You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
141 lines
4.2 KiB
141 lines
4.2 KiB
Originally submitted via Red Hat bugzilla by Philippe Troin:
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=451727
|
|
|
|
Description:
|
|
|
|
While trying to track down some crashes in kino, I found the following problems
|
|
with libraw1394:
|
|
|
|
* There is a DIR* leak in raw1394_set_port().
|
|
* Lots of data structures are not fully initialized when calling IEEE1394
|
|
ioctl()s. These cause valgrind errors (benign, as valgrind does not know
|
|
how to interpret all ioctls. However these also cause kino to crash in
|
|
libraw1394. I've added a bunch of memset()s to prevent this problem from
|
|
happening.
|
|
|
|
Author: Philippe Troin <phil@fifi.org>
|
|
|
|
Forward-ported to libraw1394 git tree by Jarod Wilson.
|
|
|
|
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
|
|
|
|
--
|
|
|
|
src/fw-iso.c | 2 ++
|
|
src/fw.c | 15 ++++++++++++++-
|
|
tools/testlibraw.c | 1 +
|
|
3 files changed, 17 insertions(+), 1 deletions(-)
|
|
|
|
diff --git a/src/fw-iso.c b/src/fw-iso.c
|
|
index 471d981..a1794c3 100644
|
|
--- a/src/fw-iso.c
|
|
+++ b/src/fw-iso.c
|
|
@@ -401,6 +401,7 @@ iso_init(fw_handle_t handle, int type,
|
|
}
|
|
|
|
handle->iso.closure.func = handle_iso_event;
|
|
+ memset(&ep, 0, sizeof(ep));
|
|
ep.events = EPOLLIN;
|
|
ep.data.ptr = &handle->iso.closure;
|
|
if (epoll_ctl(handle->epoll_fd, EPOLL_CTL_ADD,
|
|
@@ -411,6 +412,7 @@ iso_init(fw_handle_t handle, int type,
|
|
return -1;
|
|
}
|
|
|
|
+ memset(&create, 0, sizeof(create));
|
|
create.type = type;
|
|
create.channel = channel;
|
|
create.speed = speed;
|
|
diff --git a/src/fw.c b/src/fw.c
|
|
index 1322fe2..3c61385 100644
|
|
--- a/src/fw.c
|
|
+++ b/src/fw.c
|
|
@@ -149,6 +149,8 @@ scan_devices(fw_handle_t handle)
|
|
fd = open(filename, O_RDWR);
|
|
if (fd < 0)
|
|
continue;
|
|
+ memset(&get_info, 0, sizeof(get_info));
|
|
+ memset(&reset, 0, sizeof(reset));
|
|
get_info.version = FW_CDEV_VERSION;
|
|
get_info.rom = 0;
|
|
get_info.rom_length = 0;
|
|
@@ -404,7 +406,10 @@ fw_handle_t fw_new_handle(void)
|
|
struct epoll_event ep;
|
|
int i;
|
|
|
|
+ memset(&ep, 0, sizeof(ep));
|
|
+
|
|
handle = malloc(sizeof *handle);
|
|
+ memset(handle, 0, sizeof(*handle));
|
|
|
|
handle->tag_handler = default_tag_handler;
|
|
handle->arm_tag_handler = default_arm_tag_handler;
|
|
@@ -580,6 +585,8 @@ int fw_set_port(fw_handle_t handle, int port)
|
|
if (fd < 0)
|
|
continue;
|
|
|
|
+ memset(&get_info, 0, sizeof(get_info));
|
|
+ memset(&reset, 0, sizeof(reset));
|
|
get_info.version = FW_CDEV_VERSION;
|
|
get_info.rom = 0;
|
|
get_info.rom_length = 0;
|
|
@@ -603,10 +610,12 @@ int fw_set_port(fw_handle_t handle, int port)
|
|
sizeof handle->devices[i].filename);
|
|
|
|
handle->devices[i].closure.func = handle_device_event;
|
|
+ memset(&ep, 0, sizeof(ep));
|
|
ep.events = EPOLLIN;
|
|
ep.data.ptr = &handle->devices[i].closure;
|
|
if (epoll_ctl(handle->epoll_fd, EPOLL_CTL_ADD, fd, &ep) < 0) {
|
|
close(fd);
|
|
+ closedir(dir);
|
|
return -1;
|
|
}
|
|
|
|
@@ -621,6 +630,8 @@ int fw_set_port(fw_handle_t handle, int port)
|
|
i++;
|
|
}
|
|
|
|
+ closedir(dir);
|
|
+
|
|
return 0;
|
|
}
|
|
|
|
@@ -1220,6 +1231,7 @@ fw_start_fcp_listen(fw_handle_t handle)
|
|
|
|
closure->callback = handle_fcp_request;
|
|
|
|
+ memset(&request, 0, sizeof(request));
|
|
request.offset = CSR_REGISTER_BASE + CSR_FCP_COMMAND;
|
|
request.length = CSR_FCP_END - CSR_FCP_COMMAND;
|
|
request.closure = ptr_to_u64(closure);
|
|
@@ -1256,6 +1268,7 @@ fw_get_config_rom(fw_handle_t handle, quadlet_t *buffer,
|
|
struct fw_cdev_get_info get_info;
|
|
int err;
|
|
|
|
+ memset(&get_info, 0, sizeof(get_info));
|
|
get_info.version = FW_CDEV_VERSION;
|
|
get_info.rom = ptr_to_u64(buffer);
|
|
get_info.rom_length = buffersize;
|
|
@@ -1284,7 +1297,7 @@ fw_bandwidth_modify (raw1394handle_t handle,
|
|
|
|
if (bandwidth == 0)
|
|
return 0;
|
|
-
|
|
+
|
|
addr = CSR_REGISTER_BASE + CSR_BANDWIDTH_AVAILABLE;
|
|
/* Read current bandwidth usage from IRM. */
|
|
result = raw1394_read (handle, raw1394_get_irm_id (handle), addr,
|
|
diff --git a/tools/testlibraw.c b/tools/testlibraw.c
|
|
index 2f02a6d..efd87ad 100644
|
|
--- a/tools/testlibraw.c
|
|
+++ b/tools/testlibraw.c
|
|
@@ -202,6 +202,7 @@ int main(int argc, char **argv)
|
|
read_topology_map(handle);
|
|
|
|
printf("testing config rom stuff\n");
|
|
+ memset(rom, 0, sizeof(rom));
|
|
retval=raw1394_get_config_rom(handle, rom, 0x100, &rom_size, &rom_version);
|
|
printf("get_config_rom returned %d, romsize %d, rom_version %d\n",retval,rom_size,rom_version);
|
|
printf("here are the first 10 quadlets:\n");
|