20:14:22.562031431 +0200 @@ -37,6 +37,8 @@ %endif %endif +%bcond_with valgrind_checks + %if "%flavor" == "" %define package_name %{pname} ExclusiveArch: do_not_build @@ -460,6 +462,14 @@ %define purpose() This package contains %{?with_mpi:the %{mpi_flavor}%{?mpi_ver} version of }%{**}%{purpose_compiler} +%if %{with valgrind_checks} +%ifnarch %ix86 x86_64 ppc ppc64 s390x armv7l aarch64 +%{error: Vagrind not support on this platform!} +%else +%define valgrind_checks 1 +%endif +%endif + Name: %{package_name} Summary: Command-line programs for the NetCDF scientific data format License: NetCDF @@ -469,15 +479,39 @@ URL: https://www.unidata.ucar.edu/software/netcdf/ Source: ftp://ftp.unidata.ucar.edu/pub/%{pname}/%{pname}-c-%{version}.tar.gz Source1: nc-config.1.gz +Patch1: swap-4-8-b-Satisfy-strict-aliasing-rules.patch +Patch2: Fix-type-punning-in-val_NC_check_voff-by-using-memcpy-instead-of-assignment.patch +Patch3: Fix-type-punning-in-xxdrntohdouble-by-using-memcpy-instead-of-assignment.patch +Patch4: NCD4_dumpbytes-use-correct-swapline-for-object-size.patch +Patch5: d4util.h-make-swapinlineXX-more-robust-against-type-punning.patch +Patch6: parseServers-Fix-uninitialized-variable-simplify-error-path.patch +Patch7: bin_reclaim_compound-Fixed-uninitialized-variable.patch +Patch8: val_NC_check_voff-Fix-uninitialized-variable-warning.patch +Patch9: pr_att-Fix-uninitialized-variable.patch +Patch10: NCD4_dumpbytes-Add-missing-initialization-of-float-types.patch +Patch11: NCZ_def_var_chunking-make-sure-cs-is-set-before-used.patch +Patch12: Fix-spurious-uninitialized-variable-warning.patch +Patch13: Fix-for-CVE-2019-20200-ezxml-bug-19.patch +Patch14: Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-31598-ezxml-bug-15-17-28.patch +Patch15: Fix-for-CVE-2019-20199-ezxml-bug-18.patch +Patch16: Fix-for-CVE-2019-20007-ezxml-bug-13.patch +Patch17: Fix-for-CVE-2021-26221-ezxml-bug-21.patch +Patch18: Fix-for-CVE-2021-26222-ezxml-bug-22.patch +Patch19: Fix-CVE-2021-30485-bug-25.patch +Patch20: Fix-CVE-2021-31229-bug-26-CVE-2019-20201-bug-16-CVE-2019-20198-bug-20.patch +Patch21: Fix-CVE-2021-31347-bug-27.patch + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: doxygen BuildRequires: gawk +BuildRequires: libcurl-devel >= 7.18.0 BuildRequires: libtool -BuildRequires: m4 BuildRequires: pkg-config BuildRequires: zlib-devel >= 1.2.5 -%ifarch %ix86 x86_64 ppc ppc64 s390x armv7l aarch64 +%if 0%{?valgrind_checks} BuildRequires: valgrind %endif -BuildRequires: libcurl-devel >= 7.18.0 %if %{without hpc} BuildRequires: gcc-c++ BuildRequires: gcc-fortran @@ -620,7 +654,6 @@ %{?with_hpc:%hpc_debug} %setup -q -n %{pname}-c-%{version} %autopatch -p1 -m4 libsrc/ncx.m4 > libsrc/ncx.c # Create baselib.conf dynamically (non-HPC build only). %if %{without hpc} @@ -645,9 +678,6 @@ export CXX=%{!?with_hpc:/usr/%_lib/mpi/gcc/%{mpi_flavor}%{?mpi_ext}/bin/}mpic++ %endif autoreconf -fv -%if %{gcc_version} >= 11 -%global optflags %optflags -fno-strict-aliasing -%endif export CFLAGS="%{optflags} %{?with_hpc:-L$HDF5_LIB -I$HDF5_INC}" export CXXFLAGS="%{optflags} %{?with_hpc:-L$HDF5_LIB -I$HDF5_INC}" export FCFLAGS="%{optflags} %{?with_hpc:-L$HDF5_LIB -I$HDF5_INC}" @@ -794,6 +824,9 @@ %else make check %endif +%if 0%{?valgrind_checks} + make check-valgrind +%endif %endif %if %{with hpc} || %{with mpi} ++++++ Fix-CVE-2021-30485-bug-25.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:49:58 2021 +0200 Subject: Fix CVE-2021-30485 / bug 25 Patch-mainline: Not yet Git-commit: 01fccb947ea2704913a97b0436c9fec7b26392e6 References: This fixes https://sourceforge.net/p/ezxml/bugs/25/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index e842962..b11c88a 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -366,7 +366,7 @@ short ezxml_internal_dtd(ezxml_root_t root, char *s, size_t len) if (! *t) { ezxml_err(root, t, "unclosed <!ATTLIST"); break; } if (*(s = t + strcspn(t, EZXML_WS ">")) == '>') continue; else *s = '\0'; /* null terminate tag name*/ - for (i = 0; root->attr[i] && strcmp(n, root->attr[i][0]); i++); + for (i = 0; n && root->attr[i] && strcmp(n, root->attr[i][0]); i++); for(;;) { s++; ++++++ Fix-CVE-2021-31229-bug-26-CVE-2019-20201-bug-16-CVE-2019-20198-bug-20.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:52:52 2021 +0200 Subject: Fix CVE-2021-31229 bug 26, CVE-2019-20201 bug 16, CVE-2019-20198 bug 20 Patch-mainline: Not yet Git-commit: 9b1b7867f337d4256fbc7b5d2bb5bed0889cbe7c References: This Fixes https://sourceforge.net/p/ezxml/bugs/26/ https://sourceforge.net/p/ezxml/bugs/16/ https://sourceforge.net/p/ezxml/bugs/20/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index b11c88a..225bcd8 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -327,6 +327,7 @@ short ezxml_internal_dtd(ezxml_root_t root, char *s, size_t len) { char q, *c, *t, *n = NULL, *v, **ent, **pe; int i, j; + size_t n_len, n_off; pe = memcpy(malloc(sizeof(EZXML_NIL)), EZXML_NIL, sizeof(EZXML_NIL)); @@ -337,7 +338,13 @@ short ezxml_internal_dtd(ezxml_root_t root, char *s, size_t len) else if (! strncmp(s, "<!ENTITY", 8)) { /* parse entity definitions*/ c = s += strspn(s + 8, EZXML_WS) + 8; /* skip white space separator*/ n = s + strspn(s, EZXML_WS "%"); /* find name*/ - *(s = n + strcspn(n, EZXML_WS)) = ';'; /* append ; to name*/ + n_len = strlen(n); + n_off = strcspn(n, EZXML_WS); + if(n_off >= n_len) { + ezxml_err(root, NULL, "write past buffer (<!ENTITY)"); + break; + } + *(s = n + n_off) = ';'; // append ; to name v = s + strspn(s + 1, EZXML_WS) + 1; /* find value*/ if ((q = *(v++)) != '"' && q != '\'') { /* skip externals*/ ++++++ Fix-CVE-2021-31347-bug-27.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:53:58 2021 +0200 Subject: Fix CVE-2021-31347 / bug 27 Patch-mainline: Not yet Git-commit: 095715f1863b32994f824852c8e3e56c152a69d8 References: This fixes https://sourceforge.net/p/ezxml/bugs/27/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index 225bcd8..791a3ab 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -588,7 +588,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len) for (l = 0; *s && ((! l && *s != '>') || (l && (*s != ']' || *(s + strspn(s + 1, EZXML_WS) + 1) != '>'))); l = (*s == '[') ? 1 : l) s += strcspn(s + 1, "[]>") + 1; - if (! *s && e != '>') + if (! *s) return ezxml_err(root, d, "unclosed <!DOCTYPE"); d = (l) ? strchr(d, '[') + 1 : d; if (l && ! ezxml_internal_dtd(root, d, s++ - d)) return &root->xml; ++++++ Fix-for-CVE-2019-20006-CVE-2019-20202-CVE-2021-31598-ezxml-bug-15-17-28.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:39:41 2021 +0200 Subject: Fix for CVE-2019-20006/CVE-2019-20202/CVE-2021-31598 ezxml bug 15/17/28 Patch-mainline: Not yet Git-commit: b43b4310b0fc0c02d9b0aa8b0dba1aeb6aeecc55 References: For UTF-8 the multi-byte sequences should use at most 36 bits UTF-8 standard uses 21 bits or 4 bytes). This fixes: https://sourceforge.net/p/ezxml/bugs/15/ https://sourceforge.net/p/ezxml/bugs/17/ https://sourceforge.net/p/ezxml/bugs/28/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index 01ac012..8a57cfa 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -182,6 +182,8 @@ char *ezxml_decode(char *s, char **ent, char t) if (c < 0x80) *(s++) = c; /* US-ASCII subset*/ else { /* multi-byte UTF-8 sequence*/ for (b = 0, d = c; d; d /= 2) b++; /* number of bits in c*/ + // UTF-8 can ecode max 36 bits (standard says 21) - noop on 32 bit. + if (b > 36) { s++; continue; } // bug#15 CVE-2019-20006 / bug#17 CVE-2019-20202 b = (b - 2) / 5; /* number of bytes in payload*/ *(s++) = (0xFF << (7 - b)) | (c >> (6 * b)); /* head*/ while (b) *(s++) = 0x80 | ((c >> (6 * --b)) & 0x3F); /* payload*/ ++++++ Fix-for-CVE-2019-20007-ezxml-bug-13.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:44:01 2021 +0200 Subject: Fix for CVE-2019-20007 / ezxml bug 13 Patch-mainline: Not yet Git-commit: 42372bd1a026bcfdcda2f3c45d724151fd9e1379 References: Make sure that ezxml_str2utf8() has succeeded. This fixes https://sourceforge.net/p/ezxml/bugs/13/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 1 + 1 file changed, 1 insertion(+) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index d60d4a3..144fa2d 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -485,6 +485,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len) root->m = s; if (! len) return ezxml_err(root, NULL, "root tag missing"); root->u = ezxml_str2utf8(&s, &len); /* convert utf-16 to utf-8*/ + if (! s) return ezxml_err(root, NULL, "invalid root tag"); // bug#13 / CVE-2019-20007 root->e = (root->s = s) + len; /* record start and end of work area*/ e = s[len - 1]; /* save end char*/ ++++++ Fix-for-CVE-2019-20199-ezxml-bug-18.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:41:34 2021 +0200 Subject: Fix for CVE-2019-20199 / ezxml bug 18 Patch-mainline: Not yet Git-commit: f9eadbe3f5825d5389731bdc8f6decf3d07152bd References: Make sure end token ';' has really been found. This fixes https://sourceforge.net/p/ezxml/bugs/18/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index 8a57cfa..d60d4a3 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -198,9 +198,11 @@ char *ezxml_decode(char *s, char **ent, char t) if (ent[b++]) { /* found a match*/ if ((c = strlen(ent[b])) - 1 > (e = strchr(s, ';')) - s) { - l = (d = (s - r)) + c + strlen(e); /* new length*/ + if (!e) { s++; continue; } // bug#18 / CVE-2019-20199 + l = (d = (s - r)) + c + strlen(e); /* new length*/ r = (r == m) ? strcpy(malloc(l), r) : realloc(r, l); e = strchr((s = r + d), ';'); /* fix up pointers*/ + if (!e) { s++; continue; } // bug#18 } memmove(s + c, e + 1, strlen(e)); /* shift rest of string*/ ++++++ Fix-for-CVE-2019-20200-ezxml-bug-19.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:38:22 2021 +0200 Subject: Fix for CVE-2019-20200 / ezxml bug 19 Patch-mainline: Not yet Git-commit: 32a3f6119de4c954ee9c967f47cbc27fef4f487f References: Make sure to not read past end of string after deleting '\r'. This fixes https://sourceforge.net/p/ezxml/bugs/19/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 1 + 1 file changed, 1 insertion(+) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index fff5bd2..01ac012 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -167,6 +167,7 @@ char *ezxml_decode(char *s, char **ent, char t) *(s++) = '\n'; if (*s == '\n') memmove(s, (s + 1), strlen(s)); } + if (!*s) break; // bug#19 / CVE-2019-20200 } for (s = r; ; ) { ++++++ Fix-for-CVE-2021-26221-ezxml-bug-21.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:44:54 2021 +0200 Subject: Fix for CVE-2021-26221 / ezxml bug 21 Make sure malloc() succeeds. This fixes https://sourceforge.net/p/ezxml/bugs/21/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index 144fa2d..6c535ff 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -482,6 +482,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len) char q, e, *d, **attr, **a = NULL; /* initialize a to avoid compile warning*/ int l, i, j; + if (!root) return NULL; // bug#21 / CVE-2021-26221 root->m = s; if (! len) return ezxml_err(root, NULL, "root tag missing"); root->u = ezxml_str2utf8(&s, &len); /* convert utf-16 to utf-8*/ @@ -803,8 +804,9 @@ ezxml_t ezxml_new(const char *name) { static const char *entities[] = { "lt;", "<", "gt;", ">", "quot;", """, "apos;", "'", "amp;", "&", NULL }; - ezxml_root_t root = (ezxml_root_t)memset(malloc(sizeof(struct ezxml_root)), - '\0', sizeof(struct ezxml_root)); + ezxml_root_t root; + if (!(root = malloc(sizeof(struct ezxml_root)))) return NULL; // bug#21 + root = (ezxml_root_t)memset(root, '\0', sizeof(struct ezxml_root)); root->xml.name = (char *)name; root->cur = &root->xml; strcpy(root->err, root->xml.txt = ""); ++++++ Fix-for-CVE-2021-26222-ezxml-bug-22.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Oct 25 15:48:44 2021 +0200 Subject: Fix for CVE-2021-26222 / ezxml bug 22 Make sure malloc() succeeds. This fixes https://sourceforge.net/p/ezxml/bugs/22/ Signed-off-by: Egbert Eich <e...@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index 6c535ff..1258b67 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -805,12 +805,14 @@ ezxml_t ezxml_new(const char *name) static const char *entities[] = { "lt;", "<", "gt;", ">", "quot;", """, "apos;", "'", "amp;", "&", NULL }; ezxml_root_t root; + char **p_ent; if (!(root = malloc(sizeof(struct ezxml_root)))) return NULL; // bug#21 root = (ezxml_root_t)memset(root, '\0', sizeof(struct ezxml_root)); root->xml.name = (char *)name; + if (!(p_ent = malloc(sizeof(entities)))) { free(root); return NULL; }; // bug#22 CVE-2021-26222 root->cur = &root->xml; strcpy(root->err, root->xml.txt = ""); - root->ent = memcpy(malloc(sizeof(entities)), entities, sizeof(entities)); + root->ent = memcpy(p_ent, entities, sizeof(entities)); root->attr = root->pi = (char ***)(root->xml.attr = (char**)EZXML_NIL); return &root->xml; } ++++++ Fix-spurious-uninitialized-variable-warning.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 15:05:08 2021 +0200 Subject: Fix spurious uninitialized variable warning Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 7b4bb9bd0f882e658e4a3e512dda73e90e6c8a18 References: These variables are not really uninitialized when used, however gcc isn't able to determine this. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- libdispatch/nctime.c | 6 +++--- libhdf5/hdf5internal.c | 2 +- libnczarr/zinternal.c | 2 +- libnczarr/zsync.c | 4 ++-- ncgen3/getfill.c | 10 +++++----- ncgen3/load.c | 10 +++++----- nczarr_test/ncdumpchunks.c | 2 +- oc2/ocdump.c | 4 ++-- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/libdispatch/nctime.c b/libdispatch/nctime.c index e265ba1f..256cea96 100644 --- a/libdispatch/nctime.c +++ b/libdispatch/nctime.c @@ -789,8 +789,8 @@ cdComp2Rel(cdCalenType timetype, cdCompTime comptime, char* relunits, double* re CdTime humantime; CdTimeType old_timetype; cdUnitTime unit; - double base_etm, etm, delta; - long ndel, hoursInYear; + double base_etm, etm, delta = 0.; /* GCC */ + long ndel = 0, hoursInYear; /* Parse the relunits */ if(cdParseRelunits(timetype, relunits, &unit, &base_comptime)) @@ -982,7 +982,7 @@ cdRel2Comp(cdCalenType timetype, char* relunits, double reltime, cdCompTime* com cdCompTime base_comptime; cdUnitTime unit, baseunits; double base_etm, result_etm; - double delta; + double delta = 0.; /* GCC */ long idelta; /* Parse the relunits */ diff --git a/libhdf5/hdf5internal.c b/libhdf5/hdf5internal.c index 7817bed6..dca5bc86 100644 --- a/libhdf5/hdf5internal.c +++ b/libhdf5/hdf5internal.c @@ -860,7 +860,7 @@ nc4_hdf5_find_grp_var_att(int ncid, int varid, const char *name, int attnum, NC_FILE_INFO_T *my_h5; NC_GRP_INFO_T *my_grp; NC_VAR_INFO_T *my_var = NULL; - NC_ATT_INFO_T *my_att; + NC_ATT_INFO_T *my_att = NULL; /* GCC */ char my_norm_name[NC_MAX_NAME + 1] = ""; NCindex *attlist = NULL; int retval; diff --git a/libnczarr/zinternal.c b/libnczarr/zinternal.c index 48673110..24279b8d 100644 --- a/libnczarr/zinternal.c +++ b/libnczarr/zinternal.c @@ -554,7 +554,7 @@ ncz_find_grp_var_att(int ncid, int varid, const char *name, int attnum, NC_FILE_INFO_T *my_h5; NC_GRP_INFO_T *my_grp; NC_VAR_INFO_T *my_var = NULL; - NC_ATT_INFO_T *my_att; + NC_ATT_INFO_T *my_att = NULL; /* GCC */ char my_norm_name[NC_MAX_NAME + 1] = ""; NCindex *attlist = NULL; int retval; diff --git a/libnczarr/zsync.c b/libnczarr/zsync.c index 97db6e0f..d310ffcc 100644 --- a/libnczarr/zsync.c +++ b/libnczarr/zsync.c @@ -289,10 +289,10 @@ ncz_sync_var(NC_FILE_INFO_T* file, NC_VAR_INFO_T* var) { /* Add the type name */ const char* dtypename; int endianness = var->type_info->endianness; - int islittle; + int islittle = 0; switch (endianness) { case NC_ENDIAN_LITTLE: islittle = 1; break; - case NC_ENDIAN_BIG: islittle = 0; break; + case NC_ENDIAN_BIG: break; case NC_ENDIAN_NATIVE: abort(); /* should never happen */ } int atomictype = var->type_info->hdr.id; diff --git a/ncgen3/getfill.c b/ncgen3/getfill.c index 91c6ae6f..defa0e2a 100644 --- a/ncgen3/getfill.c +++ b/ncgen3/getfill.c @@ -51,11 +51,11 @@ nc_fill( void *datp, /* where to start filling */ union generic fill_val) /* value to use */ { - char *char_valp; /* pointers used to accumulate data values */ - short *short_valp; - int *long_valp; - float *float_valp; - double *double_valp; + char *char_valp = NULL; /* GCC *//* pointers used to accumulate data values */ + short *short_valp = NULL; /* GCC */ + int *long_valp = NULL; /* GCC */ + float *float_valp = NULL; /* GCC */ + double *double_valp = NULL; /* GCC */ switch (type) { case NC_CHAR: diff --git a/ncgen3/load.c b/ncgen3/load.c index 98fa9fbe..13fd2d1c 100644 --- a/ncgen3/load.c +++ b/ncgen3/load.c @@ -499,11 +499,11 @@ load_netcdf( int stat = NC_NOERR; size_t start[NC_MAX_VAR_DIMS]; size_t count[NC_MAX_VAR_DIMS]; - char *charvalp; - short *shortvalp; - int *intvalp; - float *floatvalp; - double *doublevalp; + char *charvalp = NULL; /* GCC */ + short *shortvalp = NULL; /* GCC */ + int *intvalp = NULL; /* GCC */ + float *floatvalp = NULL; /* GCC */ + double *doublevalp = NULL; /* GCC */ /* load values into variable */ diff --git a/nczarr_test/ncdumpchunks.c b/nczarr_test/ncdumpchunks.c index a6fff5fb..71aed604 100755 --- a/nczarr_test/ncdumpchunks.c +++ b/nczarr_test/ncdumpchunks.c @@ -293,7 +293,7 @@ dump(Format* format) char sindices[64]; #ifdef H5 int i; - hid_t fileid, grpid, datasetid; + hid_t fileid = H5P_DEFAULT, grpid = H5P_DEFAULT, datasetid = H5P_DEFAULT; /* GCC */ hid_t dxpl_id = H5P_DEFAULT; /*data transfer property list */ unsigned int filter_mask = 0; hsize_t hoffset[NC_MAX_VAR_DIMS]; diff --git a/oc2/ocdump.c b/oc2/ocdump.c index fa2c32ae..5d67fcbd 100644 --- a/oc2/ocdump.c +++ b/oc2/ocdump.c @@ -467,8 +467,8 @@ ocreadfile(FILE* file, off_t datastart, char** memp, size_t* lenp) void ocdd(OCstate* state, OCnode* root, int xdrencoded, int level) { - char* mem; - size_t len; + char* mem = NULL; /* GCC */ + size_t len = 0; /* GCC */ if(root->tree->data.file != NULL) { if(!ocreadfile(root->tree->data.file, root->tree->data.bod, ++++++ Fix-type-punning-in-val_NC_check_voff-by-using-memcpy-instead-of-assignment.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Jul 12 09:58:28 2021 +0200 Subject: Fix type punning in val_NC_check_voff() by using memcpy instead of assignment Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 3e3712ecf4cd9f98d65e00324c2bc8640c1af565 References: gcc11 explicitly warns about this strict aliasing violation: daux.c:903:30: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 903 | params[nparams++] = *(unsigned int*)&valf; | | ^~~~~~~~~~~~~~~~~~~~ Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- libdispatch/daux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libdispatch/daux.c b/libdispatch/daux.c index aa9eb0d8..5478ee06 100644 --- a/libdispatch/daux.c +++ b/libdispatch/daux.c @@ -900,7 +900,8 @@ filterspec_cvt(const char* txt, size_t* nparamsp, unsigned int* params) sstat = sscanf(p,"%lf",&vald); if(sstat != 1) {stat = NC_EINVAL; goto done;} valf = (float)vald; - params[nparams++] = *(unsigned int*)&valf; + /* avoid type punning */ + memcpy(¶ms[nparams++], &valf, sizeof(unsigned int)); break; /* The following are 8-byte values, so we must swap pieces if this is a little endian machine */ ++++++ Fix-type-punning-in-xxdrntohdouble-by-using-memcpy-instead-of-assignment.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 09:54:03 2021 +0200 Subject: Fix type punning in xxdrntohdouble() by using memcpy instead of assignment Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: a284dee6d8aa042e010c25d228dc49db90bb6ebc References: gcc11 explicitly warned about this strict aliasing violation: xxdr.c: In function 'xxdrntohdouble': xxdr.c:505:19: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 505 | if(dp) *dp = *(double*)ii; | ^~~~~~~~~~~ Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- oc2/xxdr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oc2/xxdr.c b/oc2/xxdr.c index 1ac74b0f..1bc3973a 100644 --- a/oc2/xxdr.c +++ b/oc2/xxdr.c @@ -502,7 +502,8 @@ xxdrntohdouble(char* c8, double* dp) ii[0] = ii[1]; ii[1] = tmp; } - if(dp) *dp = *(double*)ii; + /* use memcpy avoid type punning */ + if(dp) memcpy(dp, ii, sizeof(double)); } void ++++++ NCD4_dumpbytes-Add-missing-initialization-of-float-types.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Jul 12 08:24:58 2021 +0200 Subject: NCD4_dumpbytes(): Add missing initialization of float types Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 429efb0b136d35c54f9db23f3c6affa1087514d2 References: Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- libdap4/d4dump.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libdap4/d4dump.c b/libdap4/d4dump.c index b2e18931..442227ec 100644 --- a/libdap4/d4dump.c +++ b/libdap4/d4dump.c @@ -45,6 +45,8 @@ NCD4_dumpbytes(size_t size, const void* data0, int swap) v.i32[0] = *((int*)pos); v.u64[0] = *((unsigned long long*)pos); v.i64[0] = *((long long*)pos); + v.f32[0] = *((float*)pos); + v.f64[0] = *((double*)pos); if(swap) { swapinline16(v.u16); swapinline32(v.u32); ++++++ NCD4_dumpbytes-use-correct-swapline-for-object-size.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 09:08:33 2021 +0200 Subject: NCD4_dumpbytes: use correct swapline for object size Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 33ebc0efab2ba9a305026d80f39836d3bfabeb04 References: This addresses a type-punning warning in gcc: gcc11 warns about one of the strict aliasing violations: d4util.h:44:7: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 44 | *((unsigned int*)ip) = u.i; \ | ~^~~~~~~~~~~~~~~~~~ d4dump.c:51:13: note: in expansion of macro 'swapinline32' 51 | swapinline32(v.u64); | ^~~~~~~~~~~~ Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- libdap4/d4dump.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libdap4/d4dump.c b/libdap4/d4dump.c index b2e18931..2121ab99 100644 --- a/libdap4/d4dump.c +++ b/libdap4/d4dump.c @@ -48,12 +48,12 @@ NCD4_dumpbytes(size_t size, const void* data0, int swap) if(swap) { swapinline16(v.u16); swapinline32(v.u32); - swapinline32(v.u64); + swapinline64(v.u64); swapinline16(v.i16); swapinline32(v.i32); - swapinline32(v.i64); + swapinline64(v.i64); swapinline32(v.f32); - swapinline32(v.f64); + swapinline64(v.f64); } if(v.s[0] == '\r') strcpy(v.s,"\\r"); else if(v.s[0] == '\n') strcpy(v.s,"\\n"); ++++++ NCZ_def_var_chunking-make-sure-cs-is-set-before-used.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Jul 12 11:57:24 2021 +0200 Subject: NCZ_def_var_chunking(): make sure 'cs' is set before used Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 47584171d90e03b9ddad94cbc7edf1ab20f9d468 References: 'cs' was only set when 'var->ndim' != 0. Thus cs could have been uninitialized when ncz_dev_var_extra() was called. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- libnczarr/zvar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libnczarr/zvar.c b/libnczarr/zvar.c index 28ab00fb..d9e6af5b 100644 --- a/libnczarr/zvar.c +++ b/libnczarr/zvar.c @@ -865,7 +865,7 @@ int ncz_def_var_chunking_ints(int ncid, int varid, int contiguous, int *chunksizesp) { NC_VAR_INFO_T *var; - size_t *cs; + size_t *cs = NULL; int i, retval; /* Get pointer to the var. */ ++++++ bin_reclaim_compound-Fixed-uninitialized-variable.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 09:48:22 2021 +0200 Subject: bin_reclaim_compound(): Fixed uninitialized variable Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: f6180b1fb32d8e90eee27250e343effc99f734f1 References: 'arraycount' never got initialized before being multiplied. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- ncgen/bindata.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ncgen/bindata.c b/ncgen/bindata.c index 583ef501..d053b7e0 100644 --- a/ncgen/bindata.c +++ b/ncgen/bindata.c @@ -566,7 +566,7 @@ bin_reclaim_compound(Symbol* tsym, Reclaim* reclaimer) { int stat = NC_NOERR; int nfields; - size_t fid, i, arraycount; + size_t fid, i; ptrdiff_t saveoffset; reclaimer->offset = read_alignment(reclaimer->offset,tsym->typ.cmpdalign); @@ -577,6 +577,7 @@ bin_reclaim_compound(Symbol* tsym, Reclaim* reclaimer) for(fid=0;fid<nfields;fid++) { Symbol* field = listget(tsym->subnodes,fid); int ndims = field->typ.dimset.ndims; + size_t arraycount = ndims > 0 ? 1 : 0; /* compute the total number of elements in the field array */ for(i=0;i<ndims;i++) arraycount *= field->typ.dimset.dimsyms[i]->dim.declsize; reclaimer->offset = read_alignment(reclaimer->offset,field->typ.alignment); ++++++ d4util.h-make-swapinlineXX-more-robust-against-type-punning.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 10:12:21 2021 +0200 Subject: d4util.h: make swapinlineXX more robust against type punning Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 169dbc5f1d79b58050a0f6c475244c6d9d0ecff0 References: Since the type of ip is not known in a macro definition, use memcpy() to copy from and to memory. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- libdap4/d4util.h | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/libdap4/d4util.h b/libdap4/d4util.h index cba660ee..6cc63fe8 100644 --- a/libdap4/d4util.h +++ b/libdap4/d4util.h @@ -25,39 +25,39 @@ typedef struct D4blob {d4size_t size; void* memory;} D4blob; /* signature: void swapinline16(void* ip) */ #define swapinline16(ip) \ { \ - union {char b[2]; unsigned short i;} u; \ + char b[2]; \ char* src = (char*)(ip); \ - u.b[0] = src[1]; \ - u.b[1] = src[0]; \ - *((unsigned short*)ip) = u.i; \ + b[0] = src[1]; \ + b[1] = src[0]; \ + memcpy(ip, b, 2); \ } /* signature: void swapinline32(void* ip) */ #define swapinline32(ip) \ { \ - union {char b[4]; unsigned int i;} u; \ + char b[4]; \ char* src = (char*)(ip); \ - u.b[0] = src[3]; \ - u.b[1] = src[2]; \ - u.b[2] = src[1]; \ - u.b[3] = src[0]; \ - *((unsigned int*)ip) = u.i; \ + b[0] = src[3]; \ + b[1] = src[2]; \ + b[2] = src[1]; \ + b[3] = src[0]; \ + memcpy(ip, b, 4); \ } /* signature: void swapinline64(void* ip) */ #define swapinline64(ip) \ { \ - union {char b[8]; unsigned long long i;} u; \ + char b[8]; \ char* src = (char*)(ip); \ - u.b[0] = src[7]; \ - u.b[1] = src[6]; \ - u.b[2] = src[5]; \ - u.b[3] = src[4]; \ - u.b[4] = src[3]; \ - u.b[5] = src[2]; \ - u.b[6] = src[1]; \ - u.b[7] = src[0]; \ - *((unsigned long long*)ip) = u.i; \ + b[0] = src[7]; \ + b[1] = src[6]; \ + b[2] = src[5]; \ + b[3] = src[4]; \ + b[4] = src[3]; \ + b[5] = src[2]; \ + b[6] = src[1]; \ + b[7] = src[0]; \ + memcpy(ip, b, 8); \ } /***************************************************/ ++++++ parseServers-Fix-uninitialized-variable-simplify-error-path.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 09:41:22 2021 +0200 Subject: parseServers(): Fix uninitialized variable simplify error path Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 06fbbbc78023abca48ae3a69aa409f7f0a4cf3a3 References: When rtslen == 0 code jumped to 'done' where it checked for rts being != NULL. At this point, rts was not yet set. Fixed code paths eliminating unneeded tests and jumps. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- include/nctestserver.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/nctestserver.h b/include/nctestserver.h index 978210c8..e7b63b80 100644 --- a/include/nctestserver.h +++ b/include/nctestserver.h @@ -47,7 +47,7 @@ parseServers(const char* remotetestservers) size_t rtslen = strlen(remotetestservers); /* Keep LGTM quiet */ - if(rtslen > MAXREMOTETESTSERVERS) goto done; + if(rtslen > MAXREMOTETESTSERVERS) return NULL; list = (char**)malloc(sizeof(char*) * (int)(rtslen/2)); if(list == NULL) return NULL; rts = strdup(remotetestservers); @@ -65,8 +65,8 @@ parseServers(const char* remotetestservers) *l = NULL; servers = list; list = NULL; + free(rts); done: - if(rts) free(rts); if(list) free(list); return servers; } ++++++ pr_att-Fix-uninitialized-variable.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 14:57:29 2021 +0200 Subject: pr_att(): Fix uninitialized variable Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 66eade948d044832b0ca5feff824e1aca3c7fe68 References: Fix uninitialized variable in error path. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- ncdump/ncdump.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ncdump/ncdump.c b/ncdump/ncdump.c index d333cc37..41f44683 100644 --- a/ncdump/ncdump.c +++ b/ncdump/ncdump.c @@ -896,6 +896,7 @@ pr_att( value = *((uint64_t *)data + i); break; default: + value = 0; /* GCC */ error("enum must have an integer base type: %d", base_nc_type); } NC_CHECK( nc_inq_enum_ident(ncid, att.type, value, ++++++ swap-4-8-b-Satisfy-strict-aliasing-rules.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sun Jul 11 10:01:41 2021 +0200 Subject: swap[4|8]b: Satisfy strict aliasing rules Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: e1f5896ab561cb774735fd9e1445533ceb152b76 References: gcc11 made assumptions about optimization based on strict aliasing rules that led to this code malfunction, which was caught by the test suite. gcc printed out a warning whose meaning was not immediately obvious: ncx.c: In function 'ncx_putn_float_schar': ncx.c:272:20: warning: 'xx' may be used uninitialized [-Wmaybe-uninitialized] 272 | uint32_t tmp = *(uint32_t*)src; | ^~~~~~~~~~~~~~~ ncx.c:3512:14: note: 'xx' was declared here 3512 | ix_float xx = NC_FILL_FLOAT; | ^~ Due to optimization and inlining, the initialization of this variable was lost. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- libsrc/ncx.m4 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libsrc/ncx.m4 b/libsrc/ncx.m4 index 72931afb..58c7f02e 100644 --- a/libsrc/ncx.m4 +++ b/libsrc/ncx.m4 @@ -348,7 +348,9 @@ inline static void swap4b(void *dst, const void *src) { /* copy over, make the below swap in-place */ - uint32_t tmp = *(uint32_t*)src; + uint32_t tmp; + /* use memcpy to avoid type punning */ + memcpy(&tmp, src, sizeof(tmp)); tmp = SWAP4(tmp); memcpy(dst, &tmp, 4); @@ -464,7 +466,9 @@ swap8b(void *dst, const void *src) op = (uint32_t*)((char*)dst+4); *op = SWAP4(*op); #else - uint64_t tmp = *(uint64_t*)src; + uint64_t tmp; + /* use memcpy to avoid type punning */ + memcpy(&tmp, src, sizeof(tmp)); tmp = SWAP8(tmp); memcpy(dst, &tmp, 8); ++++++ val_NC_check_voff-Fix-uninitialized-variable-warning.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Sat Jul 10 10:43:10 2021 +0200 Subject: val_NC_check_voff(): Fix uninitialized variable warning Patch-mainline: Not yet Git-repo: https://github.com/Unidata/netcdf-c Git-commit: 8b6a94698ff2a862b0188c8c74c9832c967e76f1 References: Make variables used in error message match the condition that triggered the message. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- ncdump/ncvalidator.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ncdump/ncvalidator.c b/ncdump/ncvalidator.c index 3cb6353f..37d7de06 100644 --- a/ncdump/ncvalidator.c +++ b/ncdump/ncvalidator.c @@ -2075,7 +2075,7 @@ val_NC_check_voff(NC *ncp) if (ncp->begin_rec < prev_off) { if (verbose) printf("Error:\n"); - if (verbose) printf("\tRecord variable section begin offset (%lld) is less than fixed-size variable section end offset (%lld)\n", varp->begin, prev_off); + if (verbose) printf("\tRecord variable section begin offset (%lld) is less than fixed-size variable section end offset (%lld)\n", ncp->begin_rec, prev_off); nerrs++; DEBUG_ASSIGN_ERROR(status, NC_ENOTNC) }
