You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
libraw1394/libraw1394-2.0.0-coverity-p...

299 lines
8.9 KiB

From: Erik Hovland <erik@hovland.org>
Series of coverity prevent-inspired fixes.
--
Makes extra sure strings are not overrun.
When using strncpy with the exact size of the destination string the
string may end up lacking null termination because the source string is
bigger then the destination.
--
Makes sure to check any return values
The return value of any function should be checked if that function
uses the return value to provide some sort of status information.
--
Makes sure a value is returned by the function.
A function can compile without returning something always.
--
Make sure that we have the right types.
When an unsigned type is assigned a signed value, the
negatived value is never seen.
--
Compare unsigned values instead of subtracting them.
Unsigned values do not return signed values when subtracted
and the right operand is larger then the left operand.
--
Protect against resource leaks.
--
Make sure variables are initialized before used.
Signed-off-by: Erik Hovland <erik@hovland.org>
---
src/dispatch.c | 11 ++++++++---
src/fw-iso.c | 11 +++++++----
src/fw.c | 49 +++++++++++++++++++++++++++++--------------------
tools/testlibraw.c | 3 ++-
4 files changed, 46 insertions(+), 28 deletions(-)
diff -Naurp libraw1394-2.0.0.orig/src/dispatch.c libraw1394-2.0.0/src/dispatch.c
--- libraw1394-2.0.0.orig/src/dispatch.c 2008-07-06 14:48:17.000000000 -0400
+++ libraw1394-2.0.0/src/dispatch.c 2008-10-01 10:58:16.000000000 -0400
@@ -48,7 +48,10 @@ raw1394handle_t raw1394_new_handle(void)
else if (handle) {
handle->is_fw = 1;
handle->mode.fw = fw_handle;
- }
+ } else if (fw_handle)
+ fw_destroy_handle(fw_handle);
+ else if (ieee1394_handle)
+ ieee1394_destroy_handle(ieee1394_handle);
}
return handle;
}
@@ -75,14 +78,16 @@ raw1394handle_t raw1394_new_handle_on_po
if (handle) {
handle->is_fw = 0;
handle->mode.ieee1394 = ieee1394_handle;
- }
+ } else
+ ieee1394_destroy_handle(ieee1394_handle);
}
else if (fw_handle = fw_new_handle_on_port(port)) {
handle = (raw1394handle_t) malloc(sizeof(struct raw1394_handle));
if (handle) {
handle->is_fw = 1;
handle->mode.fw = fw_handle;
- }
+ } else
+ fw_destroy_handle(fw_handle);
}
return handle;
}
diff -Naurp libraw1394-2.0.0.orig/src/fw.c libraw1394-2.0.0/src/fw.c
--- libraw1394-2.0.0.orig/src/fw.c 2008-07-05 16:09:29.000000000 -0400
+++ libraw1394-2.0.0/src/fw.c 2008-10-01 10:58:16.000000000 -0400
@@ -125,7 +125,7 @@ scan_devices(fw_handle_t handle)
char filename[32];
struct fw_cdev_get_info get_info;
struct fw_cdev_event_bus_reset reset;
- int fd, err, i;
+ int fd, err, i, fname_str_sz;
struct port *ports;
ports = handle->ports;
@@ -162,8 +162,9 @@ scan_devices(fw_handle_t handle)
continue;
if (i < MAX_PORTS && reset.node_id == reset.local_node_id) {
- strncpy(ports[i].device_file, filename,
- sizeof ports[i].device_file);
+ fname_str_sz = sizeof(ports[i].device_file) - 1;
+ strncpy(ports[i].device_file, filename, fname_str_sz);
+ ports[i].device_file[fname_str_sz] = '\0';
ports[i].node_count = (reset.root_node_id & 0x3f) + 1;
ports[i].card = get_info.card;
i++;
@@ -315,7 +316,7 @@ handle_inotify(raw1394handle_t handle, s
struct fw_cdev_get_info info;
struct fw_cdev_event_bus_reset reset;
struct epoll_event ep;
- int i, len, fd, phy_id;
+ int i, len, fd, phy_id, fname_str_sz;
event = (struct inotify_event *) fwhandle->buffer;
len = read(fwhandle->inotify_fd, event, BUFFER_SIZE);
@@ -365,8 +366,9 @@ handle_inotify(raw1394handle_t handle, s
fwhandle->devices[i].node_id = reset.node_id;
fwhandle->devices[i].generation = reset.generation;
fwhandle->devices[i].fd = fd;
- strncpy(fwhandle->devices[i].filename, filename,
- sizeof fwhandle->devices[i].filename);
+ fname_str_sz = sizeof(fwhandle->devices[i].filename) - 1;
+ strncpy(fwhandle->devices[i].filename, filename, fname_str_sz);
+ fwhandle->devices[i].filename[fname_str_sz] = '\0';
fwhandle->devices[i].closure.func = handle_device_event;
ep.events = EPOLLIN;
ep.data.ptr = &fwhandle->devices[i].closure;
@@ -501,8 +503,10 @@ fw_handle_t fw_new_handle_on_port(int po
if (handle == NULL)
return NULL;
- if (fw_set_port(handle, port) < 0)
+ if (fw_set_port(handle, port) < 0) {
+ fw_destroy_handle(handle);
return NULL;
+ }
return handle;
}
@@ -538,15 +542,17 @@ int fw_get_port_info(fw_handle_t handle,
struct raw1394_portinfo *pinf,
int maxports)
{
- int i;
+ int i, port_name_sz;
if (maxports >= handle->port_count)
maxports = handle->port_count;
for (i = 0; i < maxports; i++) {
pinf[i].nodes = handle->ports[i].node_count;
+ port_name_sz = sizeof(pinf[i].name) - 1;
strncpy(pinf[i].name, handle->ports[i].device_file,
- sizeof pinf[i].name);
+ port_name_sz);
+ pinf[i].name[port_name_sz] = '\0';
}
return handle->port_count;
@@ -560,7 +566,7 @@ int fw_set_port(fw_handle_t handle, int
struct dirent *de;
char filename[32];
DIR *dir;
- int i, fd, phy_id;
+ int i, fd, phy_id, fname_str_sz;
if (port >= handle->port_count) {
errno = EINVAL;
@@ -606,8 +612,9 @@ int fw_set_port(fw_handle_t handle, int
handle->devices[i].node_id = reset.node_id;
handle->devices[i].generation = reset.generation;
handle->devices[i].fd = fd;
- strncpy(handle->devices[i].filename, filename,
- sizeof handle->devices[i].filename);
+ fname_str_sz = sizeof(handle->devices[i].filename) -1;
+ strncpy(handle->devices[i].filename, filename, fname_str_sz);
+ handle->devices[i].filename[fname_str_sz] = '\0';
handle->devices[i].closure.func = handle_device_event;
memset(&ep, 0, sizeof(ep));
@@ -623,8 +630,9 @@ int fw_set_port(fw_handle_t handle, int
if (reset.node_id == reset.local_node_id) {
memcpy(&handle->reset, &reset, sizeof handle->reset);
handle->local_fd = fd;
- strncpy(handle->local_filename, filename,
- sizeof handle->local_filename);
+ fname_str_sz = sizeof(handle->local_filename) -1;
+ strncpy(handle->local_filename, filename, fname_str_sz);
+ handle->local_filename[fname_str_sz] = '\0';
}
i++;
@@ -1174,14 +1182,14 @@ fw_lock(raw1394handle_t handle, nodeid_t
quadlet_t *result)
{
quadlet_t buffer[2];
- size_t length;
+ ssize_t length;
length = setup_lock(extcode, data, arg, buffer);
if (length < 0)
return length;
return send_request_sync(handle, 16 + extcode, node, addr,
- length, buffer, result);
+ (size_t) length, buffer, result);
}
int
@@ -1190,14 +1198,14 @@ fw_lock64(raw1394handle_t handle, nodeid
octlet_t *result)
{
octlet_t buffer[2];
- size_t length;
+ ssize_t length;
length = setup_lock64(extcode, data, arg, buffer);
if (length < 0)
return length;
return send_request_sync(handle, 16 + extcode, node, addr,
- length, buffer, result);
+ (size_t) length, buffer, result);
}
int
@@ -1308,9 +1316,10 @@ fw_bandwidth_modify (raw1394handle_t han
compare = ntohl (buffer);
switch (mode) {
case RAW1394_MODIFY_ALLOC:
- swap = compare - bandwidth;
- if (swap < 0)
+ if (compare < bandwidth)
return -1;
+
+ swap = compare - bandwidth;
break;
case RAW1394_MODIFY_FREE:
diff -Naurp libraw1394-2.0.0.orig/src/fw-iso.c libraw1394-2.0.0/src/fw-iso.c
--- libraw1394-2.0.0.orig/src/fw-iso.c 2008-07-05 16:16:30.000000000 -0400
+++ libraw1394-2.0.0/src/fw-iso.c 2008-10-01 10:58:40.000000000 -0400
@@ -76,6 +76,7 @@ queue_packet(fw_handle_t handle,
if (err < 0)
return -1;
}
+ return 0;
}
static int
@@ -84,7 +85,8 @@ queue_xmit_packets(raw1394handle_t handl
fw_handle_t fwhandle = handle->mode.fw;
enum raw1394_iso_disposition d;
unsigned char tag, sy;
- int len, cycle, dropped;
+ int len, cycle = -1;
+ unsigned int dropped = 0;
if (fwhandle->iso.xmit_handler == NULL)
return 0;
@@ -259,6 +261,7 @@ int fw_iso_xmit_write(raw1394handle_t ha
struct fw_cdev_queue_iso queue_iso;
struct fw_cdev_start_iso start_iso;
struct fw_cdev_iso_packet *p;
+ int retval;
if (len > fwhandle->iso.max_packet_size) {
errno = EINVAL;
@@ -283,10 +286,10 @@ int fw_iso_xmit_write(raw1394handle_t ha
start_iso.cycle = fwhandle->iso.start_on_cycle;
start_iso.handle = 0;
- len = ioctl(fwhandle->iso.fd,
+ retval = ioctl(fwhandle->iso.fd,
FW_CDEV_IOC_START_ISO, &start_iso);
- if (len < 0)
- return len;
+ if (retval < 0)
+ return retval;
}
return 0;
diff -Naurp libraw1394-2.0.0.orig/tools/testlibraw.c libraw1394-2.0.0/tools/testlibraw.c
--- libraw1394-2.0.0.orig/tools/testlibraw.c 2008-07-05 16:09:29.000000000 -0400
+++ libraw1394-2.0.0/tools/testlibraw.c 2008-10-01 10:58:02.000000000 -0400
@@ -180,7 +180,8 @@ int main(int argc, char **argv)
perror("failed");
continue;
}
- raw1394_loop_iterate(handle);
+ if (raw1394_loop_iterate(handle))
+ perror("failed");
}
printf("\nusing standard tag handler and synchronous calls\n");