From 38e6862a2dc5c411b542d2496f220e50205c1ec4 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 22 Apr 2026 11:23:50 -0400
Subject: strdup_maybe exits the program on memory error

---
 src/lib/delivery/delivery.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery.c b/src/lib/delivery/delivery.c
index 7d78878..eb74b6c 100644
--- a/src/lib/delivery/delivery.c
+++ b/src/lib/delivery/delivery.c
@@ -2,7 +2,12 @@
 
 static char *strdup_maybe(const char * restrict s) {
     if (s != NULL) {
-        return strdup(s);
+        char *x = strdup(s);
+        if (!x) {
+            SYSERROR("%s", "strdup failed");
+            exit(1);
+        }
+        return x;
     }
     return NULL;
 }
-- 
cgit 


From 33febf2c63a7907c650bbd3730e96f0caea9198f Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 22 Apr 2026 11:24:58 -0400
Subject: delivery_defer_packages: nametmp and package_name must use the same
 buffer size

---
 src/lib/delivery/delivery.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery.c b/src/lib/delivery/delivery.c
index eb74b6c..a068923 100644
--- a/src/lib/delivery/delivery.c
+++ b/src/lib/delivery/delivery.c
@@ -368,7 +368,7 @@ void delivery_defer_packages(struct Delivery *ctx, int type) {
         // Compile a list of packages that are *also* to be tested.
         char *spec_begin = strpbrk(name, "@~=<>!");
         char *spec_end = spec_begin;
-        char package_name[255] = {0};
+        char package_name[STASIS_NAME_MAX] = {0};
 
         if (spec_end) {
             // A version is present in the package name. Jump past operator(s).
@@ -386,7 +386,7 @@ void delivery_defer_packages(struct Delivery *ctx, int type) {
         // When spec is present in name, set tests->version to the version detected in the name
         for (size_t x = 0; x < ctx->tests->num_used; x++) {
             struct Test *test = ctx->tests->test[x];
-            char nametmp[1024] = {0};
+            char nametmp[STASIS_NAME_MAX] = {0};
 
             strncpy(nametmp, package_name, sizeof(nametmp) - 1);
             // Is the [test:NAME] in the package name?
-- 
cgit 


From d1b5c231cfcc1543e64c89364e2f72172d1d501e Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 22 Apr 2026 11:25:37 -0400
Subject: delivery_duplicate: return on memory error

---
 src/lib/delivery/delivery.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery.c b/src/lib/delivery/delivery.c
index a068923..e32a805 100644
--- a/src/lib/delivery/delivery.c
+++ b/src/lib/delivery/delivery.c
@@ -62,6 +62,7 @@ struct Delivery *delivery_duplicate(const struct Delivery *ctx) {
     memcpy(&result->rules.content, &ctx->rules.content, sizeof(ctx->rules.content));
 
     if (ctx->rules._handle) {
+        /*
         result->rules._handle = malloc(sizeof(*result->rules._handle));
         result->rules._handle->section = malloc(result->rules._handle->section_count * sizeof(*result->rules._handle->section));
         memcpy(result->rules._handle, &ctx->rules._handle, sizeof(*ctx->rules._handle));
@@ -99,6 +100,10 @@ struct Delivery *delivery_duplicate(const struct Delivery *ctx) {
     result->system.arch = strdup_maybe(ctx->system.arch);
     if (ctx->system.platform) {
         result->system.platform = malloc(DELIVERY_PLATFORM_MAX * sizeof(*result->system.platform));
+        if (!result->system.platform) {
+            SYSERROR("%s", "unable to allocate space for system platform array");
+            return NULL;
+        }
         for (size_t i = 0; i < DELIVERY_PLATFORM_MAX; i++) {
             result->system.platform[i] = strdup_maybe(ctx->system.platform[i]);
         }
-- 
cgit 


From 5e98c85b5184d9d5ac2dbd2def0186aec927071c Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 22 Apr 2026 11:28:06 -0400
Subject: delivery_purge_packages: handle bad function pointer (unlikely)

---
 src/lib/delivery/delivery_install.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery_install.c b/src/lib/delivery/delivery_install.c
index 1e2b82c..51b78fa 100644
--- a/src/lib/delivery/delivery_install.c
+++ b/src/lib/delivery/delivery_install.c
@@ -128,6 +128,11 @@ int delivery_overlay_packages_from_env(struct Delivery *ctx, const char *env_nam
     return 0;
 }
 
+static int fn_nop(const char *command) {
+    (void) command;
+    return 1;
+}
+
 int delivery_purge_packages(struct Delivery *ctx, const char *env_name, int use_pkg_manager) {
     int status = 0;
     char subcommand[100] = {0};
@@ -158,6 +163,7 @@ int delivery_purge_packages(struct Delivery *ctx, const char *env_name, int use_
             break;
         default:
             SYSERROR("Unknown package manager: %d", use_pkg_manager);
+            fn = fn_nop;
             status = -1;
             break;
     }
@@ -175,11 +181,12 @@ int delivery_purge_packages(struct Delivery *ctx, const char *env_name, int use_
             SYSERROR("%s removal operation failed", package_manager);
             guard_free(command);
             status = 1;
-            break;
+            goto cleanup;
         }
         guard_free(command);
     }
 
+    cleanup:
     if (current_env) {
         conda_activate(ctx->storage.conda_install_prefix, current_env);
         guard_free(current_env);
@@ -213,6 +220,11 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
         runner = pip_exec;
     }
 
+    if (!runner) {
+        SYSERROR("Invalid callback runner of type: %d", type);
+        return -1;
+    }
+
     if (INSTALL_PKG_CONDA_DEFERRED & type) {
         strncat(command_base, " --use-local", sizeof(command_base) - strlen(command_base) - 1);
     } else if (INSTALL_PKG_PIP_DEFERRED & type) {
-- 
cgit 


From 5cd74d0e266bdec0de6e7463126220bc8f3722e8 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 22 Apr 2026 12:38:53 -0400
Subject: duplicate_delivery: handle error conditions

* but also memcpy might not be enough here
---
 src/lib/delivery/delivery.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery.c b/src/lib/delivery/delivery.c
index e32a805..5403743 100644
--- a/src/lib/delivery/delivery.c
+++ b/src/lib/delivery/delivery.c
@@ -62,10 +62,20 @@ struct Delivery *delivery_duplicate(const struct Delivery *ctx) {
     memcpy(&result->rules.content, &ctx->rules.content, sizeof(ctx->rules.content));
 
     if (ctx->rules._handle) {
-        /*
+        SYSDEBUG("%s", "duplicating INIFILE handle - BEGIN");
         result->rules._handle = malloc(sizeof(*result->rules._handle));
-        result->rules._handle->section = malloc(result->rules._handle->section_count * sizeof(*result->rules._handle->section));
+        if (!result->rules._handle) {
+            SYSERROR("%s", "unable to allocate space for INIFILE handle");
+            return NULL;
+        }
+        result->rules._handle->section = malloc(ctx->rules._handle->section_count * sizeof(**ctx->rules._handle->section));
+        if (!result->rules._handle->section) {
+            guard_free(result->rules._handle);
+            SYSERROR("%s", "unable to allocate space for INIFILE section");
+            return NULL;
+        }
         memcpy(result->rules._handle, &ctx->rules._handle, sizeof(*ctx->rules._handle));
+        SYSDEBUG("%s", "duplicating INIFILE handle - END");
     }
 
     // Runtime
-- 
cgit 


From 0d74970b8e7313e4dd722efce135c24de4aba7b2 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 22 Apr 2026 13:25:56 -0400
Subject: artifactory_download_cli: Add more SYSDEBUG statements

---
 src/lib/delivery/delivery_artifactory.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery_artifactory.c b/src/lib/delivery/delivery_artifactory.c
index 0a74241..1e93fd5 100644
--- a/src/lib/delivery/delivery_artifactory.c
+++ b/src/lib/delivery/delivery_artifactory.c
@@ -4,8 +4,12 @@ int delivery_init_artifactory(struct Delivery *ctx) {
     int status = 0;
     char dest[PATH_MAX] = {0};
     char filepath[PATH_MAX] = {0};
+
+    SYSDEBUG("%s", "Initializing artifactory tools");
     snprintf(dest, sizeof(dest), "%s/bin", ctx->storage.tools_dir);
+    SYSDEBUG("dest=%s", dest);
     snprintf(filepath, sizeof(dest), "%s/bin/jf", ctx->storage.tools_dir);
+    SYSDEBUG("filepath=%s", filepath);
 
     if (!access(filepath, F_OK)) {
         // already have it
@@ -13,6 +17,7 @@ int delivery_init_artifactory(struct Delivery *ctx) {
         goto delivery_init_artifactory_envsetup;
     }
 
+    SYSDEBUG("%s", "Assign platform");
     char *platform = ctx->system.platform[DELIVERY_PLATFORM];
     msg(STASIS_MSG_L3, "Downloading %s for %s %s\n", globals.jfrog.remote_filename, platform, ctx->system.arch);
     if ((status = artifactory_download_cli(dest,
-- 
cgit 


From a009035b2744be16836aebd81c18bb1a437d236e Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 22 Apr 2026 16:04:02 -0400
Subject: Use snprintf

---
 src/lib/delivery/delivery_docker.c  | 4 ++--
 src/lib/delivery/delivery_install.c | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery_docker.c b/src/lib/delivery/delivery_docker.c
index e5f1c2f..6aa977a 100644
--- a/src/lib/delivery/delivery_docker.c
+++ b/src/lib/delivery/delivery_docker.c
@@ -49,7 +49,7 @@ int delivery_docker(struct Delivery *ctx) {
 
         const char *tag_fmt = " -t \"%s\" ";
         const int tag_fmt_len = snprintf(NULL, 0, tag_fmt, tag);
-        snprintf(args + strlen(args), tag_fmt_len, tag_fmt, tag);
+        snprintf(args + strlen(args), sizeof(args) - strlen(args) - tag_fmt_len, tag_fmt, tag);
     }
 
     // Append build arguments to command (i.e. --build-arg "key=value"
@@ -61,7 +61,7 @@ int delivery_docker(struct Delivery *ctx) {
 
         const char *build_arg_fmt = " --build-arg \"%s\" ";
         const int build_arg_fmt_len = snprintf(NULL, 0, build_arg_fmt, build_arg);
-        snprintf(args + strlen(args), sizeof(args) - build_arg_fmt_len, build_arg_fmt, build_arg);
+        snprintf(args + strlen(args), sizeof(args) - strlen(args) - build_arg_fmt_len, build_arg_fmt, build_arg);
     }
 
     // Build the image
diff --git a/src/lib/delivery/delivery_install.c b/src/lib/delivery/delivery_install.c
index 51b78fa..26bd98f 100644
--- a/src/lib/delivery/delivery_install.c
+++ b/src/lib/delivery/delivery_install.c
@@ -320,7 +320,7 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
                             return -1;
                         }
                     }
-                    snprintf(args + strlen(args), required_len + 1, fmt, req, info->version);
+                    snprintf(args + strlen(args), sizeof(args) - strlen(args) - required_len + 1, fmt, req, info->version);
                 } else {
                     fprintf(stderr, "Deferred package '%s' is not present in the tested package list!\n", name);
                     guard_free(args);
@@ -338,7 +338,7 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
                             return -1;
                         }
                     }
-                    snprintf(args + strlen(args), required_len + 1, fmt, name);
+                    snprintf(args + strlen(args), sizeof(args) - strlen(args) - required_len + 1, fmt, name);
                 } else {
                     const char *fmt_append = "%s '%s'";
                     const char *fmt = " '%s'";
@@ -350,7 +350,7 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
                             return -1;
                         }
                     }
-                    snprintf(args + strlen(args), required_len + 1, fmt, name);
+                    snprintf(args + strlen(args), sizeof(args) - strlen(args) - required_len + 1, fmt, name);
                 }
             }
         }
-- 
cgit 


From 44ed1c60ad8f838bfb6cfff26683bf706285552a Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Thu, 23 Apr 2026 01:26:03 -0400
Subject: Fix snprintfs

---
 src/lib/delivery/delivery_conda.c   | 12 ++++++++----
 src/lib/delivery/delivery_docker.c  | 10 ++--------
 src/lib/delivery/delivery_install.c | 10 ++++------
 3 files changed, 14 insertions(+), 18 deletions(-)

(limited to 'src/lib/delivery')

diff --git a/src/lib/delivery/delivery_conda.c b/src/lib/delivery/delivery_conda.c
index d6898a4..cf61abb 100644
--- a/src/lib/delivery/delivery_conda.c
+++ b/src/lib/delivery/delivery_conda.c
@@ -4,25 +4,29 @@ void delivery_get_conda_installer_url(struct Delivery *ctx, char *result, size_t
     int len = 0;
     if (ctx->conda.installer_version) {
         // Use version specified by configuration file
-        len = snprintf(NULL, 0, ctx->conda.installer_baseurl,
+        len = snprintf(NULL, 0, "%s/%s-%s-%s-%s.sh",
+                ctx->conda.installer_baseurl,
                 ctx->conda.installer_name,
                 ctx->conda.installer_version,
                 ctx->conda.installer_platform,
                 ctx->conda.installer_arch);
 
-        snprintf(result, maxlen - len, "%s/%s-%s-%s-%s.sh", ctx->conda.installer_baseurl,
+        snprintf(result, maxlen - len, "%s/%s-%s-%s-%s.sh",
+                ctx->conda.installer_baseurl,
                 ctx->conda.installer_name,
                 ctx->conda.installer_version,
                 ctx->conda.installer_platform,
                 ctx->conda.installer_arch);
     } else {
         // Use latest installer
-        len = snprintf(NULL, 0, "%s/%s-%s-%s.sh", ctx->conda.installer_baseurl,
+        len = snprintf(NULL, 0, "%s/%s-%s-%s.sh",
+                ctx->conda.installer_baseurl,
                 ctx->conda.installer_name,
                 ctx->conda.installer_platform,
                 ctx->conda.installer_arch);
 
-        snprintf(result, maxlen - len, "%s/%s-%s-%s.sh", ctx->conda.installer_baseurl,
+        snprintf(result, maxlen - len, "%s/%s-%s-%s.sh",
+                ctx->conda.installer_baseurl,
                 ctx->conda.installer_name,
                 ctx->conda.installer_platform,
                 ctx->conda.installer_arch);
diff --git a/src/lib/delivery/delivery_docker.c b/src/lib/delivery/delivery_docker.c
index 6aa977a..1178a8c 100644
--- a/src/lib/delivery/delivery_docker.c
+++ b/src/lib/delivery/delivery_docker.c
@@ -46,10 +46,7 @@ int delivery_docker(struct Delivery *ctx) {
         char *tag_orig = strlist_item(ctx->deploy.docker.tags, i);
         strncpy(tag, tag_orig, sizeof(tag) - 1);
         docker_sanitize_tag(tag);
-
-        const char *tag_fmt = " -t \"%s\" ";
-        const int tag_fmt_len = snprintf(NULL, 0, tag_fmt, tag);
-        snprintf(args + strlen(args), sizeof(args) - strlen(args) - tag_fmt_len, tag_fmt, tag);
+        snprintf(args + strlen(args), sizeof(args) - strlen(args), " -t \"%s\" ", tag);
     }
 
     // Append build arguments to command (i.e. --build-arg "key=value"
@@ -58,10 +55,7 @@ int delivery_docker(struct Delivery *ctx) {
         if (!build_arg) {
             break;
         }
-
-        const char *build_arg_fmt = " --build-arg \"%s\" ";
-        const int build_arg_fmt_len = snprintf(NULL, 0, build_arg_fmt, build_arg);
-        snprintf(args + strlen(args), sizeof(args) - strlen(args) - build_arg_fmt_len, build_arg_fmt, build_arg);
+        snprintf(args + strlen(args), sizeof(args) - strlen(args), " --build-arg \"%s\" ", build_arg);
     }
 
     // Build the image
diff --git a/src/lib/delivery/delivery_install.c b/src/lib/delivery/delivery_install.c
index 26bd98f..22b3752 100644
--- a/src/lib/delivery/delivery_install.c
+++ b/src/lib/delivery/delivery_install.c
@@ -234,9 +234,7 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
         if (!ctx->meta.based_on) {
             strncat(command_base, " --upgrade", sizeof(command_base) - strlen(command_base) - 1);
         }
-        const char *command_base_fmt = " --extra-index-url 'file://%s'";
-        const int len = snprintf(NULL, 0, command_base_fmt, ctx->storage.wheel_artifact_dir);
-        snprintf(command_base + strlen(command_base), sizeof(command_base) - len, command_base_fmt, ctx->storage.wheel_artifact_dir);
+        snprintf(command_base + strlen(command_base), sizeof(command_base), " --extra-index-url 'file://%s'", ctx->storage.wheel_artifact_dir);
     }
 
     size_t args_alloc_len = STASIS_BUFSIZ;
@@ -320,7 +318,7 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
                             return -1;
                         }
                     }
-                    snprintf(args + strlen(args), sizeof(args) - strlen(args) - required_len + 1, fmt, req, info->version);
+                    snprintf(args + strlen(args), args_alloc_len - strlen(args), fmt, req, info->version);
                 } else {
                     fprintf(stderr, "Deferred package '%s' is not present in the tested package list!\n", name);
                     guard_free(args);
@@ -338,7 +336,7 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
                             return -1;
                         }
                     }
-                    snprintf(args + strlen(args), sizeof(args) - strlen(args) - required_len + 1, fmt, name);
+                    snprintf(args + strlen(args), args_alloc_len - strlen(args), fmt, name);
                 } else {
                     const char *fmt_append = "%s '%s'";
                     const char *fmt = " '%s'";
@@ -350,7 +348,7 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
                             return -1;
                         }
                     }
-                    snprintf(args + strlen(args), sizeof(args) - strlen(args) - required_len + 1, fmt, name);
+                    snprintf(args + strlen(args), args_alloc_len - strlen(args), fmt, name);
                 }
             }
         }
-- 
cgit