RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: jbj@rpm5.org Module: rpm Date: 30-Sep-2007 19:29:07 Branch: HEAD Handle: 2007093018290401 Modified files: rpm system.h rpm/lib rpmlib.h rpmts.h rpm/rpmdb .splintrc Makefile.am db3.c dbconfig.c fprint.c hdrNVR.c hdrfmt.c hdrinline.h header.c header.h header_internal.c legacy.c merge.c pkgio.c pkgio.h rpmdb.c rpmdb.h sqlite.c tagname.c Log: - splint fiddles. Summary: Revision Changes Path 2.437 +2 -21 rpm/lib/rpmlib.h 2.77 +3 -3 rpm/lib/rpmts.h 1.6 +7 -1 rpm/rpmdb/.splintrc 1.80 +1 -3 rpm/rpmdb/Makefile.am 1.73 +6 -23 rpm/rpmdb/db3.c 1.45 +0 -6 rpm/rpmdb/dbconfig.c 1.15 +0 -14 rpm/rpmdb/fprint.c 1.11 +11 -6 rpm/rpmdb/hdrNVR.c 1.7 +17 -70 rpm/rpmdb/hdrfmt.c 1.14 +1 -1 rpm/rpmdb/hdrinline.h 1.66 +23 -204 rpm/rpmdb/header.c 1.25 +1 -1 rpm/rpmdb/header.h 1.8 +0 -6 rpm/rpmdb/header_internal.c 1.34 +4 -10 rpm/rpmdb/legacy.c 1.9 +2 -4 rpm/rpmdb/merge.c 1.9 +34 -44 rpm/rpmdb/pkgio.c 1.4 +24 -3 rpm/rpmdb/pkgio.h 1.162 +40 -138 rpm/rpmdb/rpmdb.c 1.67 +11 -4 rpm/rpmdb/rpmdb.h 1.15 +10 -14 rpm/rpmdb/sqlite.c 1.6 +0 -2 rpm/rpmdb/tagname.c 2.88 +2 -0 rpm/system.h ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/lib/rpmlib.h ============================================================================ $ cvs diff -u -r2.436 -r2.437 rpmlib.h --- rpm/lib/rpmlib.h 29 Sep 2007 16:23:39 -0000 2.436 +++ rpm/lib/rpmlib.h 30 Sep 2007 17:29:05 -0000 2.437 @@ -126,10 +126,10 @@ /*@-redecl@*/ /*@unchecked@*/ extern const int rpmTagTableSize; -/*@=redecl@*/ /*@unchecked@*/ extern headerTagIndices rpmTags; +/*@=redecl@*/ /** * Table of query format extensions. @@ -743,25 +743,6 @@ typedef /*@abstract@*/ /*@refcounted@*/ struct rpmpsm_s * rpmpsm; /** - * Check header consistency, performing headerGetEntry() the hard way. - * - * Sanity checks on the header are performed while looking for a - * header-only digest or signature to verify the blob. If found, - * the digest or signature is verified. - * - * @param ts transaction set - * @param uh unloaded header blob - * @param uc no. of bytes in blob (or 0 to disable) - * @retval *msg verification error message (or NULL) - * @return RPMRC_OK on success - */ -rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, - /*@out@*/ /*@null@*/ const char ** msg) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies ts, *msg, rpmGlobalMacroContext, - fileSystem, internalState @*/; - -/** * Return checked and loaded header. * @param ts transaction set * @param _fd file handle @@ -801,7 +782,7 @@ /*@null@*/ /*@out@*/ const char ** specFilePtr, /*@null@*/ /*@out@*/ const char ** cookie) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies ts, fd, *specFilePtr, *cookie, rpmGlobalMacroContext, + /*@modifies ts, _fd, *specFilePtr, *cookie, rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmts @@ . patch -p0 <<'@@ .' Index: rpm/lib/rpmts.h ============================================================================ $ cvs diff -u -r2.76 -r2.77 rpmts.h --- rpm/lib/rpmts.h 29 Sep 2007 16:23:39 -0000 2.76 +++ rpm/lib/rpmts.h 30 Sep 2007 17:29:05 -0000 2.77 @@ -213,14 +213,14 @@ /*@observer@*/ /*@dependent@*/ /*@null@*/ const char * fn; /*!< Current package fn. */ -/*@only@*/ /*@null@*/ +/*@only@*/ /*@relnull@*/ const unsigned char * pkpkt;/*!< Current pubkey packet. */ size_t pkpktlen; /*!< Current pubkey packet length. */ unsigned char pksignid[8]; /*!< Current pubkey fingerprint. */ struct rpmop_s ops[RPMTS_OP_MAX]; -/*@null@*/ +/*@relnull@*/ pgpDig dig; /*!< Current signature/pubkey parameters. */ /*@null@*/ @@ -705,7 +705,7 @@ * @param ts transaction set * @return signature/pubkey constants. */ -/*@exposed@*/ /*@null@*/ +/*@exposed@*/ pgpDig rpmtsDig(rpmts ts) /*@*/; @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/.splintrc ============================================================================ $ cvs diff -u -r1.5 -r1.6 .splintrc --- rpm/rpmdb/.splintrc 30 May 2007 02:49:40 -0000 1.5 +++ rpm/rpmdb/.splintrc 30 Sep 2007 17:29:05 -0000 1.6 @@ -12,7 +12,6 @@ +strict # lclint level # --- in progress -#+bounds +slovak-fcns -bufferoverflowhigh @@ -27,7 +26,14 @@ -varuse # --- not-yet at strict level +-internalglobs # 16 +-paramuse # 6 +-mustmod # 8 +-type # 4 +-unrecog # 2 + -bitwisesigned # 160 +-branchstate # 65 -elseifcomplete # 9 -exportconst # 687 -exportfcn # 464 @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/Makefile.am ============================================================================ $ cvs diff -u -r1.79 -r1.80 Makefile.am --- rpm/rpmdb/Makefile.am 8 Sep 2007 16:17:34 -0000 1.79 +++ rpm/rpmdb/Makefile.am 30 Sep 2007 17:29:05 -0000 1.80 @@ -78,8 +78,7 @@ endif tagtbl.c: Makefile.am $(top_srcdir)/lib/rpmlib.h - @echo '/*@-bounds@*/' > $@ - @echo '#include "system.h"' >> $@ + @echo '#include "system.h"' > $@ @echo '#include <rpmlib.h>' >> $@ @echo '#include "debug.h"' >> $@ @echo '' >> $@ @@ -94,7 +93,6 @@ @echo '' >> $@ @echo '/*@unchecked@*/' >> $@ @echo 'const int rpmTagTableSize = sizeof(rpmTagTbl) / sizeof(rpmTagTbl[0]) - 1;' >> $@ - @echo '/*@=bounds@*/' >> $@ if WITH_DB_INTERNAL my_DB_HEADER = $(top_builddir)/$(WITH_DB_SUBDIR)/db.h @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/db3.c ============================================================================ $ cvs diff -u -r1.72 -r1.73 db3.c --- rpm/rpmdb/db3.c 24 Sep 2007 02:38:57 -0000 1.72 +++ rpm/rpmdb/db3.c 30 Sep 2007 17:29:05 -0000 1.73 @@ -177,6 +177,7 @@ * @param value tag value * @return tag string */ +/*@observer@*/ static const char * mapTagName(int value) /*@*/ { @@ -333,7 +334,9 @@ /* 4.1: dbenv->set_data_dir(???) */ /* 4.1: dbenv->set_encrypt(???) */ +/*@-castfcnptr@*/ dbenv->set_errcall(dbenv, (void *)rpmdb->db_errcall); +/*@=castfcnptr@*/ dbenv->set_errfile(dbenv, rpmdb->db_errfile); dbenv->set_errpfx(dbenv, rpmdb->db_errpfx); /*@=noeffectuncon@*/ @@ -402,10 +405,8 @@ const char * tmpdir; root = (dbi->dbi_root ? dbi->dbi_root : rpmdb->db_root); -/*@-boundsread@*/ if ((root[0] == '/' && root[1] == '\0') || rpmdb->db_chrootDone) root = NULL; -/*@=boundsread@*/ /*@-mods@*/ tmpdir = rpmGenPath(root, dbi->dbi_tmpdir, NULL); /*@=mods@*/ @@ -559,9 +560,7 @@ } #endif -/*@-boundswrite@*/ *dbenvp = dbenv; -/*@=boundswrite@*/ return 0; @@ -601,9 +600,7 @@ { int rc; -/*@-boundswrite@*/ if (dbcp) *dbcp = NULL; -/*@=boundswrite@*/ #if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 6) rc = dbcursor->dup(dbcursor, dbcp, flags); rc = cvtdberr(dbi, "dbcursor->dup", rc, _debug); @@ -661,7 +658,7 @@ rc = cvtdberr(dbi, "db->cursor", rc, _debug); if (dbcp) - /*@-boundswrite -onlytrans@*/ *dbcp = dbcursor; /*@=boundswrite =onlytrans@*/ + *dbcp = dbcursor; else (void) db3cclose(dbi, dbcursor, 0); @@ -823,9 +820,7 @@ rc = cvtdberr(dbi, "dbcursor->c_count", rc, _debug); #endif if (rc) return rc; -/*@-boundswrite@*/ if (countp) *countp = count; -/*@=boundswrite@*/ return rc; } @@ -950,10 +945,8 @@ * Get the prefix/root component and directory path. */ root = (dbi->dbi_root ? dbi->dbi_root : rpmdb->db_root); -/*@-boundsread@*/ if ((root[0] == '/' && root[1] == '\0') || rpmdb->db_chrootDone) root = NULL; -/*@=boundsread@*/ home = (dbi->dbi_home ? dbi->dbi_home : rpmdb->db_home); /* @@ -1010,7 +1003,9 @@ if (rc || dbenv == NULL) goto exit; /*@-noeffectuncon@*/ /* FIX: annotate db3 methods */ +/*@-castfcnptr@*/ dbenv->set_errcall(dbenv, (void *)rpmdb->db_errcall); +/*@=castfcnptr@*/ dbenv->set_errfile(dbenv, rpmdb->db_errfile); dbenv->set_errpfx(dbenv, rpmdb->db_errpfx); /* dbenv->set_paniccall(???) */ @@ -1108,10 +1103,8 @@ u_int32_t oflags; int _printit; -/*@-boundswrite@*/ if (dbip) *dbip = NULL; -/*@=boundswrite@*/ /* * Parse db configuration parameters. @@ -1128,10 +1121,8 @@ * Get the prefix/root component and directory path. */ root = (dbi->dbi_root ? dbi->dbi_root : rpmdb->db_root); -/*@-boundsread@*/ if ((root[0] == '/' && root[1] == '\0') || rpmdb->db_chrootDone) root = NULL; -/*@=boundsread@*/ home = (dbi->dbi_home ? dbi->dbi_home : rpmdb->db_home); /* @@ -1281,7 +1272,6 @@ if (oflags & DB_RDONLY) dbi->dbi_verify_on_close = 0; -/*@-branchstate@*/ if (dbi->dbi_use_dbenv) { /*@-mods@*/ if (rpmdb->db_dbenv == NULL) { @@ -1353,7 +1343,6 @@ } /*@=mods@*/ } -/*@=branchstate@*/ rpmMessage(RPMMESS_DEBUG, D_("opening db index %s/%s %s mode=0x%x\n"), dbhome, (dbfile ? dbfile : mapTagName(dbi->dbi_rpmtag)), @@ -1511,11 +1500,9 @@ if (dbfile) nb += 1 + strlen(dbfile); dbfullpath = t = alloca(nb + 1); -/*@-boundswrite@*/ t = stpcpy(t, dbhome); if (dbfile) t = stpcpy( stpcpy( t, "/"), dbfile); -/*@=boundswrite@*/ #ifdef HACK /* XXX necessary to support dbsubfile */ dbpath = (!dbi->dbi_use_dbenv && !dbi->dbi_temporary) ? dbfullpath : dbfile; @@ -1578,9 +1565,7 @@ rc = 1; } else { struct flock l; -/*@-boundswrite@*/ memset(&l, 0, sizeof(l)); -/*@=boundswrite@*/ l.l_whence = 0; l.l_start = 0; l.l_len = 0; @@ -1614,9 +1599,7 @@ if (rc == 0 && dbi->dbi_db != NULL && dbip != NULL) { dbi->dbi_vec = &db3vec; -/*@-boundswrite@*/ *dbip = dbi; -/*@=boundswrite@*/ } else { dbi->dbi_verify_on_close = 0; (void) db3close(dbi, 0); @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/dbconfig.c ============================================================================ $ cvs diff -u -r1.44 -r1.45 dbconfig.c --- rpm/rpmdb/dbconfig.c 2 Aug 2007 17:15:42 -0000 1.44 +++ rpm/rpmdb/dbconfig.c 30 Sep 2007 17:29:05 -0000 1.45 @@ -648,7 +648,6 @@ static const char *db3_config_default = "hash tmpdir=/var/tmp create cdb mpool mp_mmapsize=16Mb mp_size=1Mb perms=0644"; -/*@-bounds@*/ dbiIndex db3New(rpmdb rpmdb, rpmTag rpmtag) { dbiIndex dbi = xcalloc(1, sizeof(*dbi)); @@ -666,7 +665,6 @@ } /* Parse the options for the database element(s). */ - /*@-branchstate@*/ if (dbOpts && *dbOpts && *dbOpts != '%') { char *o, *oe; char *p, *pe; @@ -782,7 +780,6 @@ } /*=========*/ } - /*@=branchstate@*/ dbOpts = _free(dbOpts); @@ -832,9 +829,7 @@ return dbi; /*@=globstate@*/ } -/*@=bounds@*/ -/*@-boundswrite@*/ const char * prDbiOpenFlags(int dbflags, int print_dbenv_flags) { static char buf[256]; @@ -869,6 +864,5 @@ } return buf; } -/*@=boundswrite@*/ #endif @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/fprint.c ============================================================================ $ cvs diff -u -r1.14 -r1.15 fprint.c --- rpm/rpmdb/fprint.c 25 May 2007 17:36:33 -0000 1.14 +++ rpm/rpmdb/fprint.c 30 Sep 2007 17:29:05 -0000 1.15 @@ -41,9 +41,7 @@ if (htGetEntry(cache->ht, dirName, &data, NULL, NULL)) return NULL; -/*@-boundsread@*/ return data[0]; -/*@=boundsread@*/ } /** @@ -54,7 +52,6 @@ * @param scareMem * @return pointer to the finger print associated with a file path. */ -/*@-bounds@*/ /* LCL: segfault */ static fingerPrint doLookup(fingerPrintCache cache, const char * dirName, const char * baseName, int scareMem) /*@modifies cache @*/ @@ -75,11 +72,9 @@ cdnl = strlen(cleanDirName); if (*cleanDirName == '/') { - /*@-branchstate@*/ if (!scareMem) cleanDirName = rpmCleanPath(strcpy(alloca(cdnl+1), dirName)); - /*@=branchstate@*/ } else { scareMem = 0; /* XXX causes memory leak */ @@ -92,7 +87,6 @@ /* if the current directory doesn't exist, we might fail. oh well. likewise if it's too long. */ dir[0] = '\0'; - /*@-branchstate@*/ if (realpath(".", dir) != NULL) { end = dir + strlen(dir); if (end[-1] != '/') *end++ = '/'; @@ -105,7 +99,6 @@ cleanDirName = dir; cdnl = end - dir; } - /*@=branchstate@*/ } fp.entry = NULL; fp.subDir = NULL; @@ -183,7 +176,6 @@ /*@-nullret@*/ return fp; /*@=nullret@*/ /* LCL: can't happen. */ /*@=compdef@*/ } -/*@=bounds@*/ fingerPrint fpLookup(fingerPrintCache cache, const char * dirName, const char * baseName, int scareMem) @@ -197,9 +189,7 @@ const char * chptr = fp->baseName; unsigned char ch = 0; -/*@-boundsread@*/ while (*chptr != '\0') ch ^= *chptr++; -/*@=boundsread@*/ h |= ((unsigned)ch) << 24; h |= (((((unsigned)fp->entry->dev) >> 8) ^ fp->entry->dev) & 0xFF) << 16; @@ -208,7 +198,6 @@ return h; } -/*@-boundsread@*/ int fpEqual(const void * key1, const void * key2) { const fingerPrint *k1 = key1; @@ -226,9 +215,7 @@ return 1; } -/*@=boundsread@*/ -/*@-bounds@*/ void fpLookupList(fingerPrintCache cache, const char ** dirNames, const char ** baseNames, const uint_32 * dirIndexes, int fileCount, fingerPrint * fpList) @@ -248,7 +235,6 @@ } } } -/*@=bounds@*/ #ifdef UNUSED /** @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/hdrNVR.c ============================================================================ $ cvs diff -u -r1.10 -r1.11 hdrNVR.c --- rpm/rpmdb/hdrNVR.c 29 Sep 2007 16:23:40 -0000 1.10 +++ rpm/rpmdb/hdrNVR.c 30 Sep 2007 17:29:05 -0000 1.11 @@ -30,7 +30,10 @@ { NULL, 0 } }; +/*@-globs -mods -incondefs@*/ int headerMacrosLoad(Header h) + /*@globals rpmGlobalMacroContext @*/ + /*@modifies rpmGlobalMacroContext @*/ { struct tagMacro * tagm; union { @@ -62,9 +65,7 @@ continue; switch (type) { case RPM_INT32_TYPE: -/*@-boundsread@*/ sprintf(numbuf, "%d", *body.i32p); -/*@=boundsread@*/ addMacro(NULL, tagm->macroname, NULL, numbuf, -1); /*@switchbreak@*/ break; case RPM_STRING_TYPE: @@ -85,7 +86,12 @@ } return 0; } +/*@=globs =mods =incondefs@*/ + +/*@-globs -mods -incondefs@*/ int headerMacrosUnload(Header h) + /*@globals rpmGlobalMacroContext @*/ + /*@modifies rpmGlobalMacroContext @*/ { struct tagMacro * tagm; union { @@ -137,6 +143,7 @@ return 0; } +/*@=globs =mods =incondefs@*/ int headerNEVRA(Header h, const char **np, /*@unused@*/ const char **ep, const char **vp, const char **rp, @@ -145,7 +152,6 @@ int type; int count; -/*@-boundswrite@*/ if (np) { if (!(headerGetEntry(h, RPMTAG_NAME, &type, np, &count) && type == RPM_STRING_TYPE && count == 1)) @@ -162,17 +168,18 @@ *rp = NULL; } if (ap) { +/*@-observertrans -readonlytrans@*/ if (!headerIsEntry(h, RPMTAG_ARCH)) *ap = "pubkey"; else if (!headerIsEntry(h, RPMTAG_SOURCERPM)) *ap = "src"; +/*@=observertrans =readonlytrans@*/ else if (!(headerGetEntry(h, RPMTAG_ARCH, &type, ap, &count) && type == RPM_STRING_TYPE && count == 1)) *ap = NULL; } -/*@=boundswrite@*/ return 0; } @@ -189,10 +196,8 @@ if (hge(h, RPMTAG_FILECOLORS, NULL, &fcolors, &ncolors) && fcolors != NULL && ncolors > 0) { -/*@-boundsread@*/ for (i = 0; i < ncolors; i++) hcolor |= fcolors[i]; -/*@=boundsread@*/ } hcolor &= 0x0f; @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/hdrfmt.c ============================================================================ $ cvs diff -u -r1.6 -r1.7 hdrfmt.c --- rpm/rpmdb/hdrfmt.c 9 Sep 2007 19:06:51 -0000 1.6 +++ rpm/rpmdb/hdrfmt.c 30 Sep 2007 17:29:05 -0000 1.7 @@ -20,9 +20,9 @@ /*@access pgpDig @*/ /*@access pgpDigParams @*/ -/*@-boundswrite@*/ /* XXX FIXME: static for now, refactor from manifest.c later. */ static char * rpmPermsString(int mode) + /*@*/ { char *perms = xstrdup("----------"); @@ -68,7 +68,6 @@ return perms; } -/*@=boundswrite@*/ /** * Identify type of trigger. * @param type tag type @@ -122,9 +121,7 @@ val = xstrdup(_("(invalid type)")); } else { val = xmalloc(15 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "s"); -/*@=boundswrite@*/ buf = rpmPermsString(*((int_32 *) data)); /*@-formatconst@*/ sprintf(val, formatPrefix, buf); @@ -157,7 +154,6 @@ val = xstrdup(_("(invalid type)")); } else { buf[0] = '\0'; -/*@-boundswrite@*/ if (anint & RPMFILE_DOC) strcat(buf, "d"); if (anint & RPMFILE_CONFIG) @@ -174,12 +170,9 @@ strcat(buf, "l"); if (anint & RPMFILE_README) strcat(buf, "r"); -/*@=boundswrite@*/ val = xmalloc(5 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "s"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(val, formatPrefix, buf); /*@=formatconst@*/ @@ -223,8 +216,10 @@ enc = data; s = NULL; ns = 0; +/*@-moduncon@*/ if (b64decode(enc, (void **)&s, &ns)) return xstrdup(_("(not base64)")); +/*@=moduncon@*/ atype = PGPARMOR_PUBKEY; /* XXX check pkt for pubkey */ break; case RPM_NULL_TYPE: @@ -272,7 +267,6 @@ size_t ns = element; size_t nt = ((ns + 2) / 3) * 4; -/*@-boundswrite@*/ /*@-globs@*/ /* Add additional bytes necessary for eol string(s). */ if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) { @@ -289,16 +283,19 @@ /* XXX b64encode accesses uninitialized memory. */ { unsigned char * _data = xcalloc(1, ns+1); memcpy(_data, data, ns); +/*@-moduncon@*/ if ((enc = b64encode(_data, ns)) != NULL) { t = stpcpy(t, enc); enc = _free(enc); } +/*@=moduncon@*/ _data = _free(_data); } -/*@=boundswrite@*/ } +/*@-globstate@*/ return val; +/*@=globstate@*/ } /** @@ -312,9 +309,7 @@ size_t len = 0; int c; -/*@-boundsread@*/ while ((c = *s++) != '\0') -/*@=boundsread@*/ { switch (c) { case '<': @@ -338,7 +333,6 @@ char * te = t; int c; -/*@-bounds@*/ while ((c = *s++) != '\0') { switch (c) { case '<': te = stpcpy(te, "<"); /*@switchbreak@*/ break; @@ -348,7 +342,6 @@ } } *te = '\0'; -/*@=bounds@*/ return t; } @@ -361,7 +354,6 @@ * @param element (unused) * @return formatted string */ -/*@-bounds@*/ static /*@only@*/ char * xmlFormat(int_32 type, const void * data, char * formatPrefix, int padding, /*@unused@*/ int element) @@ -376,7 +368,6 @@ int freeit = 0; int xx; -/*@-branchstate@*/ switch (type) { case RPM_I18NSTRING_TYPE: case RPM_STRING_TYPE: @@ -390,19 +381,17 @@ case RPM_OPENPGP_TYPE: case RPM_ASN1_TYPE: case RPM_BIN_TYPE: +/*@-globs -mods@*/ { int cpl = b64encode_chars_per_line; -/*@-mods@*/ b64encode_chars_per_line = 0; -/*@=mods@*/ /*@-formatconst@*/ s = base64Format(type, data, formatPrefix, padding, element); /*@=formatconst@*/ -/*@-mods@*/ b64encode_chars_per_line = cpl; -/*@=mods@*/ xtag = "base64"; freeit = 1; } break; +/*@=globs =mods@*/ case RPM_CHAR_TYPE: case RPM_INT8_TYPE: anint = *((uint_8 *) data); @@ -422,9 +411,7 @@ return xstrdup(_("(invalid xml type)")); /*@notreached@*/ break; } -/*@=branchstate@*/ -/*@-branchstate@*/ if (s == NULL) { int tlen = 64; t = memset(alloca(tlen+1), 0, tlen+1); @@ -435,7 +422,6 @@ s = t; xtag = "integer"; } -/*@=branchstate@*/ nb = xmlstrlen(s); if (nb == 0) { @@ -451,16 +437,12 @@ te = stpcpy( stpcpy( stpcpy(te, "</"), xtag), ">"); } -/*@-branchstate@*/ if (freeit) s = _free(s); -/*@=branchstate@*/ nb += padding; val = xmalloc(nb+1); -/*@-boundswrite@*/ strcat(formatPrefix, "s"); -/*@=boundswrite@*/ /*@-formatconst@*/ xx = snprintf(val, nb, formatPrefix, t); /*@=formatconst@*/ @@ -468,7 +450,6 @@ return val; } -/*@=bounds@*/ /** * Return length of string represented with yaml indentation. @@ -483,9 +464,7 @@ int indent = (lvl > 0); int c; -/*@-boundsread@*/ while ((c = *s++) != '\0') -/*@=boundsread@*/ { if (indent) { len += 2 * lvl; @@ -512,7 +491,6 @@ int indent = (lvl > 0); int c; -/*@-bounds@*/ while ((c = *s++) != '\0') { if (indent) { int i; @@ -527,7 +505,6 @@ *te++ = c; } *te = '\0'; -/*@=bounds@*/ return t; } @@ -540,7 +517,6 @@ * @param element element index (or -1 for non-array). * @return formatted string */ -/*@-bounds@*/ static /*@only@*/ char * yamlFormat(int_32 type, const void * data, char * formatPrefix, int padding, int element) @@ -558,7 +534,6 @@ int xx; int c; -/*@-branchstate@*/ switch (type) { case RPM_I18NSTRING_TYPE: case RPM_STRING_TYPE: @@ -603,20 +578,18 @@ case RPM_OPENPGP_TYPE: case RPM_ASN1_TYPE: case RPM_BIN_TYPE: +/*@-globs -mods@*/ { int cpl = b64encode_chars_per_line; -/*@-mods@*/ b64encode_chars_per_line = 0; -/*@=mods@*/ /*@-formatconst@*/ s = base64Format(type, data, formatPrefix, padding, element); element = -element; /* XXX skip " " indent. */ /*@=formatconst@*/ -/*@-mods@*/ b64encode_chars_per_line = cpl; -/*@=mods@*/ xtag = "!!binary "; freeit = 1; } break; +/*@=globs =mods@*/ case RPM_CHAR_TYPE: case RPM_INT8_TYPE: anint = *((uint_8 *) data); @@ -636,9 +609,7 @@ return xstrdup(_("(invalid yaml type)")); /*@notreached@*/ break; } -/*@=branchstate@*/ -/*@-branchstate@*/ if (s == NULL) { int tlen = 64; t = memset(alloca(tlen+1), 0, tlen+1); @@ -648,7 +619,6 @@ s = t; xtag = (element >= 0 ? "- " : NULL); } -/*@=branchstate@*/ nb = yamlstrlen(s, lvl); if (nb == 0) { @@ -680,16 +650,12 @@ } /* XXX s was malloc'd */ -/*@-branchstate@*/ if (freeit) s = _free(s); -/*@=branchstate@*/ nb += padding; val = xmalloc(nb+1); -/*@-boundswrite@*/ strcat(formatPrefix, "s"); -/*@=boundswrite@*/ /*@-formatconst@*/ xx = snprintf(val, nb, formatPrefix, t); /*@=formatconst@*/ @@ -697,7 +663,6 @@ return val; } -/*@=bounds@*/ /** * Display signature fingerprint and time. @@ -721,9 +686,7 @@ } else { unsigned char * pkt = (byte *) data; unsigned int pktlen = 0; -/*@-boundsread@*/ unsigned int v = *pkt; -/*@=boundsread@*/ pgpTag tag = 0; unsigned int plen; unsigned int hlen = 0; @@ -756,7 +719,6 @@ nb += 100; val = t = xrealloc(val, nb + 1); -/*@-boundswrite@*/ switch (sigp->pubkey_algo) { case PGPPUBKEYALGO_DSA: t = stpcpy(t, "DSA"); @@ -803,7 +765,6 @@ if (t + strlen (tempstr) > val + nb) goto again; t = stpcpy(t, tempstr); -/*@=boundswrite@*/ dig = pgpFreeDig(dig); } @@ -837,7 +798,6 @@ t = buf = alloca(32); *t = '\0'; -/*@-boundswrite@*/ #ifdef NOTYET /* XXX appending markers breaks :depflags format. */ if (anint & RPMSENSE_SCRIPT_PRE) t = stpcpy(t, "(pre)"); @@ -859,12 +819,9 @@ if (anint & RPMSENSE_SENSEMASK) *t++ = ' '; *t = '\0'; -/*@=boundswrite@*/ val = xmalloc(5 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "s"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(val, formatPrefix, buf); /*@=formatconst@*/ @@ -900,9 +857,7 @@ return 0; } else if (hge(h, RPMTAG_INSTPREFIXES, &ipt, &array, count)) { if (type) *type = RPM_STRING_TYPE; -/*@-boundsread@*/ if (data) *data = xstrdup(array[0]); -/*@=boundsread@*/ if (freeData) *freeData = 1; array = hfd(array, ipt); return 0; @@ -954,7 +909,6 @@ *data = conds = xmalloc(sizeof(*conds) * numScripts); *count = numScripts; *type = RPM_STRING_ARRAY_TYPE; -/*@-bounds@*/ for (i = 0; i < numScripts; i++) { chptr = xstrdup(""); @@ -980,7 +934,6 @@ conds[i] = chptr; } -/*@=bounds@*/ names = hfd(names, tnt); versions = hfd(versions, tvt); @@ -1026,7 +979,6 @@ *data = conds = xmalloc(sizeof(*conds) * numScripts); *count = numScripts; *type = RPM_STRING_ARRAY_TYPE; -/*@-bounds@*/ for (i = 0; i < numScripts; i++) { for (j = 0; j < numNames; j++) { if (indices[j] != i) @@ -1045,7 +997,6 @@ /*@innerbreak@*/ break; } } -/*@=bounds@*/ return 0; } @@ -1118,14 +1069,12 @@ #endif msgid = NULL; - /*@-branchstate@*/ for (domain = dstring; domain != NULL; domain = de) { de = strchr(domain, ':'); if (de) *de++ = '\0'; msgid = /*@-unrecog@*/ dgettext(domain, msgkey) /*@=unrecog@*/; if (msgid != msgkey) break; } - /*@=branchstate@*/ /* restore previous environment for msgid -> msgstr resolution */ if (langval) @@ -1304,6 +1253,7 @@ * @retval *freeData data-was-malloc'ed indicator * @return 0 on success */ +/*@-globuse@*/ static int dbinstanceTag(Header h, /*@out@*/ rpmTagType * type, /*@out@*/ const void ** data, /*@out@*/ int_32 * count, /*@out@*/ int * freeData) @@ -1325,6 +1275,7 @@ return 0; } +/*@=globuse@*/ /** * Return (malloc'd) header name-version-release.arch string. @@ -1333,7 +1284,7 @@ */ /*@only@*/ static char * hGetNVRA(Header h) - /*@modifies *np @*/ + /*@modifies h @*/ { const char * N = NULL; const char * V = NULL; @@ -1350,12 +1301,10 @@ nb++; NVRA = t = xmalloc(nb); *t = '\0'; -/*@-boundswrite@*/ if (N) t = stpcpy(t, N); if (V) t = stpcpy( stpcpy(t, "-"), V); if (R) t = stpcpy( stpcpy(t, "-"), R); if (A) t = stpcpy( stpcpy(t, "."), A); -/*@=boundswrite@*/ return NVRA; } @@ -1368,12 +1317,13 @@ * @retval *freeData data-was-malloc'ed indicator * @return 0 on success */ +/*@-globuse@*/ static int nvraTag(Header h, /*@out@*/ rpmTagType * type, /*@out@*/ const void ** data, /*@out@*/ int_32 * count, /*@out@*/ int * freeData) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies *type, *data, *count, *freeData, rpmGlobalMacroContext, + /*@modifies h, *type, *data, *count, *freeData, rpmGlobalMacroContext, fileSystem, internalState @*/ /*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0 /\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/ @@ -1385,6 +1335,7 @@ return 0; } +/*@=globuse@*/ /** * Retrieve file names from header. @@ -1447,7 +1398,6 @@ fileNames = xmalloc(size); t = ((char *) fileNames) + (sizeof(*fileNames) * count); - /*@-branchstate@*/ for (i = 0; i < count; i++) { const char * dn = NULL; fileNames[i] = t; @@ -1455,16 +1405,13 @@ t = stpcpy( stpcpy(t, dn), baseNames[i]); *t++ = '\0'; } - /*@=branchstate@*/ baseNames = hfd(baseNames, bnt); dirNames = hfd(dirNames, dnt); - /*@-branchstate@*/ if (fnp) *fnp = fileNames; else fileNames = _free(fileNames); - /*@=branchstate@*/ if (fcp) *fcp = count; } @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/hdrinline.h ============================================================================ $ cvs diff -u -r1.13 -r1.14 hdrinline.h --- rpm/rpmdb/hdrinline.h 8 Sep 2007 23:44:00 -0000 1.13 +++ rpm/rpmdb/hdrinline.h 30 Sep 2007 17:29:05 -0000 1.14 @@ -533,7 +533,7 @@ */ /*@unused@*/ static inline int headerGetMagic(/*@null@*/ Header h, unsigned char **magicp, size_t *nmagicp) - /*@*/ + /*@modifies *magicp, *nmagicp @*/ { return hdrVec->hdrgetmagic(h, magicp, nmagicp); } @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/header.c ============================================================================ $ cvs diff -u -r1.65 -r1.66 header.c --- rpm/rpmdb/header.c 8 Sep 2007 23:44:00 -0000 1.65 +++ rpm/rpmdb/header.c 30 Sep 2007 17:29:05 -0000 1.66 @@ -20,6 +20,7 @@ /*@unchecked@*/ int _hdr_debug = 0; +/*@unchecked@*/ int _newmagic = 0; /*@access entryInfo @*/ @@ -88,14 +89,17 @@ */ /*@unchecked@*/ int _hdr_stats = 0; + +/*@-compmempass@*/ /*@unchecked@*/ static struct rpmop_s hdr_loadops; -/*@unchecked@*/ +/*@unchecked@*/ /*@relnull@*/ rpmop _hdr_loadops = &hdr_loadops; /*@unchecked@*/ static struct rpmop_s hdr_getops; -/*@unchecked@*/ +/*@unchecked@*/ /*@relnull@*/ rpmop _hdr_getops = &hdr_getops; +/*@=compmempass@*/ /** \ingroup header * Return header stats accumulator structure. @@ -104,7 +108,7 @@ * @return per-header accumulator pointer */ static /*@null@*/ -void * headerGetStats(/*@null@*/ Header h, int opx) +void * headerGetStats(Header h, int opx) /*@*/ { rpmop op = NULL; @@ -192,12 +196,14 @@ } h->origin = _free(h->origin); +/*@-nullstate@*/ if (_hdr_stats) { if (_hdr_loadops) /* RPMTS_OP_HDRLOAD */ (void) rpmswAdd(_hdr_loadops, headerGetStats(h, 18)); if (_hdr_getops) /* RPMTS_OP_HDRGET */ (void) rpmswAdd(_hdr_getops, headerGetStats(h, 19)); } +/*@=nullstate@*/ /*@-refcounttrans@*/ h = _free(h); /*@=refcounttrans@*/ return h; @@ -255,9 +261,7 @@ /*@modifies h @*/ { if (!(h->flags & HEADERFLAG_SORTED)) { -/*@-boundsread@*/ qsort(h->index, h->indexUsed, sizeof(*h->index), indexCmp); -/*@=boundsread@*/ h->flags |= HEADERFLAG_SORTED; } } @@ -289,9 +293,7 @@ void headerUnsort(Header h) /*@modifies h @*/ { -/*@-boundsread@*/ qsort(h->index, h->indexUsed, sizeof(*h->index), offsetCmp); -/*@=boundsread@*/ } /** \ingroup header @@ -340,7 +342,6 @@ /* Alignment */ type = entry->info.type; -/*@-boundsread@*/ if (typeSizes[type] > 1) { diff = typeSizes[type] - (size % typeSizes[type]); if (diff != typeSizes[type]) { @@ -348,7 +349,6 @@ pad += diff; } } -/*@=boundsread@*/ /*@-sizeoftype@*/ size += sizeof(struct entryInfo_s) + entry->length; @@ -379,13 +379,11 @@ case RPM_STRING_TYPE: if (count != 1) return -1; -/*@-boundsread@*/ while (*s++) { if (se && s > se) return -1; length++; } -/*@=boundsread@*/ length++; /* count nul terminator too. */ break; @@ -397,31 +395,25 @@ if (onDisk) { while (count--) { length++; /* count nul terminator too */ -/*@-boundsread@*/ while (*s++) { if (se && s > se) return -1; length++; } -/*@=boundsread@*/ } } else { const char ** av = (const char **)p; -/*@-boundsread@*/ while (count--) { /* add one for null termination */ length += strlen(*av++) + 1; } -/*@=boundsread@*/ } break; default: -/*@-boundsread@*/ if (typeSizes[type] == -1) return -1; length = typeSizes[(type & 0xf)] * count; -/*@=boundsread@*/ if (length < 0 || (se && (s + length) > se)) return -1; break; @@ -469,9 +461,7 @@ int tl = dl; struct indexEntry_s ieprev; -/*@-boundswrite@*/ memset(&ieprev, 0, sizeof(ieprev)); -/*@=boundswrite@*/ for (; il > 0; il--, pe++) { struct indexEntry_s ie; int_32 type; @@ -487,10 +477,8 @@ return -1; if (hdrchkData(ie.info.offset)) return -1; -/*@-boundsread@*/ if (hdrchkAlign(ie.info.type, ie.info.offset)) return -1; -/*@=boundsread@*/ ie.data = t = dataStart + ie.info.offset; if (dataEnd && t >= dataEnd) @@ -504,15 +492,12 @@ if (entry) { ie.info.offset = regionid; -/*@-boundswrite@*/ *entry = ie; /* structure assignment */ -/*@=boundswrite@*/ entry++; } /* Alignment */ type = ie.info.type; -/*@-boundsread@*/ if (typeSizes[type] > 1) { unsigned diff; diff = typeSizes[type] - (dl % typeSizes[type]); @@ -522,7 +507,6 @@ ieprev.length += diff; } } -/*@=boundsread@*/ tdel = (tprev ? (t - tprev) : 0); if (ieprev.info.type == RPM_I18NSTRING_TYPE) tdel = ieprev.length; @@ -540,7 +524,6 @@ /* Perform endian conversions */ switch (ntohl(pe->type)) { -/*@-bounds@*/ case RPM_INT64_TYPE: { int_64 * it = (int_64 *)t; int_32 b[2]; @@ -572,7 +555,6 @@ } t = (unsigned char *) it; } /*@switchbreak@*/ break; -/*@=bounds@*/ default: t += ie.length; /*@switchbreak@*/ break; @@ -704,11 +686,9 @@ len = sizeof(il) + sizeof(dl) + (il * sizeof(*pe)) + dl; -/*@-boundswrite@*/ ei = xmalloc(len); ei[0] = htonl(il); ei[1] = htonl(dl); -/*@=boundswrite@*/ pe = (entryInfo) &ei[2]; dataStart = te = (char *) (pe + il); @@ -741,10 +721,8 @@ int_32 stei[4]; legacy = 1; -/*@-boundswrite@*/ memcpy(pe+1, src, rdl); memcpy(te, src + rdl, rdlen); -/*@=boundswrite@*/ te += rdlen; pe->offset = htonl(te - dataStart); @@ -752,9 +730,7 @@ stei[1] = pe->type; stei[2] = htonl(-rdl-entry->info.count); stei[3] = pe->count; -/*@-boundswrite@*/ memcpy(te, stei, entry->info.count); -/*@=boundswrite@*/ te += entry->info.count; ril++; rdlen += entry->info.count; @@ -765,10 +741,8 @@ } else { -/*@-boundswrite@*/ memcpy(pe+1, src + sizeof(*pe), ((ril-1) * sizeof(*pe))); memcpy(te, src + (ril * sizeof(*pe)), rdlen+entry->info.count+drlen); -/*@=boundswrite@*/ te += rdlen; { /*@-castexpose@*/ entryInfo se = (entryInfo)src; @@ -804,9 +778,7 @@ unsigned diff; diff = typeSizes[type] - ((te - dataStart) % typeSizes[type]); if (diff != typeSizes[type]) { -/*@-boundswrite@*/ memset(te, 0, diff); -/*@=boundswrite@*/ te += diff; pad += diff; } @@ -815,7 +787,6 @@ pe->offset = htonl(te - dataStart); /* copy data w/ endian conversions */ -/*@-boundswrite@*/ switch (entry->info.type) { case RPM_INT64_TYPE: { int_32 b[2]; @@ -862,7 +833,6 @@ te += entry->length; /*@switchbreak@*/ break; } -/*@=boundswrite@*/ pe++; } @@ -909,10 +879,8 @@ key.info.tag = tag; -/*@-boundswrite@*/ entry2 = entry = bsearch(&key, h->index, h->indexUsed, sizeof(*h->index), indexCmp); -/*@=boundswrite@*/ if (entry == NULL) return NULL; @@ -979,10 +947,8 @@ if (ne > 0) { h->indexUsed -= ne; ne = last - first; -/*@-boundswrite@*/ if (ne > 0) memmove(entry, first, (ne * sizeof(*entry))); -/*@=boundswrite@*/ } return 0; @@ -1139,12 +1105,10 @@ } /* If any duplicate entries were replaced, move new entries down. */ -/*@-boundswrite@*/ if (h->indexUsed < (save - ne)) { memmove(h->index + h->indexUsed, firstEntry, (ne * sizeof(*entry))); } -/*@=boundswrite@*/ h->indexUsed += ne; } } @@ -1183,7 +1147,7 @@ */ static int headerGetMagic(/*@null@*/ Header h, unsigned char **magicp, size_t *nmagicp) - /*@*/ + /*@modifies *magicp, *nmagicp @*/ { unsigned char * hmagic = (_newmagic ? meta_magic : header_magic); if (magicp) @@ -1209,7 +1173,7 @@ if (h) { memset(h->magic, 0, sizeof(h->magic)); if (nmagic > 0) - memcpy(h->magic, magic, nmagic); + memmove(h->magic, magic, nmagic); } return 0; } @@ -1283,9 +1247,7 @@ { Header nh; /*@-onlytrans@*/ -/*@-boundswrite@*/ void * uh = headerUnload(h, NULL); -/*@=boundswrite@*/ const char * origin; int_32 instance = h->instance; int xx; @@ -1304,10 +1266,8 @@ uh = _free(uh); nh->flags |= HEADERFLAG_ALLOCATED; if (ENTRY_IS_REGION(nh->index)) { -/*@-boundswrite@*/ if (tag == HEADER_SIGNATURES || tag == HEADER_IMMUTABLE) nh->index[0].info.tag = tag; -/*@=boundswrite@*/ } if (origin != NULL) { xx = headerSetOrigin(nh, origin); @@ -1327,10 +1287,8 @@ /*@*/ { int_32 * ei = (int_32 *) uh; -/*@-boundsread@*/ int_32 il = ntohl(ei[0]); /* index length */ int_32 dl = ntohl(ei[1]); /* data length */ -/*@=boundsread@*/ /*@-sizeoftype@*/ size_t pvlen = sizeof(il) + sizeof(dl) + (il * sizeof(struct entryInfo_s)) + dl; @@ -1339,19 +1297,13 @@ Header h = NULL; /* Sanity checks on header intro. */ - /*@-branchstate@*/ if (!(hdrchkTags(il) || hdrchkData(dl)) && pvlen < headerMaxbytes) { -/*@-boundsread@*/ nuh = memcpy(xmalloc(pvlen), uh, pvlen); -/*@=boundsread@*/ if ((h = headerLoad(nuh)) != NULL) h->flags |= HEADERFLAG_ALLOCATED; } - /*@=branchstate@*/ - /*@-branchstate@*/ if (h == NULL) nuh = _free(nuh); - /*@=branchstate@*/ return h; } @@ -1362,7 +1314,7 @@ */ static /*@null@*/ Header headerRead(void * _fd) - /*@modifies fd @*/ + /*@modifies _fd @*/ { FD_t fd = _fd; int_32 block[4]; @@ -1386,7 +1338,6 @@ i = 0; -/*@-boundsread@*/ { /* XXX HEADER_MAGIC_YES */ magic = block[i++]; if (!( !memcmp(&magic, header_magic, sizeof(magic)) @@ -1399,7 +1350,6 @@ il = ntohl(block[i]); i++; dl = ntohl(block[i]); i++; -/*@=boundsread@*/ /*@-sizeoftype@*/ len = sizeof(il) + sizeof(dl) + (il * sizeof(struct entryInfo_s)) + dl; @@ -1409,19 +1359,15 @@ if (hdrchkTags(il) || hdrchkData(dl) || len > headerMaxbytes) goto exit; -/*@-boundswrite@*/ ei = xmalloc(len); ei[0] = htonl(il); ei[1] = htonl(dl); len -= sizeof(il) + sizeof(dl); -/*@=boundswrite@*/ -/*@-boundsread@*/ /*@-type@*/ /* FIX: cast? */ if (timedRead(fd, (char *)&ei[2], len) != len) goto exit; /*@=type@*/ -/*@=boundsread@*/ h = headerLoad(ei); @@ -1451,7 +1397,7 @@ static int headerWrite(void * _fd, /*@null@*/ Header h) /*@globals fileSystem @*/ - /*@modifies fd, h, fileSystem @*/ + /*@modifies _fd, h, fileSystem @*/ { FD_t fd = _fd; ssize_t nb; @@ -1460,9 +1406,7 @@ if (h == NULL) return 1; -/*@-boundswrite@*/ uh = headerUnload(h, &length); -/*@=boundswrite@*/ if (uh == NULL) return 1; { /* XXX HEADER_MAGIC_YES */ @@ -1472,11 +1416,9 @@ memcpy(mymagic, header_magic, sizeof(header_magic)); if (_newmagic && length > 8+3) mymagic[3] = ((unsigned char *)uh)[8+3]; -/*@-boundsread@*/ /*@-sizeoftype@*/ nb = Fwrite(mymagic, sizeof(char), sizeof(mymagic), fd); /*@=sizeoftype@*/ -/*@=boundsread@*/ if (nb != sizeof(header_magic)) goto exit; } @@ -1540,9 +1482,7 @@ /*@-castexpose@*/ entryInfo pe = (entryInfo) (ei + 2); /*@=castexpose@*/ -/*@-boundsread@*/ unsigned char * dataStart = (unsigned char *) (pe + ntohl(ei[0])); -/*@=boundsread@*/ int_32 rdl = -entry->info.offset; /* negative offset */ int_32 ril = rdl/sizeof(*pe); @@ -1557,7 +1497,6 @@ rdl += REGION_TAG_COUNT; } -/*@-bounds@*/ *p = xmalloc(count); ei = (int_32 *) *p; ei[0] = htonl(ril); @@ -1569,7 +1508,6 @@ dataStart = (unsigned char *) memcpy(pe + ril, dataStart, rdl); /*@=sizeoftype@*/ -/*@=bounds@*/ rc = regionSwab(NULL, ril, 0, pe, dataStart, NULL, 0); /* XXX 1 on success. */ @@ -1596,7 +1534,6 @@ char * t; int i; -/*@-bounds@*/ /*@-mods@*/ if (minMem) { *p = xmalloc(tableSize); @@ -1610,11 +1547,8 @@ memcpy(t, entry->data, entry->length); } /*@=mods@*/ -/*@=bounds@*/ for (i = 0; i < count; i++) { -/*@-boundswrite@*/ *ptrEntry++ = t; -/*@=boundswrite@*/ t = strchr(t, 0); t++; } @@ -1740,7 +1674,6 @@ return entry->data; /*@=mods@*/ -/*@-boundsread@*/ for (l = lang; *l != '\0'; l = le) { const char *td; char *ed; @@ -1763,7 +1696,6 @@ } } -/*@=boundsread@*/ return entry->data; } @@ -1830,7 +1762,6 @@ /*@modifies data @*/ { if (data) { - /*@-branchstate@*/ if (type == -1 || type == RPM_STRING_ARRAY_TYPE || type == RPM_I18NSTRING_TYPE || @@ -1838,13 +1769,14 @@ type == RPM_ASN1_TYPE || type == RPM_OPENPGP_TYPE) data = _free(data); - /*@=branchstate@*/ } return NULL; } +/*@-redecl@*/ /*@unchecked@*/ extern headerTagIndices rpmTags; +/*@=redecl@*/ /** * Return tag name from value. @@ -1877,6 +1809,7 @@ /*@null@*/ /*@out@*/ hTYP_t type, /*@null@*/ /*@out@*/ void * p, /*@null@*/ /*@out@*/ hCNT_t c) + /*@globals headerCompoundFormats @*/ /*@modifies *type, *p, *c @*/ /*@requires maxSet(type) >= 0 /\ maxSet(p) >= 0 /\ maxSet(c) >= 0 @*/ { @@ -2009,7 +1942,6 @@ { const char ** av = (const char **) srcPtr; char * t = dstPtr; -/*@-bounds@*/ while (cnt-- > 0 && dataLength > 0) { const char * s; if ((s = *av++) == NULL) @@ -2018,13 +1950,10 @@ *t++ = *s++; } while (s[-1] && --dataLength > 0); } -/*@=bounds@*/ } break; default: -/*@-boundswrite@*/ memmove(dstPtr, srcPtr, dataLength); -/*@=boundswrite@*/ break; } } @@ -2047,12 +1976,10 @@ int length; length = dataLength(type, p, c, 0, NULL); -/*@-branchstate@*/ if (length > 0) { data = xmalloc(length); copyData(type, data, p, c, length); } -/*@=branchstate@*/ if (lenp) *lenp = length; @@ -2091,9 +2018,7 @@ return 0; length = 0; -/*@-boundswrite@*/ data = grabData(type, p, c, &length); -/*@=boundswrite@*/ if (data == NULL || length <= 0) return 0; @@ -2112,10 +2037,8 @@ entry->data = data; entry->length = length; -/*@-boundsread@*/ if (h->indexUsed > 0 && tag < h->index[h->indexUsed-1].info.tag) h->flags &= ~HEADERFLAG_SORTED; -/*@=boundsread@*/ h->indexUsed++; return 1; @@ -2159,9 +2082,7 @@ if (ENTRY_IN_REGION(entry)) { char * t = xmalloc(entry->length + length); -/*@-bounds@*/ memcpy(t, entry->data, entry->length); -/*@=bounds@*/ entry->data = t; entry->info.offset = 0; } else @@ -2254,9 +2175,7 @@ if (!table) return 0; - /*@-branchstate@*/ if (!lang) lang = "C"; - /*@=branchstate@*/ { const char * l = table->data; for (langNum = 0; langNum < table->info.count; langNum++) { @@ -2393,12 +2312,10 @@ entry->data = data; entry->length = length; - /*@-branchstate@*/ if (ENTRY_IN_REGION(entry)) { entry->info.offset = 0; } else oldData = _free(oldData); - /*@=branchstate@*/ return 1; } @@ -2436,21 +2353,17 @@ for (i = 0; i < num; i++) { switch (format[i].type) { case PTOK_ARRAY: -/*@-boundswrite@*/ format[i].u.array.format = freeFormat(format[i].u.array.format, format[i].u.array.numTokens); -/*@=boundswrite@*/ /*@switchbreak@*/ break; case PTOK_COND: -/*@-boundswrite@*/ format[i].u.cond.ifFormat = freeFormat(format[i].u.cond.ifFormat, format[i].u.cond.numIfTokens); format[i].u.cond.elseFormat = freeFormat(format[i].u.cond.elseFormat, format[i].u.cond.numElseTokens); -/*@=boundswrite@*/ /*@switchbreak@*/ break; case PTOK_NONE: case PTOK_TAG: @@ -2567,7 +2480,6 @@ int_32 tag, type, count; hPTR_t ptr; - /*@-branchstate@*/ for (hi = headerInitIterator(h); headerNextIterator(hi, &tag, &type, &ptr, &count); ptr = headerFreeData((void *)ptr, type)) @@ -2575,7 +2487,6 @@ if (ptr) (void) headerAddEntry(nh, tag, type, ptr, count); } hi = headerFreeIterator(hi); - /*@=branchstate@*/ return headerReload(nh, HEADER_IMAGE); } @@ -2654,11 +2565,9 @@ int_32 type; int_32 count; -/*@-boundswrite@*/ if (!headerNextIterator(hsa->hi, &tagno, &type, NULL, &count)) fmt = NULL; tag->tag = tagno; -/*@=boundswrite@*/ } } @@ -2714,7 +2623,7 @@ /*@observer@*/ /*@null@*/ static const char * myTagName(headerTagTableEntry tbl, int val, /*@null@*/ int *typep) - /*@*/ + /*@modifies *typep @*/ { static char name[128]; const char * s; @@ -2780,15 +2689,11 @@ goto bingo; } -/*@-branchstate@*/ if (strncmp("RPMTAG_", name, sizeof("RPMTAG_")-1)) { -/*@-boundswrite@*/ char * t = alloca(strlen(name) + sizeof("RPMTAG_")); (void) stpcpy( stpcpy(t, "RPMTAG_"), name); name = t; -/*@=boundswrite@*/ } -/*@=branchstate@*/ /* Search extensions for specific tag override. */ for (ext = exts, extNum = 0; ext != NULL && ext->type != HEADER_EXT_LAST; @@ -2892,29 +2797,23 @@ /*@=temptrans =assignexpose@*/ } start++; -/*@-boundswrite@*/ *dst++ = *start++; -/*@=boundswrite@*/ /*@switchbreak@*/ break; } token = format + numTokens++; -/*@-boundswrite@*/ *dst++ = '\0'; -/*@=boundswrite@*/ start++; if (*start == '|') { char * newEnd; start++; -/*@-boundswrite@*/ if (parseExpression(hsa, token, start, &newEnd)) { format = freeFormat(format, numTokens); return 1; } -/*@=boundswrite@*/ start = newEnd; /*@switchbreak@*/ break; } @@ -2934,9 +2833,7 @@ return 1; } -/*@-boundswrite@*/ *chptr++ = '\0'; -/*@=boundswrite@*/ while (start < chptr) { if (xisdigit(*start)) { @@ -2963,17 +2860,13 @@ format = freeFormat(format, numTokens); return 1; } -/*@-boundswrite@*/ *next++ = '\0'; -/*@=boundswrite@*/ chptr = start; while (*chptr && *chptr != ':') chptr++; if (*chptr != '\0') { -/*@-boundswrite@*/ *chptr++ = '\0'; -/*@=boundswrite@*/ if (!*chptr) { hsa->errmsg = _("empty tag format"); format = freeFormat(format, numTokens); @@ -3005,13 +2898,10 @@ /*@switchbreak@*/ break; case '[': -/*@-boundswrite@*/ *dst++ = '\0'; *start++ = '\0'; -/*@=boundswrite@*/ token = format + numTokens++; -/*@-boundswrite@*/ if (parseFormat(hsa, start, &token->u.array.format, &token->u.array.numTokens, @@ -3020,7 +2910,6 @@ format = freeFormat(format, numTokens); return 1; } -/*@=boundswrite@*/ if (!start) { hsa->errmsg = _("] expected at end of array"); @@ -3040,9 +2929,7 @@ format = freeFormat(format, numTokens); return 1; } -/*@-boundswrite@*/ *start++ = '\0'; -/*@=boundswrite@*/ if (endPtr) *endPtr = start; done = 1; /*@switchbreak@*/ break; @@ -3053,9 +2940,7 @@ format = freeFormat(format, numTokens); return 1; } -/*@-boundswrite@*/ *start++ = '\0'; -/*@=boundswrite@*/ if (endPtr) *endPtr = start; done = 1; /*@switchbreak@*/ break; @@ -3069,14 +2954,12 @@ /*@=temptrans =assignexpose@*/ } -/*@-boundswrite@*/ if (*start == '\\') { start++; *dst++ = escapedChar(*start++); } else { *dst++ = *start++; } -/*@=boundswrite@*/ /*@switchbreak@*/ break; } if (done) @@ -3084,10 +2967,8 @@ } /*@=infloops@*/ -/*@-boundswrite@*/ if (dst != NULL) *dst = '\0'; -/*@=boundswrite@*/ for (i = 0; i < numTokens; i++) { token = format + i; @@ -3101,7 +2982,6 @@ return 0; } -/*@-boundswrite@*/ static int parseExpression(headerSprintfArgs hsa, sprintfToken token, char * str, /*@out@*/ char ** endPtr) { @@ -3199,7 +3079,6 @@ return 0; } -/*@=boundswrite@*/ /** * Call a header extension only once, saving results. @@ -3258,22 +3137,18 @@ memset(buf, 0, sizeof(buf)); if (tag->ext) { -/*@-boundswrite -branchstate @*/ if (getExtension(hsa, tag->ext, &type, &data, &count, hsa->ec + tag->extNum)) { count = 1; type = RPM_STRING_TYPE; data = "(none)"; } -/*@=boundswrite =branchstate @*/ } else { -/*@-boundswrite -branchstate @*/ if (!headerGetEntry(hsa->h, tag->tag, &type, &data, &count)) { count = 1; type = RPM_STRING_TYPE; data = "(none)"; } -/*@=boundswrite =branchstate @*/ /* XXX this test is unnecessary, array sizes are checked */ switch (type) { @@ -3297,10 +3172,10 @@ } if (tag->arrayCount) { - /*@-branchstate -observertrans -modobserver@*/ +/*@-modobserver -observertrans@*/ if (datafree) data = headerFreeData(data, type); - /*@=branchstate =observertrans =modobserver@*/ +/*@=modobserver =observertrans@*/ countBuf = count; data = &countBuf; @@ -3308,11 +3183,8 @@ type = RPM_INT32_TYPE; } -/*@-boundswrite@*/ (void) stpcpy( stpcpy(buf, "%"), tag->format); -/*@=boundswrite@*/ - /*@-branchstate@*/ if (data) switch (type) { case RPM_STRING_ARRAY_TYPE: @@ -3416,7 +3288,6 @@ static char hex[] = "0123456789abcdef"; const char * s = data; -/*@-boundswrite@*/ need = 2*count + tag->pad; val = t = xmalloc(need+1); while (count-- > 0) { @@ -3426,7 +3297,6 @@ *t++ = hex[ (i ) & 0xf ]; } *t = '\0'; -/*@=boundswrite@*/ #endif } break; @@ -3436,23 +3306,18 @@ val = xstrdup("(unknown type)"); break; } - /*@=branchstate@*/ - /*@-branchstate -observertrans -modobserver@*/ +/*@-modobserver -observertrans@*/ if (datafree) data = headerFreeData(data, type); - /*@=branchstate =observertrans =modobserver@*/ +/*@=modobserver =observertrans@*/ - /*@-branchstate@*/ if (val && need > 0) { t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(t, val); -/*@=boundswrite@*/ hsa->vallen += (te - t); val = _free(val); } - /*@=branchstate@*/ return (hsa->val + hsa->vallen); } @@ -3489,9 +3354,7 @@ need = token->u.string.len; if (need == 0) break; t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(t, token->u.string.string); -/*@=boundswrite@*/ hsa->vallen += (te - t); break; @@ -3533,16 +3396,12 @@ spft->u.tag.justOne) continue; if (spft->u.tag.ext) { -/*@-boundswrite@*/ if (getExtension(hsa, spft->u.tag.ext, &type, NULL, &count, hsa->ec + spft->u.tag.extNum)) continue; -/*@=boundswrite@*/ } else { -/*@-boundswrite@*/ if (!headerGetEntry(hsa->h, spft->u.tag.tag, &type, NULL, &count)) continue; -/*@=boundswrite@*/ } if (type == RPM_BIN_TYPE || type == RPM_ASN1_TYPE || type == RPM_OPENPGP_TYPE) @@ -3569,9 +3428,7 @@ #ifdef DYING /* XXX lots of pugly "(none)" lines with --conflicts. */ need = sizeof("(none)\n") - 1; t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(t, "(none)\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); #endif } else { @@ -3598,9 +3455,7 @@ } need = sizeof(" <rpmTag name=\"\">\n") + strlen(tagN); te = t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy( stpcpy( stpcpy(te, " <rpmTag name=\""), tagN), "\">\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); } if (isyaml) { @@ -3617,7 +3472,6 @@ } need = sizeof(" : - ") + strlen(tagN); te = t = hsaReserve(hsa, need); -/*@-boundswrite@*/ *te++ = ' '; *te++ = ' '; te = stpcpy(te, tagN); @@ -3632,7 +3486,6 @@ te = stpcpy(te, "- "); } *te = '\0'; -/*@=boundswrite@*/ hsa->vallen += (te - t); } @@ -3650,18 +3503,14 @@ if (isxml) { need = sizeof(" </rpmTag>\n") - 1; te = t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(te, " </rpmTag>\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); } if (isyaml) { #if 0 need = sizeof("\n") - 1; te = t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(te, "\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); #endif } @@ -3688,7 +3537,9 @@ for (ext = exts, extNum = 0; ext != NULL && ext->type != HEADER_EXT_LAST; ext = (ext->type == HEADER_EXT_MORE ? ext->u.more : ext+1), extNum++) + { ; + } ec = xcalloc(extNum, sizeof(*ec)); return ec; @@ -3710,9 +3561,7 @@ for (ext = exts, extNum = 0; ext != NULL && ext->type != HEADER_EXT_LAST; ext = (ext->type == HEADER_EXT_MORE ? ext->u.more : ext+1), extNum++) { -/*@-boundswrite@*/ if (ec[extNum].freeit) ec[extNum].data = _free(ec[extNum].data); -/*@=boundswrite@*/ } ec = _free(ec); @@ -3754,10 +3603,8 @@ /*@=castexpose@*/ hsa->errmsg = NULL; -/*@-boundswrite@*/ if (parseFormat(hsa, hsa->fmt, &hsa->format, &hsa->numTokens, NULL, PARSER_BEGIN)) goto exit; -/*@=boundswrite@*/ hsa->ec = rpmecNew(hsa->exts); hsa->val = xstrdup(""); @@ -3774,17 +3621,13 @@ if (isxml) { need = sizeof("<rpmHeader>\n") - 1; t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(t, "<rpmHeader>\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); } if (isyaml) { need = sizeof("- !!omap\n") - 1; t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(t, "- !!omap\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); } @@ -3801,17 +3644,13 @@ if (isxml) { need = sizeof("</rpmHeader>\n") - 1; t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(t, "</rpmHeader>\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); } if (isyaml) { need = sizeof("\n") - 1; t = hsaReserve(hsa, need); -/*@-boundswrite@*/ te = stpcpy(t, "\n"); -/*@=boundswrite@*/ hsa->vallen += (te - t); } @@ -3848,17 +3687,13 @@ if (type == RPM_INT32_TYPE) { val = xmalloc(20 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "o"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(val, formatPrefix, *((int_32 *) data)); /*@=formatconst@*/ } else if (type == RPM_INT64_TYPE) { val = xmalloc(40 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "llo"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(val, formatPrefix, *((int_64 *) data)); /*@=formatconst@*/ @@ -3885,17 +3720,13 @@ if (type == RPM_INT32_TYPE) { val = xmalloc(20 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "x"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(val, formatPrefix, *((int_32 *) data)); /*@=formatconst@*/ } else if (type == RPM_INT64_TYPE) { val = xmalloc(40 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "llx"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(val, formatPrefix, *((int_64 *) data)); /*@=formatconst@*/ @@ -3929,9 +3760,7 @@ char buf[50]; val = xmalloc(50 + padding); -/*@-boundswrite@*/ strcat(formatPrefix, "s"); -/*@=boundswrite@*/ /* this is important if sizeof(int_32) ! sizeof(time_t) */ { time_t dateint = *((int_32 *) data); @@ -3999,30 +3828,23 @@ if (type == RPM_INT32_TYPE) { result = xmalloc(padding + 20); -/*@-boundswrite@*/ strcat(formatPrefix, "d"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(result, formatPrefix, *((int_32 *) data)); /*@=formatconst@*/ } else if (type == RPM_INT64_TYPE) { result = xmalloc(padding + 40); -/*@-boundswrite@*/ strcat(formatPrefix, "lld"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(result, formatPrefix, *((int_64 *) data)); /*@=formatconst@*/ } else { buf = alloca(strlen(data) + padding + 2); -/*@-boundswrite@*/ strcat(formatPrefix, "s"); -/*@=boundswrite@*/ /*@-formatconst@*/ sprintf(buf, formatPrefix, data); /*@=formatconst@*/ -/*@-boundswrite@*/ result = dst = xmalloc(strlen(buf) * 4 + 3); *dst++ = '\''; for (src = buf; *src != '\0'; src++) { @@ -4037,7 +3859,6 @@ } *dst++ = '\''; *dst = '\0'; -/*@=boundswrite@*/ } @@ -4076,10 +3897,8 @@ int_32 count; if (headerIsEntry(headerTo, *p)) continue; -/*@-boundswrite@*/ if (!headerGetEntryMinMemory(headerFrom, *p, &type, &s, &count)) continue; -/*@=boundswrite@*/ (void) headerAddEntry(headerTo, *p, type, s, count); s = headerFreeData(s, type); } @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/header.h ============================================================================ $ cvs diff -u -r1.24 -r1.25 header.h --- rpm/rpmdb/header.h 29 Sep 2007 16:23:40 -0000 1.24 +++ rpm/rpmdb/header.h 30 Sep 2007 17:29:05 -0000 1.25 @@ -902,7 +902,7 @@ /*@null@*/ /*@out@*/ const char ** vp, /*@null@*/ /*@out@*/ const char ** rp, /*@null@*/ /*@out@*/ const char ** ap) - /*@modifies *np, *vp, *rp, *ap @*/; + /*@modifies h, *np, *vp, *rp, *ap @*/; /** * Return header color. @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/header_internal.c ============================================================================ $ cvs diff -u -r1.7 -r1.8 header_internal.c --- rpm/rpmdb/header_internal.c 8 Sep 2007 18:55:46 -0000 1.7 +++ rpm/rpmdb/header_internal.c 30 Sep 2007 17:29:05 -0000 1.8 @@ -17,7 +17,6 @@ entryInfo info = iv; int i; -/*@-boundsread@*/ for (i = 0; i < il; i++) { info->tag = ntohl(pe[i].tag); info->type = ntohl(pe[i].type); @@ -36,11 +35,9 @@ return i; } -/*@=boundsread@*/ return -1; } -/*@-boundswrite@*/ char ** headerGetLangs(Header h) { char **s, *e, **table; @@ -59,9 +56,7 @@ /*@-nullret@*/ return table; /*@=nullret@*/ /* LCL: double indirection? */ } -/*@=boundswrite@*/ -/*@-boundsread@*/ /*@-type@*/ /* FIX: shrug */ void headerDump(Header h, FILE *f, int flags, const struct headerTagTableEntry_s * tags) @@ -202,4 +197,3 @@ } /*@=type@*/ /*@=sizeoftype@*/ -/*@=boundsread@*/ @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/legacy.c ============================================================================ $ cvs diff -u -r1.33 -r1.34 legacy.c --- rpm/rpmdb/legacy.c 3 Aug 2007 19:22:12 -0000 1.33 +++ rpm/rpmdb/legacy.c 30 Sep 2007 17:29:05 -0000 1.34 @@ -41,6 +41,7 @@ * @retval fsizep file size * @return -1 on error, otherwise, an open file descriptor */ +/*@-compdef -moduncon -noeffectuncon @*/ static int open_dso(const char * path, /*@null@*/ pid_t * pidp, /*@null@*/ size_t *fsizep) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ /*@modifies *pidp, *fsizep, rpmGlobalMacroContext, @@ -56,7 +57,6 @@ initted++; } -/*@-boundswrite@*/ if (pidp) *pidp = 0; if (fsizep) { @@ -65,16 +65,13 @@ return -1; *fsizep = st->st_size; } -/*@=boundswrite@*/ fdno = open(path, O_RDONLY); if (fdno < 0) return fdno; -/*@-boundsread@*/ if (!(cmd && *cmd)) return fdno; -/*@=boundsread@*/ #if defined(HAVE_GELF_H) && defined(HAVE_LIBELF) { Elf *elf = NULL; @@ -96,7 +93,6 @@ /*@=evalorder@*/ bingo = 0; - /*@-branchstate -uniondef @*/ while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) { (void) gelf_getshdr(scn, &shdr); if (shdr.sh_type != SHT_DYNAMIC) @@ -106,7 +102,9 @@ int ndx; for (ndx = 0; ndx < maxndx; ++ndx) { +/*@-uniondef@*/ (void) gelf_getdyn (data, ndx, &dyn); +/*@=uniondef@*/ if (!(dyn.d_tag == DT_GNU_PRELINKED || dyn.d_tag == DT_GNU_LIBLIST)) /*@innercontinue@*/ continue; bingo = 1; @@ -114,9 +112,7 @@ } } } - /*@=branchstate =uniondef @*/ -/*@-boundswrite@*/ if (pidp != NULL && bingo) { int pipes[2]; pid_t pid; @@ -143,7 +139,6 @@ fdno = pipes[0]; xx = close(pipes[1]); } -/*@=boundswrite@*/ exit: if (elf) (void) elf_end(elf); @@ -152,6 +147,7 @@ return fdno; } +/*@=compdef =moduncon =noeffectuncon @*/ int dodigest(int digestalgo, const char * fn, unsigned char * digest, int asAscii, size_t *fsizep) { @@ -249,12 +245,10 @@ } exit: -/*@-boundswrite@*/ if (fsizep) *fsizep = fsize; if (!rc) memcpy(digest, dsum, dlen); -/*@=boundswrite@*/ dsum = _free(dsum); return rc; @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/merge.c ============================================================================ $ cvs diff -u -r1.8 -r1.9 merge.c --- rpm/rpmdb/merge.c 19 Jul 2007 07:24:27 -0000 1.8 +++ rpm/rpmdb/merge.c 30 Sep 2007 17:29:05 -0000 1.9 @@ -1,4 +1,4 @@ -/*@-bounds -mustmod -sizeoftype @*/ +/*@-mustmod -sizeoftype @*/ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. @@ -245,7 +245,6 @@ setup(list1, list2, nmemb, size, cmp); last = list2 + nmemb * size; i = big = 0; -/*@-branchstate@*/ while (*EVAL(list2) != last) { l2 = list1; p1 = EVAL(list1); @@ -347,7 +346,6 @@ /*@=dependenttrans@*/ last = list2 + nmemb*size; } -/*@=branchstate@*/ if (base == list2) { memmove(list2, list1, nmemb*size); list2 = list1; @@ -357,4 +355,4 @@ /*@=usereleased@*/ return (0); } -/*@=bounds =mustmod =sizeoftype @*/ +/*@=mustmod =sizeoftype @*/ @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/pkgio.c ============================================================================ $ cvs diff -u -r1.8 -r1.9 pkgio.c --- rpm/rpmdb/pkgio.c 29 Sep 2007 18:18:57 -0000 1.8 +++ rpm/rpmdb/pkgio.c 30 Sep 2007 17:29:05 -0000 1.9 @@ -28,8 +28,13 @@ #include <pkgio.h> #include "debug.h" +/*@access rpmts @*/ +/*@access pgpDig @*/ +/*@access pgpDigParams @*/ +/*@access Header @*/ /* XXX compared with NULL */ /*@access entryInfo @*/ /* XXX rdSignature */ /*@access indexEntry @*/ /* XXX rdSignature */ +/*@access FD_t @*/ /* XXX stealing digests */ /*@unchecked@*/ static int _print_pkts = 0; @@ -49,7 +54,9 @@ pgpDigParams rpmtsPubkey(const rpmts ts) { +/*@-onlytrans@*/ return pgpGetPubkey(rpmtsDig(ts)); +/*@=onlytrans@*/ } rpmRC rpmtsFindPubkey(rpmts ts, void * _dig) @@ -93,11 +100,12 @@ char * krn = alloca(strlen(krprefix) + sizeof("12345678")); long key; - snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4)); + (void) snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4)); krfp[sizeof(krfp)-1] = '\0'; *krn = '\0'; (void) stpcpy( stpcpy(krn, krprefix), krfp); +/*@-moduncon@*/ key = keyctl_search(keyring, "user", krn, 0); xx = keyctl_read(key, NULL, 0); if (xx > 0) { @@ -112,6 +120,7 @@ ts->pkpktlen = 0; } } +/*@=moduncon@*/ } #endif @@ -132,17 +141,16 @@ continue; hx = rpmdbGetIteratorOffset(mi); ix = rpmdbGetIteratorFileNum(mi); -/*@-boundsread@*/ +/*@-moduncon -nullstate @*/ if (ix >= pc || b64decode(pubkeys[ix], (void **) &ts->pkpkt, &ts->pkpktlen)) ix = -1; -/*@=boundsread@*/ +/*@=moduncon =nullstate @*/ pubkeys = headerFreeData(pubkeys, pt); break; } mi = rpmdbFreeIterator(mi); -/*@-branchstate@*/ if (ix >= 0) { char hnum[32]; sprintf(hnum, "h#%d", hx); @@ -151,7 +159,6 @@ ts->pkpkt = _free(ts->pkpkt); ts->pkpktlen = 0; } -/*@=branchstate@*/ } /* Try keyserver lookup. */ @@ -164,7 +171,6 @@ xx = (pgpReadPkts(fn,&ts->pkpkt,&ts->pkpktlen) != PGPARMOR_PUBKEY); } fn = _free(fn); -/*@-branchstate@*/ if (xx) { ts->pkpkt = _free(ts->pkpkt); ts->pkpktlen = 0; @@ -172,7 +178,6 @@ /* Save new pubkey in local ts keyring for delayed import. */ pubkeysource = xstrdup("keyserver"); } -/*@=branchstate@*/ } #ifdef NOTNOW @@ -218,18 +223,18 @@ char krfp[32]; char * krn = alloca(strlen(krprefix) + sizeof("12345678")); - snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4)); + (void) snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4)); krfp[sizeof(krfp)-1] = '\0'; *krn = '\0'; (void) stpcpy( stpcpy(krn, krprefix), krfp); +/*@-moduncon -noeffectuncon @*/ (void) add_key("user", krn, ts->pkpkt, ts->pkpktlen, keyring); +/*@=moduncon =noeffectuncon @*/ } #endif /* Pubkey packet looks good, save the signer id. */ -/*@-boundsread@*/ memcpy(ts->pksignid, pubp->signid, sizeof(ts->pksignid)); -/*@=boundsread@*/ if (pubkeysource) rpmMessage(RPMMESS_DEBUG, "========== %s pubkey id %08x %08x (%s)\n", @@ -268,8 +273,10 @@ if (ts != NULL) { const void * osig = pgpGetSig(rpmtsDig(ts)); int_32 osigtype = pgpGetSigtype(rpmtsDig(ts)); +/*@-modobserver -observertrans -dependenttrans @*/ /* FIX: pgpSetSig() lazy free. */ if (osig && osigtype) osig = headerFreeData(osig, osigtype); +/*@=modobserver =observertrans =dependenttrans @*/ ret = pgpSetSig(rpmtsDig(ts), sigtag, sigtype, sig, siglen); } return ret; @@ -361,8 +368,9 @@ * @retval *msg failure msg * @return rpmRC return code */ -static rpmRC rdLead(FD_t fd, void * ptr, const char ** msg) - /*@modifies fd, *lead, *msg @*/ +static rpmRC rdLead(FD_t fd, /*@out@*/ /*@null@*/ void * ptr, + const char ** msg) + /*@modifies fd, *ptr, *msg @*/ { struct rpmlead ** leadp = ptr; struct rpmlead * l = xcalloc(1, sizeof(*l)); @@ -436,8 +444,10 @@ /*===============================================*/ +/*@-redecl@*/ /*@unchecked@*/ extern int _newmagic; +/*@=redecl@*/ /*@observer@*/ /*@unchecked@*/ static unsigned char sigh_magic[8] = { @@ -519,7 +529,8 @@ * @retval *msg failure msg * @return rpmRC return code */ -static rpmRC rdSignature(FD_t fd, void * ptr, const char ** msg) +static rpmRC rdSignature(FD_t fd, /*@out@*/ /*@null@*/ void * ptr, + const char ** msg) /*@globals fileSystem @*/ /*@modifies fd, *ptr, *msg, fileSystem @*/ { @@ -730,13 +741,11 @@ pgpDig dig = rpmtsDig(ts); char buf[8*BUFSIZ]; int_32 * ei = (int_32 *) uh; -/*@-boundsread@*/ int_32 il = ntohl(ei[0]); int_32 dl = ntohl(ei[1]); /*@-castexpose@*/ entryInfo pe = (entryInfo) &ei[2]; /*@=castexpose@*/ -/*@=boundsread@*/ int_32 ildl[2]; int_32 pvlen = sizeof(ildl) + (il * sizeof(*pe)) + dl; unsigned char * dataStart = (unsigned char *) (pe + il); @@ -757,9 +766,7 @@ static int hclvl; hclvl++; -/*@-boundswrite@*/ buf[0] = '\0'; -/*@=boundswrite@*/ /* Is the blob the right size? */ if (uc > 0 && pvlen != uc) { @@ -802,9 +809,7 @@ /* Is there an immutable header region tag trailer? */ regionEnd = dataStart + entry->info.offset; /*@-sizeoftype@*/ -/*@-bounds@*/ (void) memcpy(info, regionEnd, REGION_TAG_COUNT); -/*@=bounds@*/ regionEnd += REGION_TAG_COUNT; xx = headerVerifyInfo(1, dl, info, &entry->info, 1); @@ -820,9 +825,7 @@ goto exit; } /*@=sizeoftype@*/ -/*@-boundswrite@*/ memset(info, 0, sizeof(*info)); -/*@=boundswrite@*/ /* Is the no. of tags in the region less than the total no. of tags? */ ril = entry->info.offset/sizeof(*pe); @@ -848,7 +851,6 @@ if (vsflags & RPMVSF_NOSHA1HEADER) /*@switchbreak@*/ break; blen = 0; -/*@-boundsread@*/ for (b = dataStart + entry->info.offset; *b != '\0'; b++) { if (strchr("0123456789abcdefABCDEF", *b) == NULL) /*@innerbreak@*/ break; @@ -859,11 +861,8 @@ (void) snprintf(buf, sizeof(buf), _("hdr SHA1: BAD, not hex\n")); goto exit; } -/*@=boundsread@*/ if (info->tag == 0) { -/*@-boundswrite@*/ *info = entry->info; /* structure assignment */ -/*@=boundswrite@*/ siglen = blen + 1; } /*@switchbreak@*/ break; @@ -874,9 +873,7 @@ (void) snprintf(buf, sizeof(buf), _("hdr RSA: BAD, not binary\n")); goto exit; } -/*@-boundswrite@*/ *info = entry->info; /* structure assignment */ -/*@=boundswrite@*/ siglen = info->count; /*@switchbreak@*/ break; case RPMTAG_DSAHEADER: @@ -886,9 +883,7 @@ (void) snprintf(buf, sizeof(buf), _("hdr DSA: BAD, not binary\n")); goto exit; } -/*@-boundswrite@*/ *info = entry->info; /* structure assignment */ -/*@=boundswrite@*/ siglen = info->count; /*@switchbreak@*/ break; default: @@ -900,10 +895,8 @@ exit: /* Return determined RPMRC_OK/RPMRC_FAIL conditions. */ if (rc != RPMRC_NOTFOUND) { -/*@-boundswrite@*/ buf[sizeof(buf)-1] = '\0'; if (msg) *msg = xstrdup(buf); -/*@=boundswrite@*/ hclvl--; return rc; } @@ -921,26 +914,24 @@ (void) snprintf(buf, sizeof(buf), "Header sanity check: OK\n"); rc = RPMRC_OK; } -/*@-boundswrite@*/ buf[sizeof(buf)-1] = '\0'; if (msg) *msg = xstrdup(buf); -/*@=boundswrite@*/ hclvl--; return rc; } /* Verify header-only digest/signature. */ -assert(dig); +assert(dig != NULL); dig->nbytes = 0; -/*@-boundsread@*/ sig = memcpy(xmalloc(siglen), dataStart + info->offset, siglen); -/*@=boundsread@*/ { const void * osig = pgpGetSig(dig); int_32 osigtype = pgpGetSigtype(dig); +/*@-modobserver -observertrans -dependenttrans @*/ /* FIX: pgpSetSig() lazy free. */ if (osig && osigtype) osig = headerFreeData(osig, osigtype); +/*@=modobserver =observertrans =dependenttrans @*/ (void) pgpSetSig(dig, info->tag, info->type, sig, info->count); } @@ -1002,11 +993,9 @@ } /*@fallthrough@*/ case RPMTAG_SHA1HEADER: -/*@-boundswrite@*/ ildl[0] = htonl(ril); ildl[1] = (regionEnd - dataStart); ildl[1] = htonl(ildl[1]); -/*@=boundswrite@*/ op = pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */ (void) rpmswEnter(op, 0); @@ -1041,15 +1030,11 @@ break; } -/*@-boundswrite@*/ buf[0] = '\0'; -/*@=boundswrite@*/ rc = rpmVerifySignature(dig, buf); -/*@-boundswrite@*/ buf[sizeof(buf)-1] = '\0'; if (msg) *msg = xstrdup(buf); -/*@=boundswrite@*/ /* XXX headerCheck can recurse, free info only at top level. */ if (hclvl == 1) @@ -1065,13 +1050,16 @@ * @param ptr metadata header (at least 32 bytes) * @return size of header */ -static size_t szHeader(const void * ptr) +static size_t szHeader(/*@null@*/ const void * ptr) + /*@*/ { uint32_t p[4]; +assert(ptr != NULL); memcpy(p, ptr, sizeof(p)); return (8 + 8 + 16 * ntohl(p[2]) + ntohl(p[3])); } +/*@-globuse@*/ /** * Check metadata header. * @param fd file handle @@ -1095,7 +1083,8 @@ * @retval *msg failure msg * @return rpmRC return code */ -static rpmRC rdHeader(FD_t fd, void * ptr, const char ** msg) +static rpmRC rdHeader(FD_t fd, /*@out@*/ /*@null@*/ void * ptr, + const char ** msg) /*@globals fileSystem @*/ /*@modifies fd, *ptr, *msg, fileSystem @*/ { @@ -1135,6 +1124,7 @@ return rc; } +/*@=globuse@*/ /*===============================================*/ @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/pkgio.h ============================================================================ $ cvs diff -u -r1.3 -r1.4 pkgio.h --- rpm/rpmdb/pkgio.h 29 Sep 2007 18:18:57 -0000 1.3 +++ rpm/rpmdb/pkgio.h 30 Sep 2007 17:29:05 -0000 1.4 @@ -13,6 +13,25 @@ /*@unchecked@*/ extern int _nolead; +/** + * Check header consistency, performing headerGetEntry() the hard way. + * + * Sanity checks on the header are performed while looking for a + * header-only digest or signature to verify the blob. If found, + * the digest or signature is verified. + * + * @param ts transaction set + * @param uh unloaded header blob + * @param uc no. of bytes in blob (or 0 to disable) + * @retval *msg verification error message (or NULL) + * @return RPMRC_OK on success + */ +rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, + /*@out@*/ /*@null@*/ const char ** msg) + /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ + /*@modifies ts, *msg, rpmGlobalMacroContext, + fileSystem, internalState @*/; + /** * Return size of item in bytes. * @param fn item name @@ -32,7 +51,7 @@ */ rpmRC rpmpkgWrite(const char * fn, FD_t fd, void * ptr, const char ** msg) /*@globals fileSystem @*/ - /*@modifies fd, fileSystem @*/; + /*@modifies fd, ptr, fileSystem @*/; /** * Read item from file descriptor. @@ -44,7 +63,8 @@ */ rpmRC rpmpkgRead(const char * fn, FD_t fd, /*@null@*/ /*@out@*/ void * ptr, const char ** msg) - /*@modifies fd, *ptr, *msg @*/; + /*@globals fileSystem @*/ + /*@modifies fd, *ptr, *msg, fileSystem @*/; /** * Verify item integrity. @@ -55,7 +75,8 @@ * @return RPMRC_OK on success */ rpmRC rpmpkgCheck(const char * fn, FD_t fd, const void * ptr, const char ** msg) - /*@modifies fd, *msg @*/; + /*@globals fileSystem @*/ + /*@modifies fd, ptr, *msg, fileSystem @*/; #ifdef __cplusplus } @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/rpmdb.c ============================================================================ $ cvs diff -u -r1.161 -r1.162 rpmdb.c --- rpm/rpmdb/rpmdb.c 29 Sep 2007 19:29:02 -0000 1.161 +++ rpm/rpmdb/rpmdb.c 30 Sep 2007 17:29:05 -0000 1.162 @@ -60,7 +60,7 @@ /*@-exporttype@*/ typedef unsigned int __pbm_bits; /*@=exporttype@*/ -#define __PBM_NBITS (8 * sizeof (__pbm_bits)) +#define __PBM_NBITS /*@-sizeoftype@*/(8 * sizeof(__pbm_bits))/*@=sizeoftype@*/ #define __PBM_IX(d) ((d) / __PBM_NBITS) #define __PBM_MASK(d) ((__pbm_bits) 1 << (((unsigned)(d)) % __PBM_NBITS)) /*@-exporttype@*/ @@ -75,7 +75,7 @@ #define PBM_CLR(d, s) (__PBM_BITS (s)[__PBM_IX (d)] &= ~__PBM_MASK (d)) #define PBM_ISSET(d, s) ((__PBM_BITS (s)[__PBM_IX (d)] & __PBM_MASK (d)) != 0) -#define PBM_ALLOC(d) xcalloc(__PBM_IX (d) + 1, sizeof(__pbm_bits)) +#define PBM_ALLOC(d) xcalloc(__PBM_IX (d) + 1, __PBM_NBITS/8) /** * Reallocate a bit map. @@ -89,18 +89,16 @@ { int i, nb; -/*@-bounds -sizeoftype@*/ if (nd > (*odp)) { nd *= 2; nb = __PBM_IX(nd) + 1; /*@-unqualifiedtrans@*/ - *sp = xrealloc(*sp, nb * sizeof(__pbm_bits)); + *sp = xrealloc(*sp, nb * (__PBM_NBITS/8)); /*@=unqualifiedtrans@*/ for (i = __PBM_IX(*odp) + 1; i < nb; i++) __PBM_BITS(*sp)[i] = 0; *odp = nd; } -/*@=bounds =sizeoftype@*/ /*@-compdef -retalias -usereleased@*/ return *sp; /*@=compdef =retalias =usereleased@*/ @@ -129,7 +127,9 @@ * @param size size of data in bytes * @return malloc'd hex string */ +/*@only@*/ static char * bin2hex(const void *data, size_t size) + /*@*/ { static char hex[] = "0123456789abcdef"; const char * s = data; @@ -176,11 +176,9 @@ if (db->db_tagn != NULL) for (dbix = 0; dbix < db->db_ndbi; dbix++) { -/*@-boundsread@*/ if (rpmtag != db->db_tagn[dbix]) continue; return dbix; -/*@=boundsread@*/ } return -1; } @@ -235,12 +233,10 @@ bingo = 0; if (dbiTags != NULL) for (dbix = 0; dbix < dbiTagsMax; dbix++) { -/*@-boundsread@*/ if (rpmtag == dbiTags[dbix]) { bingo = 1; /*@innerbreak@*/ break; } -/*@=boundsread@*/ } if (bingo) continue; @@ -251,12 +247,10 @@ if (dbiTagsMaxP != NULL) *dbiTagsMaxP = dbiTagsMax; -/*@-branchstate@*/ if (dbiTagsP != NULL) *dbiTagsP = dbiTags; else dbiTags = _free(dbiTags); -/*@=branchstate@*/ dbiTagStr = _free(dbiTagStr); } /*@=exportheader@*/ @@ -443,11 +437,9 @@ }; #define _DBSWAP(_a) \ -/*@-bounds@*/ \ { unsigned char _b, *_c = (_a).uc; \ _b = _c[3]; _c[3] = _c[0]; _c[0] = _b; \ _b = _c[2]; _c[2] = _c[1]; _c[1] = _b; \ -/*@=bounds@*/ \ } /** @@ -478,7 +470,7 @@ set->count = data->size / dbi->dbi_jlen; set->recs = xmalloc(set->count * sizeof(*(set->recs))); -/*@-bounds -sizeoftype @*/ +/*@-sizeoftype @*/ switch (dbi->dbi_jlen) { default: case 2*sizeof(int_32): @@ -514,7 +506,7 @@ break; } *setp = set; -/*@=bounds =sizeoftype @*/ +/*@=sizeoftype @*/ /*@-compdef@*/ return 0; /*@=compdef@*/ @@ -545,7 +537,7 @@ } tdbir = data->data = xmalloc(data->size); -/*@-bounds -sizeoftype@*/ +/*@-sizeoftype@*/ switch (dbi->dbi_jlen) { default: case 2*sizeof(int_32): @@ -580,7 +572,7 @@ } break; } -/*@=bounds =sizeoftype@*/ +/*@=sizeoftype@*/ /*@-compdef@*/ return 0; @@ -753,13 +745,11 @@ rpmdb db; rpmdbMatchIterator mi; -/*@-branchstate@*/ while ((mi = rpmmiRock) != NULL) { /*@i@*/ rpmmiRock = mi->mi_next; mi->mi_next = NULL; /*@i@*/ mi = rpmdbFreeIterator(mi); } -/*@=branchstate@*/ /*@-newreftrans@*/ while ((db = rpmdbRock) != NULL) { @@ -816,8 +806,8 @@ */ /*@mayexit@*/ static int unblockSignals(/*@unused@*/ rpmdb db, sigset_t * oldMask) - /*@globals rpmdbRock, fileSystem, internalState @*/ - /*@modifies rpmdbRock, fileSystem, internalState @*/ + /*@globals fileSystem, internalState @*/ + /*@modifies fileSystem, internalState @*/ { (void) rpmdbCheckSignals(); return sigprocmask(SIG_SETMASK, oldMask, NULL); @@ -861,13 +851,11 @@ const char * fn = NULL; int xx; -/*@-branchstate@*/ { const char * fnfmt = rpmGetPath("%{?_hrmib_path}", NULL); if (fnfmt && *fnfmt) fn = queryHeader(h, fnfmt); fnfmt = _free(fnfmt); } -/*@=branchstate@*/ if (fn == NULL) goto exit; @@ -972,7 +960,6 @@ for (dbix = 0; dbix < db->db_ndbi; dbix++) { if (db->db_tagn[dbix] != rpmtag) continue; -/*@-boundswrite@*/ if (db->_dbi[dbix] != NULL) { int xx; /*@-unqualifiedtrans@*/ /* FIX: double indirection. */ @@ -981,7 +968,6 @@ db->_dbi[dbix] = NULL; /*@=unqualifiedtrans@*/ } -/*@=boundswrite@*/ break; } return rc; @@ -1080,7 +1066,6 @@ const char * fn = NULL; urltype ut = urlPath(s, &fn); -/*@-branchstate@*/ switch (ut) { case URL_IS_PATH: case URL_IS_UNKNOWN: @@ -1097,7 +1082,6 @@ fn = rpmGetPath(fn, NULL); break; } -/*@=branchstate@*/ /* Convert relative to absolute paths. */ if (ut != URL_IS_PATH) /* XXX permit file:///... URI's */ @@ -1122,7 +1106,7 @@ } /*@-exportheader@*/ -/*@-mods@*/ /* FIX: dbTemplate structure assignment */ +/*@-globs -mods -incondefs@*/ /* FIX: dbTemplate structure assignment */ /*@only@*/ /*@null@*/ rpmdb rpmdbNew(/*@kept@*/ /*@null@*/ const char * root, /*@kept@*/ /*@null@*/ const char * home, @@ -1144,11 +1128,9 @@ oneshot = 1; } -/*@-boundswrite@*/ /*@-assignexpose@*/ *db = dbTemplate; /* structure assignment */ /*@=assignexpose@*/ -/*@=boundswrite@*/ db->_dbi = NULL; @@ -1180,7 +1162,7 @@ return rpmdbLink(db, "rpmdbCreate"); /*@=globstate@*/ } -/*@=mods@*/ +/*@=globs =mods =incondefs@*/ /*@=exportheader@*/ /*@-exportheader@*/ @@ -1192,7 +1174,6 @@ fileSystem, internalState @*/ /*@modifies rpmdbRock, *dbp, rpmGlobalMacroContext, fileSystem, internalState @*/ - /*@requires maxSet(dbp) >= 0 @*/ { rpmdb db; int rc, xx; @@ -1307,9 +1288,7 @@ int rpmdbOpen (const char * prefix, rpmdb *dbp, int mode, int perms) { int _dbapi = rpmExpandNumeric("%{_dbapi}"); -/*@-boundswrite@*/ return rpmdbOpenDatabase(prefix, NULL, _dbapi, dbp, mode, perms, 0); -/*@=boundswrite@*/ } int rpmdbInit (const char * prefix, int perms) @@ -1318,10 +1297,8 @@ int _dbapi = rpmExpandNumeric("%{_dbapi}"); int rc; -/*@-boundswrite@*/ rc = rpmdbOpenDatabase(prefix, NULL, _dbapi, &db, (O_CREAT | O_RDWR), perms, RPMDB_FLAG_JUSTCHECK); -/*@=boundswrite@*/ if (db != NULL) { int xx; xx = rpmdbOpenAll(db); @@ -1379,6 +1356,7 @@ * @return tagnum with (directory) path hash */ static inline unsigned taghash(const char *s) + /*@*/ { unsigned int r = 0; int c; @@ -1424,23 +1402,19 @@ *matches = NULL; if (filespec == NULL) return -2; - /*@-branchstate@*/ if ((baseName = strrchr(filespec, '/')) != NULL) { char * t; size_t len; len = baseName - filespec + 1; -/*@-boundswrite@*/ t = strncpy(alloca(len + 1), filespec, len); t[len] = '\0'; -/*@=boundswrite@*/ dirName = t; baseName++; } else { dirName = ""; baseName = filespec; } - /*@=branchstate@*/ if (baseName == NULL) return -2; @@ -1448,7 +1422,6 @@ fp1 = fpLookup(fpc, dirName, baseName, 1); dbi = dbiOpen(db, RPMTAG_BASENAMES, 0); -/*@-branchstate@*/ if (dbi != NULL) { dbcursor = NULL; xx = dbiCopen(dbi, dbi->dbi_txnid, &dbcursor, 0); @@ -1480,7 +1453,6 @@ dbcursor = NULL; } else rc = -2; -/*@=branchstate@*/ if (rc) { allMatches = dbiFreeIndexSet(allMatches); @@ -1662,7 +1634,6 @@ } /* Make sure the version and release match. */ - /*@-branchstate@*/ for (i = 0; i < dbiIndexSetCount(*matches); i++) { unsigned int recoff = dbiIndexRecordOffset(*matches, i); rpmdbMatchIterator mi; @@ -1689,15 +1660,12 @@ } h = rpmdbNextIterator(mi); -/*@-boundswrite@*/ if (h) (*matches)->recs[gotMatches++] = (*matches)->recs[i]; else (*matches)->recs[i].hdrNum = 0; -/*@=boundswrite@*/ mi = rpmdbFreeIterator(mi); } - /*@=branchstate@*/ if (gotMatches) { (*matches)->count = gotMatches; @@ -1772,9 +1740,7 @@ /*@-nullstate@*/ /* FIX: *matches may be NULL. */ if (s == localarg) return RPMRC_NOTFOUND; -/*@-boundswrite@*/ *s = '\0'; -/*@=boundswrite@*/ rc = dbiFindMatches(dbi, dbcursor, key, data, localarg, s + 1, NULL, matches); /*@=nullstate@*/ if (rc != RPMRC_NOTFOUND) return rc; @@ -1805,9 +1771,7 @@ if (s == localarg) return RPMRC_NOTFOUND; -/*@-boundswrite@*/ *s = '\0'; -/*@=boundswrite@*/ /*@-nullstate@*/ /* FIX: *matches may be NULL. */ return dbiFindMatches(dbi, dbcursor, key, data, localarg, s + 1, release, matches); /*@=nullstate@*/ @@ -1840,8 +1804,9 @@ * @return 0 on success */ static int miFreeHeader(rpmdbMatchIterator mi, dbiIndex dbi) - /*@globals fileSystem, internalState @*/ - /*@modifies mi, dbi, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ + /*@modifies mi, dbi, + rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ { int rc = 0; @@ -1860,6 +1825,7 @@ /*@i@*/ key->data = (void *) &mi->mi_prevoffset; key->size = sizeof(mi->mi_prevoffset); { size_t len; + len = 0; data->data = headerUnload(mi->mi_h, &len); data->size = len; /* XXX data->size is uint32_t */ #ifdef DYING /* XXX this is needed iff headerSizeof() is used instead. */ @@ -1872,6 +1838,7 @@ const char * msg = NULL; int lvl; +assert(data->data != NULL); rpmrc = headerCheck(mi->mi_ts, data->data, data->size, &msg); lvl = (rpmrc == RPMRC_FAIL ? RPMMESS_ERROR : RPMMESS_DEBUG); rpmMessage(lvl, "%s h#%8u %s", @@ -1992,7 +1959,6 @@ size_t nb; int c; -/*@-boundswrite@*/ switch (*modep) { default: case RPMMIRE_DEFAULT: @@ -2067,7 +2033,6 @@ pat = xstrdup(pattern); break; } -/*@-boundswrite@*/ return pat; } @@ -2082,7 +2047,6 @@ int notmatch = 0; int rc = 0; -/*@-boundsread@*/ if (defmode == (rpmMireMode)-1) { const char *t = rpmExpand("%{?_query_selector_match}", NULL); @@ -2107,12 +2071,9 @@ notmatch = 1; pattern++; } -/*@=boundsread@*/ nmire = mireNew(mode, tag); -/*@-boundswrite@*/ allpat = mireDup(nmire->tag, &nmire->mode, pattern); -/*@=boundswrite@*/ if (nmire->mode == RPMMIRE_DEFAULT) nmire->mode = defmode; @@ -2134,10 +2095,8 @@ mire->tag = nmire->tag; mire->notmatch = notmatch; -/*@-boundsread@*/ if (mi->mi_nre > 1) qsort(mi->mi_re, mi->mi_nre, sizeof(*mi->mi_re), mireCmp); -/*@=boundsread@*/ exit: allpat = _free(allpat); @@ -2180,7 +2139,6 @@ * Apply tag tests, implicitly "||" for multiple patterns/values of a * single tag, implicitly "&&" between multiple tag patterns. */ -/*@-boundsread@*/ if ((mire = mi->mi_re) == NULL) return 0; @@ -2254,7 +2212,6 @@ } /*@innerbreak@*/ break; } -/*@=boundsread@*/ if (mire->tag == RPMTAG_NVRA) u.str = _free(u.str); @@ -2333,12 +2290,10 @@ if (mi->mi_dbc == NULL) xx = dbiCopen(dbi, dbi->dbi_txnid, &mi->mi_dbc, mi->mi_cflags); -/*@-boundswrite@*/ key = &mi->mi_key; memset(key, 0, sizeof(*key)); data = &mi->mi_data; memset(data, 0, sizeof(*data)); -/*@=boundswrite@*/ top: uh = NULL; @@ -2347,7 +2302,6 @@ do { union _dbswap mi_offset; - /*@-branchstate -compmempass @*/ if (mi->mi_set) { if (!(mi->mi_setx < mi->mi_set->count)) return NULL; @@ -2382,20 +2336,19 @@ * largest header instance in the database, and should be * skipped. */ -/*@-boundswrite@*/ if (keyp && mi->mi_setx && rc == 0) { memcpy(&mi_offset, keyp, sizeof(mi_offset.ui)); if (dbiByteSwapped(dbi) == 1) _DBSWAP(mi_offset); mi->mi_offset = mi_offset.ui; } -/*@=boundswrite@*/ /* Terminate on error or end of keys */ +/*@-compmempass@*/ if (rc || (mi->mi_setx && mi->mi_offset == 0)) return NULL; +/*@=compmempass@*/ } - /*@=branchstate =compmempass @*/ mi->mi_setx++; } while (mi->mi_offset == 0); @@ -2406,13 +2359,13 @@ /*@=compdef =refcounttrans =retalias =retexpose =usereleased @*/ /* Retrieve next header blob for index iterator. */ - /*@-branchstate -compmempass -immediatetrans @*/ if (uh == NULL) { key->data = keyp; key->size = keylen; #if !defined(_USE_COPY_LOAD) data->flags |= DB_DBT_MALLOC; #endif +/*@-compmempass@*/ rc = dbiGet(dbi, mi->mi_dbc, key, data, DB_SET); data->flags = 0; keyp = key->data; @@ -2421,8 +2374,8 @@ uhlen = data->size; if (rc) return NULL; +/*@=compmempass@*/ } - /*@=branchstate =compmempass =immediatetrans @*/ /* Rewrite current header (if necessary) and unlink. */ xx = miFreeHeader(mi, dbi); @@ -2432,7 +2385,6 @@ return NULL; /* Check header digest/signature once (if requested). */ -/*@-boundsread -branchstate -sizeoftype @*/ if (mi->mi_ts) { rpmRC rpmrc = RPMRC_NOTFOUND; @@ -2451,6 +2403,7 @@ const char * msg = NULL; int lvl; +assert(data->data != NULL); rpmrc = headerCheck(mi->mi_ts, uh, uhlen, &msg); lvl = (rpmrc == RPMRC_FAIL ? RPMMESS_ERROR : RPMMESS_DEBUG); rpmMessage(lvl, "%s h#%8u %s", @@ -2472,7 +2425,6 @@ goto top; } } -/*@=boundsread =branchstate =sizeoftype @*/ /* Did the header blob load correctly? */ #if !defined(_USE_COPY_LOAD) @@ -2526,10 +2478,8 @@ * than pure quicksort, but glibc uses msort_with_tmp() on stack. */ #if defined(__GLIBC__) -/*@-boundsread@*/ qsort(mi->mi_set->recs, mi->mi_set->count, sizeof(*mi->mi_set->recs), hdrNumCmp); -/*@=boundsread@*/ #else rpm_mergesort(mi->mi_set->recs, mi->mi_set->count, sizeof(*mi->mi_set->recs), hdrNumCmp); @@ -2538,7 +2488,6 @@ } } -/*@-bounds@*/ /* LCL: segfault */ static int rpmdbGrowIterator(/*@null@*/ rpmdbMatchIterator mi, int fpNum, unsigned int exclude, unsigned int tag) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ @@ -2620,7 +2569,6 @@ dbcursor = NULL; #endif -/*@-branchstate@*/ if (mi->mi_set == NULL) { mi->mi_set = set; } else { @@ -2634,11 +2582,9 @@ mi->mi_set->count += set->count; set = dbiFreeIndexSet(set); } -/*@=branchstate@*/ return rc; } -/*@=bounds@*/ int rpmdbPruneIterator(rpmdbMatchIterator mi, int * hdrNums, int nHdrNums, int sorted) @@ -2702,7 +2648,6 @@ * Handle label and file name special cases. * Otherwise, retrieve join keys for secondary lookup. */ -/*@-branchstate@*/ if (rpmtag != RPMDBI_PACKAGES && keyp) { DBC * dbcursor = NULL; int rc; @@ -2749,7 +2694,6 @@ return NULL; } } -/*@=branchstate@*/ /* Copy the retrieval key, byte swapping header instance if necessary. */ if (keyp) { @@ -2769,9 +2713,7 @@ if (keylen == 0) keylen = strlen(keyp); k = xmalloc(keylen + 1); -/*@-boundsread@*/ memcpy(k, keyp, keylen); -/*@=boundsread@*/ k[keylen] = '\0'; /* XXX assumes strings */ mi_keyp = k; } break; @@ -2870,11 +2812,8 @@ int i, j; dbi = NULL; -/*@-boundsread@*/ rpmtag = db->db_tagn[dbix]; -/*@=boundsread@*/ - /*@-branchstate@*/ switch (rpmtag) { /* Filter out temporary databases */ case RPMDBI_AVAILABLE: @@ -2922,7 +2861,6 @@ /*@switchbreak@*/ break; } - /*@=branchstate@*/ dbi = dbiOpen(db, rpmtag, 0); if (dbi != NULL) { @@ -2937,7 +2875,6 @@ printed = 0; xx = dbiCopen(dbi, dbi->dbi_txnid, &dbcursor, DB_WRITECURSOR); -/*@-branchstate@*/ for (i = 0; i < rpmcnt; i++) { dbiIndexSet set; int stringvalued; @@ -2982,7 +2919,6 @@ /*@fallthrough@*/ case RPM_STRING_ARRAY_TYPE: /* Convert from hex to binary. */ -/*@-boundsread@*/ if (dbi->dbi_rpmtag == RPMTAG_FILEDIGESTS) { const char * s = rpmvals[i]; size_t dlen = strlen(s); @@ -3007,7 +2943,6 @@ key->size = nbin; /*@switchbreak@*/ break; } -/*@=boundsread@*/ /*@fallthrough@*/ default: /*@i@*/ key->data = (void *) rpmvals[i]; @@ -3090,7 +3025,6 @@ /*@=compmempass@*/ set = dbiFreeIndexSet(set); } -/*@=branchstate@*/ xx = dbiCclose(dbi, dbcursor, DB_WRITECURSOR); dbcursor = NULL; @@ -3099,8 +3033,10 @@ xx = dbiSync(dbi, 0); } +/*@-unqualifiedtrans@*/ if (rpmtag == RPMTAG_NVRA) /* XXX compound header extension. */ av[0] = _free(av[0]); +/*@=unqualifiedtrans@*/ else if (rpmtype != RPM_BIN_TYPE) /* XXX WTFO? HACK ALERT */ rpmvals = hfd(rpmvals, rpmtype); @@ -3190,7 +3126,6 @@ size_t datalen = 0; dbi = dbiOpen(db, RPMDBI_PACKAGES, 0); - /*@-branchstate@*/ if (dbi != NULL) { nb = 0; @@ -3216,7 +3151,6 @@ datalen = data->size; /*@=compmempass@*/ -/*@-bounds@*/ hdrNum = 0; if (ret == 0 && datap) { memcpy(&mi_offset, datap, sizeof(mi_offset.ui)); @@ -3234,7 +3168,6 @@ datap = &mi_offset; datalen = sizeof(mi_offset.ui); } -/*@=bounds@*/ key->data = keyp; key->size = keylen; @@ -3251,7 +3184,6 @@ xx = dbiCclose(dbi, dbcursor, DB_WRITECURSOR); dbcursor = NULL; } - /*@=branchstate@*/ } @@ -3285,9 +3217,7 @@ rpmrc = RPMRC_NOTFOUND; dbi = NULL; requireFlags = NULL; -/*@-boundsread@*/ rpmtag = db->db_tagn[dbix]; -/*@=boundsread@*/ switch (rpmtag) { /* Filter out temporary databases */ @@ -3315,6 +3245,7 @@ { size_t len; nb = 0; (void) headerGetMagic(h, NULL, &nb); + len = 0; data->data = headerUnload(h, &len); data->size = len; /* XXX data->size is uint32_t */ #ifdef DYING /* XXX this is needed iff headerSizeof() is used instead. */ @@ -3327,6 +3258,7 @@ const char * msg = NULL; int lvl; +assert(data->data != NULL); rpmrc = headerCheck(ts, data->data, data->size, &msg); lvl = (rpmrc == RPMRC_FAIL ? RPMMESS_ERROR : RPMMESS_DEBUG); rpmMessage(lvl, "%s h#%8u %s", @@ -3366,7 +3298,6 @@ /*@switchbreak@*/ break; } - /*@-branchstate@*/ if (rpmcnt <= 0) { if (rpmtag != RPMTAG_GROUP) continue; @@ -3376,7 +3307,6 @@ rpmvals = (const char **) "Unknown"; rpmcnt = 1; } - /*@=branchstate@*/ dbi = dbiOpen(db, rpmtag, 0); if (dbi != NULL) { @@ -3394,7 +3324,6 @@ printed = 0; xx = dbiCopen(dbi, dbi->dbi_txnid, &dbcursor, DB_WRITECURSOR); -/*@-branchstate@*/ for (i = 0; i < rpmcnt; i++) { dbiIndexSet set; int stringvalued; @@ -3425,12 +3354,10 @@ /*@switchbreak@*/ break; case RPMTAG_TRIGGERNAME: if (i) { /* don't add duplicates */ -/*@-boundsread@*/ for (j = 0; j < i; j++) { if (!strcmp(rpmvals[i], rpmvals[j])) /*@innerbreak@*/ break; } -/*@=boundsread@*/ if (j < i) /*@innercontinue@*/ continue; } @@ -3468,7 +3395,6 @@ /*@fallthrough@*/ case RPM_STRING_ARRAY_TYPE: /* Convert from hex to binary. */ -/*@-boundsread@*/ if (dbi->dbi_rpmtag == RPMTAG_FILEDIGESTS) { const char * s = rpmvals[i]; size_t dlen = strlen(s); @@ -3493,7 +3419,6 @@ key->size = nbin; /*@switchbreak@*/ break; } -/*@=boundsread@*/ /*@fallthrough@*/ default: /*@i@*/ key->data = (void *) rpmvals[i]; @@ -3559,7 +3484,6 @@ data->size = 0; set = dbiFreeIndexSet(set); } -/*@=branchstate@*/ xx = dbiCclose(dbi, dbcursor, DB_WRITECURSOR); dbcursor = NULL; @@ -3568,13 +3492,13 @@ xx = dbiSync(dbi, 0); } +/*@-modobserver -unqualifiedtrans@*/ if (rpmtag == RPMTAG_NVRA) /* XXX compound header extension. */ av[0] = _free(av[0]); +/*@=modobserver =unqualifiedtrans@*/ else - /*@-observertrans@*/ if (rpmtype != RPM_BIN_TYPE) /* XXX WTFO? HACK ALERT */ rpmvals = hfd(rpmvals, rpmtype); - /*@=observertrans@*/ rpmtype = 0; rpmcnt = 0; bin = _free(bin); @@ -3609,7 +3533,7 @@ if (db == NULL) return 0; mi = rpmdbInitIterator(db, RPMTAG_BASENAMES, NULL, 0); -assert(mi); /* XXX will never happen. */ +assert(mi != NULL); /* XXX will never happen. */ if (mi == NULL) return 2; @@ -3620,13 +3544,11 @@ for (i = 0; i < numItems; i++) { unsigned int tag; -/*@-boundswrite@*/ matchList[i] = xcalloc(1, sizeof(*(matchList[i]))); -/*@=boundswrite@*/ -/*@-boundsread -dependenttrans@*/ +/*@-dependenttrans@*/ key->data = (void *) fpList[i].baseName; -/*@=boundsread =dependenttrans@*/ +/*@=dependenttrans@*/ key->size = strlen((char *)key->data); if (key->size == 0) key->size++; /* XXX "/" fixup. */ @@ -3663,12 +3585,10 @@ im = mi->mi_set->recs + start; /* Find the end of the set of matched basename's in this package. */ -/*@-boundsread@*/ for (end = start + 1; end < mi->mi_set->count; end++) { if (im->hdrNum != mi->mi_set->recs[end].hdrNum) /*@innerbreak@*/ break; } -/*@=boundsread@*/ num = end - start; /* Compute fingerprints for this installed header's matches */ @@ -3678,18 +3598,15 @@ baseNames = xcalloc(num, sizeof(*baseNames)); dirIndexes = xcalloc(num, sizeof(*dirIndexes)); -/*@-bounds@*/ for (i = 0; i < num; i++) { baseNames[i] = fullBaseNames[im[i].tagNum]; dirIndexes[i] = fullDirIndexes[im[i].tagNum]; } -/*@=bounds@*/ fps = xcalloc(num, sizeof(*fps)); fpLookupList(fpc, dirNames, baseNames, dirIndexes, num, fps); /* Add db (recnum,filenum) to list for fingerprint matches. */ -/*@-boundsread@*/ for (i = 0; i < num; i++, im++) { /*@-nullpass@*/ /* FIX: fpList[].subDir may be NULL */ if (!FP_EQUAL(fps[i], fpList[im->fpNum])) @@ -3697,7 +3614,6 @@ /*@=nullpass@*/ xx = dbiAppendSet(matchList[im->fpNum], im, 1, sizeof(*im), 0); } -/*@=boundsread@*/ fps = _free(fps); dirNames = hfd(dirNames, dnt); @@ -3729,9 +3645,7 @@ const char *fn; int urltype = urlPath(urlfn, &fn); - /*@-branchstate@*/ if (*fn == '\0') fn = "/"; - /*@=branchstate@*/ switch (urltype) { case URL_IS_HTTPS: /* XXX WRONG WRONG WRONG */ case URL_IS_HTTP: /* XXX WRONG WRONG WRONG */ @@ -3760,8 +3674,8 @@ static int rpmdbRemoveDatabase(const char * prefix, const char * dbpath, int _dbapi, const int * dbiTags, int dbiTagsMax) - /*@globals h_errno, fileSystem, internalState @*/ - /*@modifies fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ + /*@modifies rpmGlobalMacroContext, fileSystem, internalState @*/ { const char * fn; int xx; @@ -3785,7 +3699,7 @@ fn = rpmGetPath(prefix, dbpath, "/", "__db.000", NULL); suffix = (char *)(fn + strlen(fn) - (sizeof("000") - 1)); for (i = 0; i < 16; i++) { - snprintf(suffix, sizeof("000"), "%03d", i); + (void) snprintf(suffix, sizeof("000"), "%03d", i); if (rpmioFileExists(fn)) xx = Unlink(fn); } @@ -3809,8 +3723,8 @@ const char * olddbpath, int _olddbapi, const char * newdbpath, /*@unused@*/ int _newdbapi, const int * dbiTags, int dbiTagsMax) - /*@globals h_errno, fileSystem, internalState @*/ - /*@modifies fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ + /*@modifies rpmGlobalMacroContext, fileSystem, internalState @*/ { struct stat nsb, * nst = &nsb; const char * ofn, * nfn; @@ -3882,12 +3796,12 @@ nsuffix = (char *)(nfn + strlen(nfn) - (sizeof("000") - 1)); for (i = 0; i < 16; i++) { - snprintf(osuffix, sizeof("000"), "%03d", i); + (void) snprintf(osuffix, sizeof("000"), "%03d", i); if (rpmioFileExists(ofn)) { rpmMessage(RPMMESS_DEBUG, D_("removing region file \"%s\"\n"), ofn); xx = Unlink(ofn); } - snprintf(nsuffix, sizeof("000"), "%03d", i); + (void) snprintf(nsuffix, sizeof("000"), "%03d", i); if (rpmioFileExists(nfn)) { rpmMessage(RPMMESS_DEBUG, D_("removing region file \"%s\"\n"), nfn); xx = Unlink(nfn); @@ -3924,9 +3838,7 @@ int * dbiTags = NULL; int dbiTagsMax = 0; - /*@-branchstate@*/ if (prefix == NULL) prefix = "/"; - /*@=branchstate@*/ prefix = rpmGetPath(prefix, NULL); /* strip trailing '/' */ _dbapi = rpmExpandNumeric("%{_dbapi}"); @@ -3937,9 +3849,7 @@ /*@-nullpass@*/ tfn = rpmGetPath("%{?_dbpath}", NULL); /*@=nullpass@*/ -/*@-boundsread@*/ if (!(tfn && tfn[0] != '\0')) -/*@=boundsread@*/ { rpmMessage(RPMMESS_DEBUG, D_("no dbpath has been set")); rc = 1; @@ -3953,17 +3863,13 @@ /*@-nullpass@*/ tfn = rpmGetPath("%{?_dbpath_rebuild}", NULL); /*@=nullpass@*/ -/*@-boundsread@*/ if (!(tfn && tfn[0] != '\0' && strcmp(tfn, dbpath))) -/*@=boundsread@*/ { char pidbuf[20]; char *t; sprintf(pidbuf, "rebuilddb.%d", (int) getpid()); t = xmalloc(strlen(dbpath) + strlen(pidbuf) + 1); -/*@-boundswrite@*/ (void)stpcpy(stpcpy(t, dbpath), pidbuf); -/*@=boundswrite@*/ tfn = _free(tfn); tfn = t; nocleanup = 0; @@ -3996,24 +3902,20 @@ rpmMessage(RPMMESS_DEBUG, D_("opening old database with dbapi %d\n"), _dbapi); -/*@-boundswrite@*/ if (rpmdbOpenDatabase(prefix, dbpath, _dbapi, &olddb, O_RDONLY, 0644, RPMDB_FLAG_MINIMAL)) { rc = 1; goto exit; } -/*@=boundswrite@*/ _dbapi = olddb->db_api; _rebuildinprogress = 1; rpmMessage(RPMMESS_DEBUG, D_("opening new database with dbapi %d\n"), _dbapi_rebuild); (void) rpmDefineMacro(NULL, "_rpmdb_rebuild %{nil}", -1); -/*@-boundswrite@*/ if (rpmdbOpenDatabase(prefix, newdbpath, _dbapi_rebuild, &newdb, O_RDWR | O_CREAT, 0644, 0)) { rc = 1; goto exit; } -/*@=boundswrite@*/ _rebuildinprogress = 0; @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/rpmdb.h ============================================================================ $ cvs diff -u -r1.66 -r1.67 rpmdb.h --- rpm/rpmdb/rpmdb.h 29 Sep 2007 19:29:02 -0000 1.66 +++ rpm/rpmdb/rpmdb.h 30 Sep 2007 17:29:05 -0000 1.67 @@ -914,6 +914,7 @@ /** @todo document rpmdbNew */ +/*@only@*/ /*@null@*/ rpmdb rpmdbNew(/*@kept@*/ /*@null@*/ const char * root, /*@kept@*/ /*@null@*/ const char * home, int mode, int perms, int flags); @@ -923,7 +924,11 @@ int rpmdbOpenDatabase(/*@null@*/ const char * prefix, /*@null@*/ const char * dbpath, int _dbapi, /*@null@*/ /*@out@*/ rpmdb *dbp, - int mode, int perms, int flags); + int mode, int perms, int flags) + /*@globals rpmGlobalMacroContext, h_errno, + fileSystem, internalState @*/ + /*@modifies *dbp, rpmGlobalMacroContext, + fileSystem, internalState @*/; /** \ingroup rpmdb * Open rpm database. @@ -1178,7 +1183,8 @@ */ int rpmdbAdd(/*@null@*/ rpmdb db, int iid, Header h, /*@null@*/ rpmts ts) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies db, h, rpmGlobalMacroContext, fileSystem, internalState @*/; + /*@modifies db, h, ts, + rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmdb * Remove package header from rpm database and indices. @@ -1191,7 +1197,8 @@ int rpmdbRemove(/*@null@*/ rpmdb db, /*@unused@*/ int rid, unsigned int hdrNum, /*@null@*/ rpmts ts) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies db, rpmGlobalMacroContext, fileSystem, internalState @*/; + /*@modifies db, ts, + rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmdb * Rebuild database indices from package headers. @@ -1201,7 +1208,7 @@ */ int rpmdbRebuild(/*@null@*/ const char * prefix, /*@null@*/ rpmts ts) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies rpmGlobalMacroContext, fileSystem, internalState @*/; + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; /** * Mergesort, same arguments as qsort(2). @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/sqlite.c ============================================================================ $ cvs diff -u -r1.14 -r1.15 sqlite.c --- rpm/rpmdb/sqlite.c 29 Sep 2007 17:06:25 -0000 1.14 +++ rpm/rpmdb/sqlite.c 30 Sep 2007 17:29:05 -0000 1.15 @@ -1,4 +1,3 @@ -/*@-bounds@*/ /*@-mustmod@*/ /*@-paramuse@*/ /*@-globuse@*/ @@ -6,7 +5,6 @@ /*@-noeffectuncon@*/ /*@-compdef@*/ /*@-compmempass@*/ -/*@-branchstate@*/ /*@-modfilesystem@*/ /*@-evalorderuncon@*/ @@ -99,7 +97,7 @@ }; union _dbswap { - unsigned int ui; + uint32_t ui; unsigned char uc[4]; }; @@ -145,7 +143,9 @@ /*@-globs@*/ xx = Chdir("/"); /*@=globs@*/ +/*@-modobserver@*/ xx = Chroot(dbi->dbi_root); +/*@=modobserver@*/ assert(xx == 0); sqlInRoot=1; } @@ -163,9 +163,9 @@ if (_debug) fprintf(stderr, "sql:chroot(.)\n"); -/*@-superuser@*/ +/*@-modobserver@*/ xx = Chroot("."); -/*@=superuser@*/ +/*@=modobserver@*/ assert(xx == 0); if (sqlCwd != NULL) { /*@-globs@*/ @@ -680,7 +680,7 @@ * Cre