similar to: [PATCH 11/12] bugfix: openssh-4.3p2 variable reuse bug

The variable local_user was allocated by xstrdup and is not freed or pointed to in this branch. This patch adds the xfree. This entire set of patches passed the regression tests on my system. Bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- sshconnect.c | 1 + 1 files changed, 1 insertion(+) diff -uprN openssh-4.3p2/sshconnect.c

The variable IV does can be NULL when passed into the function. However, IV is dereferenced in CMP, therefore, IV should be checked before sending it to this macro. This patch adds what is common in other parts of the code but is missing on this particular check. This entire set of patches passed the regression tests on my system. Null dereference bug found by Coverity. Signed-off-by: Kylene

The get_handle function can return a negative value. The variable that value is assigned to is eventually passed to handle_close which uses the value as an array index thus not being able to handle negative values. This patch adds the return code check and provides an appropriate error exit in the event of a negative return code. This entire set of patches passed the regression tests on my

The variable cmd is xmalloc'd by buffer_get_string. It is then used in some places but never freed. This patch places the xfree after the last usage and within the confines of all paths. This entire set of patches passed the regression tests on my system. Memory leak bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- clientloop.c | 2 ++ 1 files changed,

The file descriptor f is not closed in this error path. This patch adds the fclose as is customary in the rest of the function. This entire set of patches passed the regression tests on my system. Resource leak bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- hostfile.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletion(-) diff -uprN

If the operation in the function is not allowed memory is leaked in three variables which were xmalloc'ed with buffer_get_string. In the allowed case these variables are pointed to by variables with a greater scope thus the reason this is a condtional leak. This entire set of patches passed the regression tests on my system. Resource leak bugs found by Coverity. Signed-off-by:

There are 2 bugs here. The first is pipe's return code is not checked in this instance and it can return a negative value. The purpose of the call is to make sure 0 and 1 are not assigned to the pin and pout descriptors because those values won't work for later calls. If the pipe call fails the correct behavior cannot be ensured. This patch adds an error case consistent with the rest

cancel_address is allocated in packet_get_string and used in the call to channel_cancel_rport_listener and then it goes out of scope. This patch adds the xfree. This entire set of patches passed the regression tests on my system. Resource leak bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- serverloop.c | 1 + 1 files changed, 1 insertion(+) diff -uprN

There are 2 bugs here. Since mkdir can return an error. The rest of the function's operations depend on this directory being created thus an error should be handled at this point. The second is f is never closed. This patch adds the needed fclose. This entire set of patches passed the regression tests on my system. Bugs found by Coverity. Signed-off-by: Kylene Hall <kjhall at

There are several memory management bugs here. First, the variable tmp is allocated by infer_path. In one path this allocating function is called again on the same variable without freeing the first instance. In another path the variable is just not freed. The fix is to add the xfree before the second call to infer_path and to move the existing xfree to cover both paths (in one case this is on

key is freed outside of the if that checks if key is NULL therefore, NULL could be sent to the key_free function which will not handle it correctly. The fix is to move key_free to a place where you know key is not NULL. This patch moves the key_free call. This entire set of patches passed the regression tests on my system. Bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at

If one of you wanted to try to create a patch to support ALTREP generic vectors here are some notes: The main challenge I am aware of (there might be others): Allowing DATAPTR to return a writable pointer would be too dangerous because the GC write barrier needs to see all mutations. So it would be best if Dataptr and Dataptr_or_null methods were not allowed to be defined. The default methods in

I can work on this. Thanks Luke. ~G On Wed, Jul 24, 2019 at 8:25 AM Tierney, Luke <luke-tierney at uiowa.edu> wrote: > If one of you wanted to try to create a patch to support ALTREP > generic vectors here are some notes: > > The main challenge I am aware of (there might be others): Allowing > DATAPTR to return a writable pointer would be too dangerous because > the GC

Hi Kylie, As an alternative in the short term, you could consider deriving from S4Vector's List class, implementing the getListElement() method to lazily create the objects. Michael On Tue, Jul 23, 2019 at 9:09 AM Bemis, Kylie <k.bemis at northeastern.edu> wrote: > > Hello, > > I was wondering if there were any plans for ALTREP lists (VECSXP)? > > It seems to me that

Hi all, I am using Hartigan & Hartigan's [1] "dip test" of unimodality via the diptest package in R. The function dip() returns the value of the test statistic but I am having problems calculating the p-value associated with that value. I'm hoping someone here is familiar with this process and can explain it. In the original article there is an example using n=63 and a

Hi Kylie, Is it a list with only numerics in it? (I only see REALSXPs there, but obviously inspect isn't showing all of them). If so, you could load it up into one big vector and then also keep partitioning information around. Bioconductor does this (see ?IRanges::CompressedList ). The potential benefit here being that the underlying large vector could then be a big out-of-memory altrep. How

Hi Kylie, For your question, I don't think a wrapper can completely solve your problem. The duplication occurs since your variable y has more than 1 reference number( Please see highlighted), so even you have a wrapper, any changes on the value of the wrapper still can trigger the duplication. > .Internal(inspect(y)) > @7fb0ce78c0f0 13 INTSXP g0c0 *[NAM(7)]* matter vector (mode=3,

Hi, Last friday I changed the NIC in two of our Samba servers from a 3com 905b (100mb) to a 3com 2000T (1000mb) to take advantage of our new switch which supports gigabit. One of the workstations (XP SP1, with all subsequent patches and hotfixes and with an onboard Realtek 8139) then started to have problems with the two Samba servers with the new NIC's. It could see the network

https://bugzilla.mindrot.org/show_bug.cgi?id=3580 Bug ID: 3580 Summary: ssh-keygen -l: "no comment" never appears again after the first comment Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

Hi Jiefei and Kylie, Great to see people engaging with the ALTREP framework and identifying places we may need more tooling. Comments inline. On Thu, Jul 18, 2019 at 12:22 PM King Jiefei <szwjf08 at gmail.com> wrote: > > If that is the case and you are 100% sure the reference number should be 1 > for your variable *y*, my solution is to call *SET_NAMED *in C++ to reset > the