[rpms/libfm] rawhide: rescue search with crafted URI with no value detected with gcc16 -fanalyzer

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Mamoru TASAKA <mtasaka@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/libfm] rawhide: rescue search with crafted URI with no value detected with gcc16 -fanalyzer
Date: Wed, 24 Jun 2026 08:26:02 GMT	[thread overview]
Message-ID: <178228956247.1.18242729367937623467.rpms-libfm-13f170399f6d@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/libfm
Branch : rawhide
Commit : 13f170399f6d966842e5e01beafa5f168613f120
Author : Mamoru TASAKA <mtasaka@fedoraproject.org>
Date   : 2026-06-24T17:25:49+09:00
Stats  : +47/-2 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/libfm/c/13f170399f6d966842e5e01beafa5f168613f120?branch=rawhide

Log:
rescue search with crafted URI with no value detected with gcc16 -fanalyzer

---
diff --git a/libfm-pr126-parse_search_uri-rescue-URI-which-lacks-value.patch b/libfm-pr126-parse_search_uri-rescue-URI-which-lacks-value.patch
new file mode 100644
index 0000000..82c0b0e
--- /dev/null
+++ b/libfm-pr126-parse_search_uri-rescue-URI-which-lacks-value.patch
@@ -0,0 +1,38 @@
+From 390a7ebae3b856991fd805757aff11e17b9fafc4 Mon Sep 17 00:00:00 2001
+From: Mamoru TASAKA <mtasaka@fedoraproject.org>
+Date: Wed, 24 Jun 2026 17:12:25 +0900
+Subject: [PATCH] parse_search_uri: rescue URI which lacks value
+
+Currently, some crafted search URI which has parameter name
+but lacks value causes nullptr dereference then segfault.
+Since value is missing, we don't have to set it to the corresponding
+structure member, so just skip it.
+
+Closes #125 .
+---
+ src/modules/vfs-search.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/modules/vfs-search.c b/src/modules/vfs-search.c
+index 57a375c4..1c7c0c2c 100644
+--- a/src/modules/vfs-search.c
++++ b/src/modules/vfs-search.c
+@@ -481,6 +481,7 @@ static void parse_search_uri(FmVfsSearchEnumerator* priv, const char* uri_str)
+                     name = g_strdup(params);
+ 
+                 /* g_printf("parameter name/value: %s = %s\n", name, value); */
++                if (!value) goto _search_uri_invalid_value;
+ 
+                 if(strcmp(name, "show_hidden") == 0)
+                     priv->show_hidden = (value[0] == '1') ? TRUE : FALSE;
+@@ -552,6 +553,7 @@ static void parse_search_uri(FmVfsSearchEnumerator* priv, const char* uri_str)
+                 else if(strcmp(name, "max_mtime") == 0)
+                     priv->max_mtime = (guint64)parse_date_str(value);
+ 
++_search_uri_invalid_value:
+                 g_free(name);
+                 g_free(value);
+ 
+-- 
+2.54.0
+

diff --git a/libfm.spec b/libfm.spec
index 1069e47..3c43668 100644
--- a/libfm.spec
+++ b/libfm.spec
@@ -45,7 +45,7 @@
 
 Name:           libfm
 Version:        %{main_version}%{git_ver_rpm}
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        GIO-based library for file manager-like programs
 
 # src/actions/	GPL-2.0-or-later
@@ -93,6 +93,9 @@ Patch1002:      libfm-pr121-suppress-gobject-warnings.patch
 # https://github.com/lxde/libfm/pull/124
 # g-udisks-volume: fix incorrect g_realloc and memcpy usage detected with gcc17 -Wanalyzer-allocation-size)
 Patch1003:      libfm-pr124-g-udisks-volume-fix-incorrect-g_realloc-and-memcpy-u.patch
+# https://github.com/lxde/libfm/pull/126
+# parse_search_uri: rescue URI which lacks value, detected with gcc16 -Wanalyzer-null-dereference
+Patch1004:		libfm-pr126-parse_search_uri-rescue-URI-which-lacks-value.patch
 
 BuildRequires:  pkgconfig(gio-unix-2.0) >= 2.26.0
 BuildRequires:  pkgconfig(glib-2.0) >= 2.27.0
@@ -281,6 +284,7 @@ git commit -m "Use gtk version specific module directory" -a
 cat %PATCH1001 | git am
 cat %PATCH1002 | git am
 cat %PATCH1003 | git am
+cat %PATCH1004 | git am
 
 # Need reporting upstream
 # ref: https://github.com/lxde/libfm/commit/1af95bd8f26cab6848a74b7e02b53c6c79fb53a5
@@ -309,7 +313,7 @@ find . -name \*.vala | xargs touch
 
 
 %build
-%dnl %global _pkg_extra_cflags -fanalyzer -fanalyzer-assume-nothrow
+%global _pkg_extra_cflags -fanalyzer -fanalyzer-assume-nothrow
 %if 0%{?use_gitbare} >= 1
 cd libfm
 %endif
@@ -516,6 +520,9 @@ fi
 %endif
 
 %changelog
+* Wed Jun 24 2026 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.4.1-7
+- rescue search with crafted URI with no value detected with gcc16 -fanalyzer
+
 * Wed Jun 10 2026 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.4.1-6
 - Apply upstream PR to fix g_realloc / memmove incorrect usage detected with
   gcc17 -fanalyzer

                 reply	other threads:[~2026-06-24  8:26 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178228956247.1.18242729367937623467.rpms-libfm-13f170399f6d@fedoraproject.org \
    --to=mtasaka@fedoraproject.org \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox