From fdb38798c4bda73eee70df0ec134d22c5d158369 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Wed, 1 Oct 2008 15:13:24 +0000 Subject: [PATCH] - Misc fixes from Erik Hovland, based on coverity prevent analysis --- libraw1394-2.0.0-coverity-prevent-fixes.patch | 298 ++++++++++++++++++ libraw1394.spec | 5 + 2 files changed, 303 insertions(+) create mode 100644 libraw1394-2.0.0-coverity-prevent-fixes.patch diff --git a/libraw1394-2.0.0-coverity-prevent-fixes.patch b/libraw1394-2.0.0-coverity-prevent-fixes.patch new file mode 100644 index 0000000..b6ec3c3 --- /dev/null +++ b/libraw1394-2.0.0-coverity-prevent-fixes.patch @@ -0,0 +1,298 @@ +From: Erik Hovland + +Series of coverity prevent-inspired fixes. + +-- +Makes extra sure strings are not overrun. + +When using strncpy with the exact size of the destination string the +string may end up lacking null termination because the source string is +bigger then the destination. + +-- +Makes sure to check any return values + +The return value of any function should be checked if that function +uses the return value to provide some sort of status information. + +-- +Makes sure a value is returned by the function. + +A function can compile without returning something always. + +-- +Make sure that we have the right types. + +When an unsigned type is assigned a signed value, the +negatived value is never seen. + + +-- +Compare unsigned values instead of subtracting them. + +Unsigned values do not return signed values when subtracted +and the right operand is larger then the left operand. + +-- +Protect against resource leaks. + +-- +Make sure variables are initialized before used. + + +Signed-off-by: Erik Hovland +--- + + src/dispatch.c | 11 ++++++++--- + src/fw-iso.c | 11 +++++++---- + src/fw.c | 49 +++++++++++++++++++++++++++++-------------------- + tools/testlibraw.c | 3 ++- + 4 files changed, 46 insertions(+), 28 deletions(-) + +diff -Naurp libraw1394-2.0.0.orig/src/dispatch.c libraw1394-2.0.0/src/dispatch.c +--- libraw1394-2.0.0.orig/src/dispatch.c 2008-07-06 14:48:17.000000000 -0400 ++++ libraw1394-2.0.0/src/dispatch.c 2008-10-01 10:58:16.000000000 -0400 +@@ -48,7 +48,10 @@ raw1394handle_t raw1394_new_handle(void) + else if (handle) { + handle->is_fw = 1; + handle->mode.fw = fw_handle; +- } ++ } else if (fw_handle) ++ fw_destroy_handle(fw_handle); ++ else if (ieee1394_handle) ++ ieee1394_destroy_handle(ieee1394_handle); + } + return handle; + } +@@ -75,14 +78,16 @@ raw1394handle_t raw1394_new_handle_on_po + if (handle) { + handle->is_fw = 0; + handle->mode.ieee1394 = ieee1394_handle; +- } ++ } else ++ ieee1394_destroy_handle(ieee1394_handle); + } + else if (fw_handle = fw_new_handle_on_port(port)) { + handle = (raw1394handle_t) malloc(sizeof(struct raw1394_handle)); + if (handle) { + handle->is_fw = 1; + handle->mode.fw = fw_handle; +- } ++ } else ++ fw_destroy_handle(fw_handle); + } + return handle; + } +diff -Naurp libraw1394-2.0.0.orig/src/fw.c libraw1394-2.0.0/src/fw.c +--- libraw1394-2.0.0.orig/src/fw.c 2008-07-05 16:09:29.000000000 -0400 ++++ libraw1394-2.0.0/src/fw.c 2008-10-01 10:58:16.000000000 -0400 +@@ -125,7 +125,7 @@ scan_devices(fw_handle_t handle) + char filename[32]; + struct fw_cdev_get_info get_info; + struct fw_cdev_event_bus_reset reset; +- int fd, err, i; ++ int fd, err, i, fname_str_sz; + struct port *ports; + + ports = handle->ports; +@@ -162,8 +162,9 @@ scan_devices(fw_handle_t handle) + continue; + + if (i < MAX_PORTS && reset.node_id == reset.local_node_id) { +- strncpy(ports[i].device_file, filename, +- sizeof ports[i].device_file); ++ fname_str_sz = sizeof(ports[i].device_file) - 1; ++ strncpy(ports[i].device_file, filename, fname_str_sz); ++ ports[i].device_file[fname_str_sz] = '\0'; + ports[i].node_count = (reset.root_node_id & 0x3f) + 1; + ports[i].card = get_info.card; + i++; +@@ -315,7 +316,7 @@ handle_inotify(raw1394handle_t handle, s + struct fw_cdev_get_info info; + struct fw_cdev_event_bus_reset reset; + struct epoll_event ep; +- int i, len, fd, phy_id; ++ int i, len, fd, phy_id, fname_str_sz; + + event = (struct inotify_event *) fwhandle->buffer; + len = read(fwhandle->inotify_fd, event, BUFFER_SIZE); +@@ -365,8 +366,9 @@ handle_inotify(raw1394handle_t handle, s + fwhandle->devices[i].node_id = reset.node_id; + fwhandle->devices[i].generation = reset.generation; + fwhandle->devices[i].fd = fd; +- strncpy(fwhandle->devices[i].filename, filename, +- sizeof fwhandle->devices[i].filename); ++ fname_str_sz = sizeof(fwhandle->devices[i].filename) - 1; ++ strncpy(fwhandle->devices[i].filename, filename, fname_str_sz); ++ fwhandle->devices[i].filename[fname_str_sz] = '\0'; + fwhandle->devices[i].closure.func = handle_device_event; + ep.events = EPOLLIN; + ep.data.ptr = &fwhandle->devices[i].closure; +@@ -501,8 +503,10 @@ fw_handle_t fw_new_handle_on_port(int po + if (handle == NULL) + return NULL; + +- if (fw_set_port(handle, port) < 0) ++ if (fw_set_port(handle, port) < 0) { ++ fw_destroy_handle(handle); + return NULL; ++ } + + return handle; + } +@@ -538,15 +542,17 @@ int fw_get_port_info(fw_handle_t handle, + struct raw1394_portinfo *pinf, + int maxports) + { +- int i; ++ int i, port_name_sz; + + if (maxports >= handle->port_count) + maxports = handle->port_count; + + for (i = 0; i < maxports; i++) { + pinf[i].nodes = handle->ports[i].node_count; ++ port_name_sz = sizeof(pinf[i].name) - 1; + strncpy(pinf[i].name, handle->ports[i].device_file, +- sizeof pinf[i].name); ++ port_name_sz); ++ pinf[i].name[port_name_sz] = '\0'; + } + + return handle->port_count; +@@ -560,7 +566,7 @@ int fw_set_port(fw_handle_t handle, int + struct dirent *de; + char filename[32]; + DIR *dir; +- int i, fd, phy_id; ++ int i, fd, phy_id, fname_str_sz; + + if (port >= handle->port_count) { + errno = EINVAL; +@@ -606,8 +612,9 @@ int fw_set_port(fw_handle_t handle, int + handle->devices[i].node_id = reset.node_id; + handle->devices[i].generation = reset.generation; + handle->devices[i].fd = fd; +- strncpy(handle->devices[i].filename, filename, +- sizeof handle->devices[i].filename); ++ fname_str_sz = sizeof(handle->devices[i].filename) -1; ++ strncpy(handle->devices[i].filename, filename, fname_str_sz); ++ handle->devices[i].filename[fname_str_sz] = '\0'; + + handle->devices[i].closure.func = handle_device_event; + memset(&ep, 0, sizeof(ep)); +@@ -623,8 +630,9 @@ int fw_set_port(fw_handle_t handle, int + if (reset.node_id == reset.local_node_id) { + memcpy(&handle->reset, &reset, sizeof handle->reset); + handle->local_fd = fd; +- strncpy(handle->local_filename, filename, +- sizeof handle->local_filename); ++ fname_str_sz = sizeof(handle->local_filename) -1; ++ strncpy(handle->local_filename, filename, fname_str_sz); ++ handle->local_filename[fname_str_sz] = '\0'; + } + + i++; +@@ -1174,14 +1182,14 @@ fw_lock(raw1394handle_t handle, nodeid_t + quadlet_t *result) + { + quadlet_t buffer[2]; +- size_t length; ++ ssize_t length; + + length = setup_lock(extcode, data, arg, buffer); + if (length < 0) + return length; + + return send_request_sync(handle, 16 + extcode, node, addr, +- length, buffer, result); ++ (size_t) length, buffer, result); + } + + int +@@ -1190,14 +1198,14 @@ fw_lock64(raw1394handle_t handle, nodeid + octlet_t *result) + { + octlet_t buffer[2]; +- size_t length; ++ ssize_t length; + + length = setup_lock64(extcode, data, arg, buffer); + if (length < 0) + return length; + + return send_request_sync(handle, 16 + extcode, node, addr, +- length, buffer, result); ++ (size_t) length, buffer, result); + } + + int +@@ -1308,9 +1316,10 @@ fw_bandwidth_modify (raw1394handle_t han + compare = ntohl (buffer); + switch (mode) { + case RAW1394_MODIFY_ALLOC: +- swap = compare - bandwidth; +- if (swap < 0) ++ if (compare < bandwidth) + return -1; ++ ++ swap = compare - bandwidth; + break; + + case RAW1394_MODIFY_FREE: +diff -Naurp libraw1394-2.0.0.orig/src/fw-iso.c libraw1394-2.0.0/src/fw-iso.c +--- libraw1394-2.0.0.orig/src/fw-iso.c 2008-07-05 16:16:30.000000000 -0400 ++++ libraw1394-2.0.0/src/fw-iso.c 2008-10-01 10:58:40.000000000 -0400 +@@ -76,6 +76,7 @@ queue_packet(fw_handle_t handle, + if (err < 0) + return -1; + } ++ return 0; + } + + static int +@@ -84,7 +85,8 @@ queue_xmit_packets(raw1394handle_t handl + fw_handle_t fwhandle = handle->mode.fw; + enum raw1394_iso_disposition d; + unsigned char tag, sy; +- int len, cycle, dropped; ++ int len, cycle = -1; ++ unsigned int dropped = 0; + + if (fwhandle->iso.xmit_handler == NULL) + return 0; +@@ -259,6 +261,7 @@ int fw_iso_xmit_write(raw1394handle_t ha + struct fw_cdev_queue_iso queue_iso; + struct fw_cdev_start_iso start_iso; + struct fw_cdev_iso_packet *p; ++ int retval; + + if (len > fwhandle->iso.max_packet_size) { + errno = EINVAL; +@@ -283,10 +286,10 @@ int fw_iso_xmit_write(raw1394handle_t ha + start_iso.cycle = fwhandle->iso.start_on_cycle; + start_iso.handle = 0; + +- len = ioctl(fwhandle->iso.fd, ++ retval = ioctl(fwhandle->iso.fd, + FW_CDEV_IOC_START_ISO, &start_iso); +- if (len < 0) +- return len; ++ if (retval < 0) ++ return retval; + } + + return 0; +diff -Naurp libraw1394-2.0.0.orig/tools/testlibraw.c libraw1394-2.0.0/tools/testlibraw.c +--- libraw1394-2.0.0.orig/tools/testlibraw.c 2008-07-05 16:09:29.000000000 -0400 ++++ libraw1394-2.0.0/tools/testlibraw.c 2008-10-01 10:58:02.000000000 -0400 +@@ -180,7 +180,8 @@ int main(int argc, char **argv) + perror("failed"); + continue; + } +- raw1394_loop_iterate(handle); ++ if (raw1394_loop_iterate(handle)) ++ perror("failed"); + } + + printf("\nusing standard tag handler and synchronous calls\n"); diff --git a/libraw1394.spec b/libraw1394.spec index 5d80015..09f839b 100644 --- a/libraw1394.spec +++ b/libraw1394.spec @@ -5,6 +5,7 @@ Release: 1%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: http://www.linux1394.org/dl/libraw1394-%{version}.tar.gz +Patch0: libraw1394-2.0.0-coverity-prevent-fixes.patch URL: http://www.linux1394.org/ ExcludeArch: s390 s390x BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -27,6 +28,7 @@ Development libraries needed to build applications against libraw1394. %prep %setup -q +%patch0 -p1 %build %configure --disable-static @@ -65,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Oct 01 2008 Jarod Wilson - 2.0.0-2 +- Misc fixes from Erik Hovland, based on coverity prevent analysis + * Fri Jul 18 2008 Jarod Wilson - 2.0.0-1 - Update to libraw1394 v2.0.0 release