rpms/libraw1394/devel libraw1394-2.0.0-coverity-prevent-fixes.patch, NONE, 1.1 libraw1394.spec, 1.44, 1.45
Jarod Wilson
jwilson at fedoraproject.org
Wed Oct 1 15:13:54 UTC 2008
Author: jwilson
Update of /cvs/pkgs/rpms/libraw1394/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12929
Modified Files:
libraw1394.spec
Added Files:
libraw1394-2.0.0-coverity-prevent-fixes.patch
Log Message:
* Wed Oct 01 2008 Jarod Wilson <jarod at redhat.com> - 2.0.0-2
- Misc fixes from Erik Hovland, based on coverity prevent analysis
libraw1394-2.0.0-coverity-prevent-fixes.patch:
--- NEW FILE libraw1394-2.0.0-coverity-prevent-fixes.patch ---
From: Erik Hovland <erik at hovland.org>
Series of coverity prevent-inspired fixes.
--
Makes extra sure strings are not overrun.
When using strncpy with the exact size of the destination string the
string may end up lacking null termination because the source string is
bigger then the destination.
--
Makes sure to check any return values
The return value of any function should be checked if that function
uses the return value to provide some sort of status information.
--
Makes sure a value is returned by the function.
A function can compile without returning something always.
--
Make sure that we have the right types.
When an unsigned type is assigned a signed value, the
negatived value is never seen.
--
Compare unsigned values instead of subtracting them.
Unsigned values do not return signed values when subtracted
and the right operand is larger then the left operand.
--
Protect against resource leaks.
--
Make sure variables are initialized before used.
Signed-off-by: Erik Hovland <erik at hovland.org>
---
src/dispatch.c | 11 ++++++++---
src/fw-iso.c | 11 +++++++----
src/fw.c | 49 +++++++++++++++++++++++++++++--------------------
tools/testlibraw.c | 3 ++-
4 files changed, 46 insertions(+), 28 deletions(-)
diff -Naurp libraw1394-2.0.0.orig/src/dispatch.c libraw1394-2.0.0/src/dispatch.c
--- libraw1394-2.0.0.orig/src/dispatch.c 2008-07-06 14:48:17.000000000 -0400
+++ libraw1394-2.0.0/src/dispatch.c 2008-10-01 10:58:16.000000000 -0400
@@ -48,7 +48,10 @@ raw1394handle_t raw1394_new_handle(void)
else if (handle) {
handle->is_fw = 1;
handle->mode.fw = fw_handle;
- }
+ } else if (fw_handle)
+ fw_destroy_handle(fw_handle);
+ else if (ieee1394_handle)
+ ieee1394_destroy_handle(ieee1394_handle);
}
return handle;
}
@@ -75,14 +78,16 @@ raw1394handle_t raw1394_new_handle_on_po
if (handle) {
handle->is_fw = 0;
handle->mode.ieee1394 = ieee1394_handle;
- }
+ } else
+ ieee1394_destroy_handle(ieee1394_handle);
}
else if (fw_handle = fw_new_handle_on_port(port)) {
handle = (raw1394handle_t) malloc(sizeof(struct raw1394_handle));
if (handle) {
handle->is_fw = 1;
handle->mode.fw = fw_handle;
- }
+ } else
+ fw_destroy_handle(fw_handle);
}
return handle;
}
diff -Naurp libraw1394-2.0.0.orig/src/fw.c libraw1394-2.0.0/src/fw.c
--- libraw1394-2.0.0.orig/src/fw.c 2008-07-05 16:09:29.000000000 -0400
+++ libraw1394-2.0.0/src/fw.c 2008-10-01 10:58:16.000000000 -0400
@@ -125,7 +125,7 @@ scan_devices(fw_handle_t handle)
char filename[32];
struct fw_cdev_get_info get_info;
struct fw_cdev_event_bus_reset reset;
- int fd, err, i;
+ int fd, err, i, fname_str_sz;
struct port *ports;
ports = handle->ports;
@@ -162,8 +162,9 @@ scan_devices(fw_handle_t handle)
continue;
if (i < MAX_PORTS && reset.node_id == reset.local_node_id) {
- strncpy(ports[i].device_file, filename,
- sizeof ports[i].device_file);
+ fname_str_sz = sizeof(ports[i].device_file) - 1;
+ strncpy(ports[i].device_file, filename, fname_str_sz);
+ ports[i].device_file[fname_str_sz] = '\0';
ports[i].node_count = (reset.root_node_id & 0x3f) + 1;
ports[i].card = get_info.card;
i++;
@@ -315,7 +316,7 @@ handle_inotify(raw1394handle_t handle, s
struct fw_cdev_get_info info;
struct fw_cdev_event_bus_reset reset;
struct epoll_event ep;
- int i, len, fd, phy_id;
+ int i, len, fd, phy_id, fname_str_sz;
event = (struct inotify_event *) fwhandle->buffer;
len = read(fwhandle->inotify_fd, event, BUFFER_SIZE);
@@ -365,8 +366,9 @@ handle_inotify(raw1394handle_t handle, s
fwhandle->devices[i].node_id = reset.node_id;
fwhandle->devices[i].generation = reset.generation;
fwhandle->devices[i].fd = fd;
- strncpy(fwhandle->devices[i].filename, filename,
- sizeof fwhandle->devices[i].filename);
+ fname_str_sz = sizeof(fwhandle->devices[i].filename) - 1;
+ strncpy(fwhandle->devices[i].filename, filename, fname_str_sz);
+ fwhandle->devices[i].filename[fname_str_sz] = '\0';
fwhandle->devices[i].closure.func = handle_device_event;
ep.events = EPOLLIN;
ep.data.ptr = &fwhandle->devices[i].closure;
@@ -501,8 +503,10 @@ fw_handle_t fw_new_handle_on_port(int po
if (handle == NULL)
return NULL;
- if (fw_set_port(handle, port) < 0)
+ if (fw_set_port(handle, port) < 0) {
+ fw_destroy_handle(handle);
return NULL;
+ }
return handle;
}
@@ -538,15 +542,17 @@ int fw_get_port_info(fw_handle_t handle,
struct raw1394_portinfo *pinf,
int maxports)
{
- int i;
+ int i, port_name_sz;
if (maxports >= handle->port_count)
maxports = handle->port_count;
for (i = 0; i < maxports; i++) {
pinf[i].nodes = handle->ports[i].node_count;
+ port_name_sz = sizeof(pinf[i].name) - 1;
strncpy(pinf[i].name, handle->ports[i].device_file,
- sizeof pinf[i].name);
+ port_name_sz);
+ pinf[i].name[port_name_sz] = '\0';
}
return handle->port_count;
@@ -560,7 +566,7 @@ int fw_set_port(fw_handle_t handle, int
struct dirent *de;
char filename[32];
DIR *dir;
- int i, fd, phy_id;
+ int i, fd, phy_id, fname_str_sz;
if (port >= handle->port_count) {
errno = EINVAL;
@@ -606,8 +612,9 @@ int fw_set_port(fw_handle_t handle, int
handle->devices[i].node_id = reset.node_id;
handle->devices[i].generation = reset.generation;
handle->devices[i].fd = fd;
- strncpy(handle->devices[i].filename, filename,
- sizeof handle->devices[i].filename);
+ fname_str_sz = sizeof(handle->devices[i].filename) -1;
+ strncpy(handle->devices[i].filename, filename, fname_str_sz);
+ handle->devices[i].filename[fname_str_sz] = '\0';
handle->devices[i].closure.func = handle_device_event;
memset(&ep, 0, sizeof(ep));
@@ -623,8 +630,9 @@ int fw_set_port(fw_handle_t handle, int
if (reset.node_id == reset.local_node_id) {
memcpy(&handle->reset, &reset, sizeof handle->reset);
handle->local_fd = fd;
- strncpy(handle->local_filename, filename,
- sizeof handle->local_filename);
+ fname_str_sz = sizeof(handle->local_filename) -1;
+ strncpy(handle->local_filename, filename, fname_str_sz);
+ handle->local_filename[fname_str_sz] = '\0';
}
i++;
@@ -1174,14 +1182,14 @@ fw_lock(raw1394handle_t handle, nodeid_t
quadlet_t *result)
{
quadlet_t buffer[2];
- size_t length;
+ ssize_t length;
length = setup_lock(extcode, data, arg, buffer);
if (length < 0)
return length;
return send_request_sync(handle, 16 + extcode, node, addr,
- length, buffer, result);
+ (size_t) length, buffer, result);
}
int
@@ -1190,14 +1198,14 @@ fw_lock64(raw1394handle_t handle, nodeid
octlet_t *result)
{
octlet_t buffer[2];
- size_t length;
+ ssize_t length;
length = setup_lock64(extcode, data, arg, buffer);
if (length < 0)
return length;
return send_request_sync(handle, 16 + extcode, node, addr,
- length, buffer, result);
+ (size_t) length, buffer, result);
}
int
@@ -1308,9 +1316,10 @@ fw_bandwidth_modify (raw1394handle_t han
compare = ntohl (buffer);
switch (mode) {
case RAW1394_MODIFY_ALLOC:
- swap = compare - bandwidth;
- if (swap < 0)
+ if (compare < bandwidth)
return -1;
+
+ swap = compare - bandwidth;
break;
case RAW1394_MODIFY_FREE:
diff -Naurp libraw1394-2.0.0.orig/src/fw-iso.c libraw1394-2.0.0/src/fw-iso.c
--- libraw1394-2.0.0.orig/src/fw-iso.c 2008-07-05 16:16:30.000000000 -0400
+++ libraw1394-2.0.0/src/fw-iso.c 2008-10-01 10:58:40.000000000 -0400
@@ -76,6 +76,7 @@ queue_packet(fw_handle_t handle,
if (err < 0)
return -1;
}
+ return 0;
}
static int
@@ -84,7 +85,8 @@ queue_xmit_packets(raw1394handle_t handl
fw_handle_t fwhandle = handle->mode.fw;
enum raw1394_iso_disposition d;
unsigned char tag, sy;
- int len, cycle, dropped;
+ int len, cycle = -1;
+ unsigned int dropped = 0;
if (fwhandle->iso.xmit_handler == NULL)
return 0;
@@ -259,6 +261,7 @@ int fw_iso_xmit_write(raw1394handle_t ha
struct fw_cdev_queue_iso queue_iso;
struct fw_cdev_start_iso start_iso;
struct fw_cdev_iso_packet *p;
+ int retval;
if (len > fwhandle->iso.max_packet_size) {
errno = EINVAL;
@@ -283,10 +286,10 @@ int fw_iso_xmit_write(raw1394handle_t ha
start_iso.cycle = fwhandle->iso.start_on_cycle;
start_iso.handle = 0;
- len = ioctl(fwhandle->iso.fd,
+ retval = ioctl(fwhandle->iso.fd,
FW_CDEV_IOC_START_ISO, &start_iso);
- if (len < 0)
- return len;
+ if (retval < 0)
+ return retval;
}
return 0;
diff -Naurp libraw1394-2.0.0.orig/tools/testlibraw.c libraw1394-2.0.0/tools/testlibraw.c
--- libraw1394-2.0.0.orig/tools/testlibraw.c 2008-07-05 16:09:29.000000000 -0400
+++ libraw1394-2.0.0/tools/testlibraw.c 2008-10-01 10:58:02.000000000 -0400
@@ -180,7 +180,8 @@ int main(int argc, char **argv)
perror("failed");
continue;
}
- raw1394_loop_iterate(handle);
+ if (raw1394_loop_iterate(handle))
+ perror("failed");
}
printf("\nusing standard tag handler and synchronous calls\n");
Index: libraw1394.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libraw1394/devel/libraw1394.spec,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- libraw1394.spec 18 Jul 2008 20:51:15 -0000 1.44
+++ libraw1394.spec 1 Oct 2008 15:13:24 -0000 1.45
@@ -5,6 +5,7 @@
License: LGPLv2+
Group: System Environment/Libraries
Source: http://www.linux1394.org/dl/libraw1394-%{version}.tar.gz
+Patch0: libraw1394-2.0.0-coverity-prevent-fixes.patch
URL: http://www.linux1394.org/
ExcludeArch: s390 s390x
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -27,6 +28,7 @@
%prep
%setup -q
+%patch0 -p1
%build
%configure --disable-static
@@ -65,6 +67,9 @@
%changelog
+* Wed Oct 01 2008 Jarod Wilson <jarod at redhat.com> - 2.0.0-2
+- Misc fixes from Erik Hovland, based on coverity prevent analysis
+
* Fri Jul 18 2008 Jarod Wilson <jwilson at redhat.com> - 2.0.0-1
- Update to libraw1394 v2.0.0 release
More information about the scm-commits
mailing list