[PATCH 4/4] ar, ranlib: Don't double close file descriptors

Found by GCC14 -Wanalyzer-fd-double-close. close always closes the given file descriptor even on error. So don't try to close a file descriptor again on error (even on EINTR). This could be bad in a multi-threaded environment. * src/ar.c (do_oper_extract): Call close and set newfd to -1.

[PATCH 3/4] debuginfod-client: Don't leak id/version with duplicate os-release entries

Found by GCC14 -Wanalyzer-double-free. If the os-release file would contain multiple ID or VERSION_ID entries we would leak the originally parsed one. Fix by seeing whether id or version is already set and ignore any future entries. * debuginfod/debuginfod-client.c (add_default_headers):

[PATCH 2/4] libelf: elf32_getshdr might leak section header when out of memory

Found by GCC -fanalyzer. When allocating the notcvt buffer fails we leak the shdr. goto free_and_out on malloc failure. * libelf/elf32_getshdr.c (load_shdr_wrlock): goto free_and_out on second malloc failure. Signed-off-by: Mark Wielaard --- libelf/elf32_getshdr.c | 2

[PATCH 1/4] libdwfl: Make sure mapped is always set in unzip

Found by GCC14 -Wanalyzer-null-argument. When unzip is called with mapped NULL, but *_whole not NULL, *_whole contains the first part of the input. But we check against mapped to make sure the MAGIC bytes are there. This only worked because this code path was never taken, unzip is currently alway