Hide Forgot
Description of problem: Static analysis of cups code with/without applied patches discovered some possible problems in the code. However I haven't found anything serious yet so the Severity is set to low. I'm going to attach fixes with comments. Version-Release number of selected component (if applicable): cups-1.4.6-13.fc16 Additional info: This time I was checking only problems added by our patches. Next time I'm going to look at problems in upstream code, so please leave this bug open. I'll close it when I finish it.
Created attachment 487022 [details] avahi.patch fixes - initialize variable 'i' to make sure we don't dereference null variable 'elements' - fix possible resource leak
Created attachment 487024 [details] lspp.patch fixes - check return value of avc_context_to_sid() - make the code more portable
Created attachment 487026 [details] icc.patch fix - removed dead code: value of 'attr' is always 0(null) on this line
(In reply to comment #1) > Created attachment 487022 [details] > avahi.patch fixes Thanks, I've updated the upstream patch in STR #3066.
(In reply to comment #2) > Created attachment 487024 [details] > lspp.patch fixes Looks good.
(In reply to comment #3) > Created attachment 487026 [details] > icc.patch fix > > - removed dead code: value of 'attr' is always 0(null) on this line Hmm, I think attr ought to be the "DefaultColorSpace" attribute, if present, here. CCing Richard for confirmation...
(In reply to comment #6) > Hmm, I think attr ought to be the "DefaultColorSpace" attribute, if present, > here. CCing Richard for confirmation... Yup, that patch makes sense, please apply it to rawhide. I'll do a more complete fix upstream. Thanks. Richard.
Problems in our patches have been fixed in cups-1.4.6-15.fc15 Patches fixing problems in upstream code were sent upstream so I'm closing this as UPSTREAM.
Just a note that the upstream reported problems have been fixed in CUPS 1.5