ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VPP-189 Some bugfixes for issues reported by Coverity

Browse Source 
CID 130914 Buffer not null terminated
CID 130916 Unchecked return value
CID 130938 Unchecked return value from library
CID 130939 Unchecked return value from library
CID 130940 Unchecked return value from library
CID 131042 Argument cannot be negative
CID 131222 Resource leak
CID 131223 Resource leak
CID 131334 Double close
CID 131335 Read from pointer after free
CID 131211 Resource leak
CID 131212 Resource leak

Change-Id: Idd80b91f621278e0be15911f2ed4354dbe4fc7f2
Signed-off-by: Chris Luke <chrisy@flirble.org>
This commit is contained in:
Chris Luke
2016-07-07 11:01:17 -04:00
committed by Damjan Marion
parent ce3e971bab
commit 370e9e38e8
2 changed files with 66 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
svm/svm.c
View File

@ -225,14 +225,22 @@ static int svm_data_region_create (svm_map_region_args_t *a,
if (fstat(fd, &statb) < 0) {
clib_unix_warning("fstat");
close (fd);
return -2;
}
if (statb.st_mode & S_IFREG) {
if (statb.st_size == 0) {
lseek(fd, map_size, SEEK_SET);
if (write(fd, &junk, 1) != 1)
if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) {
clib_unix_warning ("seek region size");
close (fd);
return -3;
}
if (write(fd, &junk, 1) != 1) {
clib_unix_warning ("set region size");
close (fd);
return -3;
}
} else {
map_size = rnd_pagesize (statb.st_size);
}
@ -246,6 +254,7 @@ static int svm_data_region_create (svm_map_region_args_t *a,
if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) {
clib_unix_warning("mmap");
close (fd);
return -3;
}
close(fd);
@ -283,14 +292,22 @@ static int svm_data_region_map (svm_map_region_args_t *a,
if (fstat(fd, &statb) < 0) {
clib_unix_warning("fstat");
close (fd);
return -2;
}
if (statb.st_mode & S_IFREG) {
if (statb.st_size == 0) {
lseek(fd, map_size, SEEK_SET);
if (write(fd, &junk, 1) != 1)
if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) {
clib_unix_warning ("seek region size");
close (fd);
return -3;
}
if (write(fd, &junk, 1) != 1) {
clib_unix_warning ("set region size");
close (fd);
return -3;
}
} else {
map_size = rnd_pagesize (statb.st_size);
}
@ -304,6 +321,7 @@ static int svm_data_region_map (svm_map_region_args_t *a,
if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) {
clib_unix_warning("mmap");
close (fd);
return -3;
}
close(fd);
@ -399,15 +417,23 @@ void *svm_map_region (svm_map_region_args_t *a)
vec_free(shm_name);
lseek(svm_fd, a->size, SEEK_SET);
if (write(svm_fd, &junk, 1) != 1)
if (lseek(svm_fd, a->size, SEEK_SET) == (off_t) -1) {
clib_warning ("seek region size");
close (svm_fd);
return (0);
}
if (write(svm_fd, &junk, 1) != 1) {
clib_warning ("set region size");
close (svm_fd);
return (0);
}
rp = mmap((void *)a->baseva, a->size,
PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, svm_fd, 0);
if (rp == (svm_region_t *) MAP_FAILED) {
clib_unix_warning ("mmap create");
close (svm_fd);
return (0);
}
close(svm_fd);
@ -509,6 +535,7 @@ void *svm_map_region (svm_map_region_args_t *a)
while (1) {
if (0 != fstat(svm_fd, &stat)) {
clib_warning("fstat failed: %d", errno);
close (svm_fd);
return (0);
}
if (stat.st_size > 0) {
@ -516,6 +543,7 @@ void *svm_map_region (svm_map_region_args_t *a)
}
if (0 == time_left) {
clib_warning("waiting for resize of shm file timed out");
close (svm_fd);
return (0);
}
ts.tv_sec = 0;
@ -545,10 +573,10 @@ void *svm_map_region (svm_map_region_args_t *a)
* <bleep>-ed?
*/
if (rp->version == 0) {
close(svm_fd);
munmap(rp, a->size);
clib_warning("rp->version %d not %d", rp->version,
SVM_VERSION);
close(svm_fd);
munmap(rp, a->size);
return (0);
}
/* Remap now that the region has been placed */
@ -561,6 +589,7 @@ void *svm_map_region (svm_map_region_args_t *a)
MAP_SHARED | MAP_FIXED, svm_fd, 0);
if ((uword)rp == (uword)MAP_FAILED) {
clib_unix_warning ("mmap");
close (svm_fd);
return (0);
}

35
vlib/vlib/pci/linux_pci.c
View File

@ -123,6 +123,11 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name)
}
fd = socket(PF_INET, SOCK_DGRAM, 0);
if (fd < 0)
{
error = clib_error_return_unix (0, "socket");
goto done;
}
while((e = readdir (dir)))
{
@ -135,17 +140,32 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name)
memset(&ifr, 0, sizeof ifr);
memset(&drvinfo, 0, sizeof drvinfo);
ifr.ifr_data = (char *) &drvinfo;
strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ);
strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ - 1);
drvinfo.cmd = ETHTOOL_GDRVINFO;
ioctl (fd, SIOCETHTOOL, &ifr);
if (ioctl (fd, SIOCETHTOOL, &ifr) < 0)
{
if (errno == ENOTSUP)
/* Some interfaces (eg "lo") don't support this ioctl */
continue;
error = clib_error_return_unix (0, "ioctl fetch intf %s bus info",
e->d_name);
close (fd);
goto done;
}
if (strcmp ((char *) s, drvinfo.bus_info))
continue;
memset (&ifr, 0, sizeof(ifr));
strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ);
ioctl (fd, SIOCGIFFLAGS, &ifr);
close (fd);
strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ - 1);
if (ioctl (fd, SIOCGIFFLAGS, &ifr) < 0)
{
error = clib_error_return_unix (0, "ioctl fetch intf %s flags",
e->d_name);
close (fd);
goto done;
}
if (ifr.ifr_flags & IFF_UP)
{
@ -153,6 +173,7 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name)
"interface %s is up",
format_vlib_pci_addr, &d->bus_address,
e->d_name);
close (fd);
goto done;
}
}
@ -352,7 +373,7 @@ os_map_pci_resource_internal (uword os_handle,
done:
if (error)
{
if (fd > 0)
if (fd >= 0)
close (fd);
}
vec_free (file_name);
@ -478,6 +499,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored)
{
pool_put (pm->pci_devs, dev);
error = clib_error_return_unix (0, "read `%s'", f);
close (fd);
goto done;
}
@ -490,6 +512,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored)
{
pool_put (pm->pci_devs, dev);
error = clib_error_return (0, "invalid PCI config for `%s'", f);
close (fd);
goto done;
}
}