From ded66fbb62cdad37d577dc048e37f7cea7f7a4da Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Mon, 9 Apr 2012 00:42:04 -0500
Subject: Fix issues with unintialized variable value usage

Detected by clang scan-build static code analyzer.

* Don't attempt to free an uninitialized gpgme key variable
* Initialize answer variable before asking frontend a question
* Pass by reference instead of value if uninitialized fields are
  possible in download signal handler code
* Ensure we never call strlen() on NULL payload->remote_name value

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 lib/libalpm/dload.c   | 11 ++++++-----
 lib/libalpm/signing.c |  4 ++--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 9d982183..c1f54f02 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -337,9 +337,9 @@ static void mask_signal(int signal, void (*handler)(int),
 	sigaction(signal, &newaction, NULL);
 }
 
-static void unmask_signal(int signal, struct sigaction sa)
+static void unmask_signal(int signal, struct sigaction *sa)
 {
-	sigaction(signal, &sa, NULL);
+	sigaction(signal, sa, NULL);
 }
 
 static FILE *create_tempfile(struct dload_payload *payload, const char *localpath)
@@ -409,7 +409,8 @@ static int curl_download_internal(struct dload_payload *payload,
 		RET_ERR(handle, ALPM_ERR_SERVER_BAD_URL, -1);
 	}
 
-	if(strlen(payload->remote_name) > 0 && strcmp(payload->remote_name, ".sig") != 0) {
+	if(payload->remote_name && strlen(payload->remote_name) > 0 &&
+			strcmp(payload->remote_name, ".sig") != 0) {
 		payload->destfile_name = get_fullpath(localpath, payload->remote_name, "");
 		payload->tempfile_name = get_fullpath(localpath, payload->remote_name, ".part");
 		if(!payload->destfile_name || !payload->tempfile_name) {
@@ -582,8 +583,8 @@ cleanup:
 	}
 
 	/* restore the old signal handlers */
-	unmask_signal(SIGINT, orig_sig_int);
-	unmask_signal(SIGPIPE, orig_sig_pipe);
+	unmask_signal(SIGINT, &orig_sig_int);
+	unmask_signal(SIGPIPE, &orig_sig_pipe);
 	/* if we were interrupted, trip the old handler */
 	if(dload_interrupted) {
 		raise(SIGINT);
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index fc8dd5bb..7177d655 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -210,9 +210,9 @@ static int key_in_keychain(alpm_handle_t *handle, const char *fpr)
 	} else {
 		_alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err));
 	}
+	gpgme_key_unref(key);
 
 error:
-	gpgme_key_unref(key);
 	gpgme_release(ctx);
 	return ret;
 }
@@ -797,7 +797,7 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier,
 						_("%s: key \"%s\" is unknown\n"), identifier, name);
 #ifdef HAVE_LIBGPGME
 				{
-					int answer;
+					int answer = 0;
 					alpm_pgpkey_t fetch_key;
 					memset(&fetch_key, 0, sizeof(fetch_key));
 
-- 
cgit v1.2.3-70-g09d2