You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
299 lines
8.9 KiB
299 lines
8.9 KiB
From: Erik Hovland <erik@hovland.org>
|
|
|
|
Series of coverity prevent-inspired fixes.
|
|
|
|
--
|
|
Makes extra sure strings are not overrun.
|
|
|
|
When using strncpy with the exact size of the destination string the
|
|
string may end up lacking null termination because the source string is
|
|
bigger then the destination.
|
|
|
|
--
|
|
Makes sure to check any return values
|
|
|
|
The return value of any function should be checked if that function
|
|
uses the return value to provide some sort of status information.
|
|
|
|
--
|
|
Makes sure a value is returned by the function.
|
|
|
|
A function can compile without returning something always.
|
|
|
|
--
|
|
Make sure that we have the right types.
|
|
|
|
When an unsigned type is assigned a signed value, the
|
|
negatived value is never seen.
|
|
|
|
|
|
--
|
|
Compare unsigned values instead of subtracting them.
|
|
|
|
Unsigned values do not return signed values when subtracted
|
|
and the right operand is larger then the left operand.
|
|
|
|
--
|
|
Protect against resource leaks.
|
|
|
|
--
|
|
Make sure variables are initialized before used.
|
|
|
|
|
|
Signed-off-by: Erik Hovland <erik@hovland.org>
|
|
---
|
|
|
|
src/dispatch.c | 11 ++++++++---
|
|
src/fw-iso.c | 11 +++++++----
|
|
src/fw.c | 49 +++++++++++++++++++++++++++++--------------------
|
|
tools/testlibraw.c | 3 ++-
|
|
4 files changed, 46 insertions(+), 28 deletions(-)
|
|
|
|
diff -Naurp libraw1394-2.0.0.orig/src/dispatch.c libraw1394-2.0.0/src/dispatch.c
|
|
--- libraw1394-2.0.0.orig/src/dispatch.c 2008-07-06 14:48:17.000000000 -0400
|
|
+++ libraw1394-2.0.0/src/dispatch.c 2008-10-01 10:58:16.000000000 -0400
|
|
@@ -48,7 +48,10 @@ raw1394handle_t raw1394_new_handle(void)
|
|
else if (handle) {
|
|
handle->is_fw = 1;
|
|
handle->mode.fw = fw_handle;
|
|
- }
|
|
+ } else if (fw_handle)
|
|
+ fw_destroy_handle(fw_handle);
|
|
+ else if (ieee1394_handle)
|
|
+ ieee1394_destroy_handle(ieee1394_handle);
|
|
}
|
|
return handle;
|
|
}
|
|
@@ -75,14 +78,16 @@ raw1394handle_t raw1394_new_handle_on_po
|
|
if (handle) {
|
|
handle->is_fw = 0;
|
|
handle->mode.ieee1394 = ieee1394_handle;
|
|
- }
|
|
+ } else
|
|
+ ieee1394_destroy_handle(ieee1394_handle);
|
|
}
|
|
else if (fw_handle = fw_new_handle_on_port(port)) {
|
|
handle = (raw1394handle_t) malloc(sizeof(struct raw1394_handle));
|
|
if (handle) {
|
|
handle->is_fw = 1;
|
|
handle->mode.fw = fw_handle;
|
|
- }
|
|
+ } else
|
|
+ fw_destroy_handle(fw_handle);
|
|
}
|
|
return handle;
|
|
}
|
|
diff -Naurp libraw1394-2.0.0.orig/src/fw.c libraw1394-2.0.0/src/fw.c
|
|
--- libraw1394-2.0.0.orig/src/fw.c 2008-07-05 16:09:29.000000000 -0400
|
|
+++ libraw1394-2.0.0/src/fw.c 2008-10-01 10:58:16.000000000 -0400
|
|
@@ -125,7 +125,7 @@ scan_devices(fw_handle_t handle)
|
|
char filename[32];
|
|
struct fw_cdev_get_info get_info;
|
|
struct fw_cdev_event_bus_reset reset;
|
|
- int fd, err, i;
|
|
+ int fd, err, i, fname_str_sz;
|
|
struct port *ports;
|
|
|
|
ports = handle->ports;
|
|
@@ -162,8 +162,9 @@ scan_devices(fw_handle_t handle)
|
|
continue;
|
|
|
|
if (i < MAX_PORTS && reset.node_id == reset.local_node_id) {
|
|
- strncpy(ports[i].device_file, filename,
|
|
- sizeof ports[i].device_file);
|
|
+ fname_str_sz = sizeof(ports[i].device_file) - 1;
|
|
+ strncpy(ports[i].device_file, filename, fname_str_sz);
|
|
+ ports[i].device_file[fname_str_sz] = '\0';
|
|
ports[i].node_count = (reset.root_node_id & 0x3f) + 1;
|
|
ports[i].card = get_info.card;
|
|
i++;
|
|
@@ -315,7 +316,7 @@ handle_inotify(raw1394handle_t handle, s
|
|
struct fw_cdev_get_info info;
|
|
struct fw_cdev_event_bus_reset reset;
|
|
struct epoll_event ep;
|
|
- int i, len, fd, phy_id;
|
|
+ int i, len, fd, phy_id, fname_str_sz;
|
|
|
|
event = (struct inotify_event *) fwhandle->buffer;
|
|
len = read(fwhandle->inotify_fd, event, BUFFER_SIZE);
|
|
@@ -365,8 +366,9 @@ handle_inotify(raw1394handle_t handle, s
|
|
fwhandle->devices[i].node_id = reset.node_id;
|
|
fwhandle->devices[i].generation = reset.generation;
|
|
fwhandle->devices[i].fd = fd;
|
|
- strncpy(fwhandle->devices[i].filename, filename,
|
|
- sizeof fwhandle->devices[i].filename);
|
|
+ fname_str_sz = sizeof(fwhandle->devices[i].filename) - 1;
|
|
+ strncpy(fwhandle->devices[i].filename, filename, fname_str_sz);
|
|
+ fwhandle->devices[i].filename[fname_str_sz] = '\0';
|
|
fwhandle->devices[i].closure.func = handle_device_event;
|
|
ep.events = EPOLLIN;
|
|
ep.data.ptr = &fwhandle->devices[i].closure;
|
|
@@ -501,8 +503,10 @@ fw_handle_t fw_new_handle_on_port(int po
|
|
if (handle == NULL)
|
|
return NULL;
|
|
|
|
- if (fw_set_port(handle, port) < 0)
|
|
+ if (fw_set_port(handle, port) < 0) {
|
|
+ fw_destroy_handle(handle);
|
|
return NULL;
|
|
+ }
|
|
|
|
return handle;
|
|
}
|
|
@@ -538,15 +542,17 @@ int fw_get_port_info(fw_handle_t handle,
|
|
struct raw1394_portinfo *pinf,
|
|
int maxports)
|
|
{
|
|
- int i;
|
|
+ int i, port_name_sz;
|
|
|
|
if (maxports >= handle->port_count)
|
|
maxports = handle->port_count;
|
|
|
|
for (i = 0; i < maxports; i++) {
|
|
pinf[i].nodes = handle->ports[i].node_count;
|
|
+ port_name_sz = sizeof(pinf[i].name) - 1;
|
|
strncpy(pinf[i].name, handle->ports[i].device_file,
|
|
- sizeof pinf[i].name);
|
|
+ port_name_sz);
|
|
+ pinf[i].name[port_name_sz] = '\0';
|
|
}
|
|
|
|
return handle->port_count;
|
|
@@ -560,7 +566,7 @@ int fw_set_port(fw_handle_t handle, int
|
|
struct dirent *de;
|
|
char filename[32];
|
|
DIR *dir;
|
|
- int i, fd, phy_id;
|
|
+ int i, fd, phy_id, fname_str_sz;
|
|
|
|
if (port >= handle->port_count) {
|
|
errno = EINVAL;
|
|
@@ -606,8 +612,9 @@ int fw_set_port(fw_handle_t handle, int
|
|
handle->devices[i].node_id = reset.node_id;
|
|
handle->devices[i].generation = reset.generation;
|
|
handle->devices[i].fd = fd;
|
|
- strncpy(handle->devices[i].filename, filename,
|
|
- sizeof handle->devices[i].filename);
|
|
+ fname_str_sz = sizeof(handle->devices[i].filename) -1;
|
|
+ strncpy(handle->devices[i].filename, filename, fname_str_sz);
|
|
+ handle->devices[i].filename[fname_str_sz] = '\0';
|
|
|
|
handle->devices[i].closure.func = handle_device_event;
|
|
memset(&ep, 0, sizeof(ep));
|
|
@@ -623,8 +630,9 @@ int fw_set_port(fw_handle_t handle, int
|
|
if (reset.node_id == reset.local_node_id) {
|
|
memcpy(&handle->reset, &reset, sizeof handle->reset);
|
|
handle->local_fd = fd;
|
|
- strncpy(handle->local_filename, filename,
|
|
- sizeof handle->local_filename);
|
|
+ fname_str_sz = sizeof(handle->local_filename) -1;
|
|
+ strncpy(handle->local_filename, filename, fname_str_sz);
|
|
+ handle->local_filename[fname_str_sz] = '\0';
|
|
}
|
|
|
|
i++;
|
|
@@ -1174,14 +1182,14 @@ fw_lock(raw1394handle_t handle, nodeid_t
|
|
quadlet_t *result)
|
|
{
|
|
quadlet_t buffer[2];
|
|
- size_t length;
|
|
+ ssize_t length;
|
|
|
|
length = setup_lock(extcode, data, arg, buffer);
|
|
if (length < 0)
|
|
return length;
|
|
|
|
return send_request_sync(handle, 16 + extcode, node, addr,
|
|
- length, buffer, result);
|
|
+ (size_t) length, buffer, result);
|
|
}
|
|
|
|
int
|
|
@@ -1190,14 +1198,14 @@ fw_lock64(raw1394handle_t handle, nodeid
|
|
octlet_t *result)
|
|
{
|
|
octlet_t buffer[2];
|
|
- size_t length;
|
|
+ ssize_t length;
|
|
|
|
length = setup_lock64(extcode, data, arg, buffer);
|
|
if (length < 0)
|
|
return length;
|
|
|
|
return send_request_sync(handle, 16 + extcode, node, addr,
|
|
- length, buffer, result);
|
|
+ (size_t) length, buffer, result);
|
|
}
|
|
|
|
int
|
|
@@ -1308,9 +1316,10 @@ fw_bandwidth_modify (raw1394handle_t han
|
|
compare = ntohl (buffer);
|
|
switch (mode) {
|
|
case RAW1394_MODIFY_ALLOC:
|
|
- swap = compare - bandwidth;
|
|
- if (swap < 0)
|
|
+ if (compare < bandwidth)
|
|
return -1;
|
|
+
|
|
+ swap = compare - bandwidth;
|
|
break;
|
|
|
|
case RAW1394_MODIFY_FREE:
|
|
diff -Naurp libraw1394-2.0.0.orig/src/fw-iso.c libraw1394-2.0.0/src/fw-iso.c
|
|
--- libraw1394-2.0.0.orig/src/fw-iso.c 2008-07-05 16:16:30.000000000 -0400
|
|
+++ libraw1394-2.0.0/src/fw-iso.c 2008-10-01 10:58:40.000000000 -0400
|
|
@@ -76,6 +76,7 @@ queue_packet(fw_handle_t handle,
|
|
if (err < 0)
|
|
return -1;
|
|
}
|
|
+ return 0;
|
|
}
|
|
|
|
static int
|
|
@@ -84,7 +85,8 @@ queue_xmit_packets(raw1394handle_t handl
|
|
fw_handle_t fwhandle = handle->mode.fw;
|
|
enum raw1394_iso_disposition d;
|
|
unsigned char tag, sy;
|
|
- int len, cycle, dropped;
|
|
+ int len, cycle = -1;
|
|
+ unsigned int dropped = 0;
|
|
|
|
if (fwhandle->iso.xmit_handler == NULL)
|
|
return 0;
|
|
@@ -259,6 +261,7 @@ int fw_iso_xmit_write(raw1394handle_t ha
|
|
struct fw_cdev_queue_iso queue_iso;
|
|
struct fw_cdev_start_iso start_iso;
|
|
struct fw_cdev_iso_packet *p;
|
|
+ int retval;
|
|
|
|
if (len > fwhandle->iso.max_packet_size) {
|
|
errno = EINVAL;
|
|
@@ -283,10 +286,10 @@ int fw_iso_xmit_write(raw1394handle_t ha
|
|
start_iso.cycle = fwhandle->iso.start_on_cycle;
|
|
start_iso.handle = 0;
|
|
|
|
- len = ioctl(fwhandle->iso.fd,
|
|
+ retval = ioctl(fwhandle->iso.fd,
|
|
FW_CDEV_IOC_START_ISO, &start_iso);
|
|
- if (len < 0)
|
|
- return len;
|
|
+ if (retval < 0)
|
|
+ return retval;
|
|
}
|
|
|
|
return 0;
|
|
diff -Naurp libraw1394-2.0.0.orig/tools/testlibraw.c libraw1394-2.0.0/tools/testlibraw.c
|
|
--- libraw1394-2.0.0.orig/tools/testlibraw.c 2008-07-05 16:09:29.000000000 -0400
|
|
+++ libraw1394-2.0.0/tools/testlibraw.c 2008-10-01 10:58:02.000000000 -0400
|
|
@@ -180,7 +180,8 @@ int main(int argc, char **argv)
|
|
perror("failed");
|
|
continue;
|
|
}
|
|
- raw1394_loop_iterate(handle);
|
|
+ if (raw1394_loop_iterate(handle))
|
|
+ perror("failed");
|
|
}
|
|
|
|
printf("\nusing standard tag handler and synchronous calls\n");
|