|
|
33c334 |
From 415bd4e43b2c27e3999923c16f5ff39f9b1adcae Mon Sep 17 00:00:00 2001
|
|
|
33c334 |
From: Jerome Marchand <jmarchan@redhat.com>
|
|
|
33c334 |
Date: Thu, 1 Nov 2018 06:18:14 +0100
|
|
|
33c334 |
Subject: [PATCH] covscan: fix miscellaneaous errors (#2003)
|
|
|
33c334 |
|
|
|
33c334 |
* Coverity #def53: COPY_PASTE_ERROR
|
|
|
33c334 |
|
|
|
33c334 |
* Coverity #def18: DC.STREAM_BUFFER. Double-check max length of dev
|
|
|
33c334 |
|
|
|
33c334 |
* Coverity #def44: MISSING_BREAK. This looks like it should be here
|
|
|
33c334 |
|
|
|
33c334 |
* Coverity #def67: STRING_NULL: potential OOB read if 0 bytes read.
|
|
|
33c334 |
|
|
|
33c334 |
* Coverity #def66: FORWARD_NULL: potential null ptr deref
|
|
|
33c334 |
|
|
|
33c334 |
* Coverity #def17: RESOURCE_LEAK: missing free()
|
|
|
33c334 |
|
|
|
33c334 |
* Dont free the result of dirname
|
|
|
33c334 |
|
|
|
33c334 |
dirname() may return pointers to statically allocated memory. Don't
|
|
|
33c334 |
free the pointer it returns.
|
|
|
33c334 |
---
|
|
|
33c334 |
src/cc/bcc_elf.c | 11 +++++++----
|
|
|
33c334 |
src/cc/bcc_proc.c | 4 ++--
|
|
|
33c334 |
src/cc/frontends/b/type_check.cc | 1 +
|
|
|
33c334 |
src/cc/frontends/p4/compiler/ebpfTable.py | 2 +-
|
|
|
33c334 |
src/cc/libbpf.c | 20 +++++++++++---------
|
|
|
33c334 |
5 files changed, 22 insertions(+), 16 deletions(-)
|
|
|
33c334 |
|
|
|
33c334 |
diff --git a/src/cc/bcc_elf.c b/src/cc/bcc_elf.c
|
|
|
33c334 |
index c425db6..0c696bd 100644
|
|
|
33c334 |
--- a/src/cc/bcc_elf.c
|
|
|
33c334 |
+++ b/src/cc/bcc_elf.c
|
|
|
33c334 |
@@ -398,6 +398,7 @@ static int verify_checksum(const char *file, unsigned int crc) {
|
|
|
33c334 |
static char *find_debug_via_debuglink(Elf *e, const char *binpath,
|
|
|
33c334 |
int check_crc) {
|
|
|
33c334 |
char fullpath[PATH_MAX];
|
|
|
33c334 |
+ char *tmppath;
|
|
|
33c334 |
char *bindir = NULL;
|
|
|
33c334 |
char *res = NULL;
|
|
|
33c334 |
unsigned int crc;
|
|
|
33c334 |
@@ -406,8 +407,8 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath,
|
|
|
33c334 |
if (!find_debuglink(e, &name, &crc))
|
|
|
33c334 |
return NULL;
|
|
|
33c334 |
|
|
|
33c334 |
- bindir = strdup(binpath);
|
|
|
33c334 |
- bindir = dirname(bindir);
|
|
|
33c334 |
+ tmppath = strdup(binpath);
|
|
|
33c334 |
+ bindir = dirname(tmppath);
|
|
|
33c334 |
|
|
|
33c334 |
// Search for the file in 'binpath', but ignore the file we find if it
|
|
|
33c334 |
// matches the binary itself: the binary will always be probed later on,
|
|
|
33c334 |
@@ -434,9 +435,11 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath,
|
|
|
33c334 |
}
|
|
|
33c334 |
|
|
|
33c334 |
DONE:
|
|
|
33c334 |
- free(bindir);
|
|
|
33c334 |
- if (res && check_crc && !verify_checksum(res, crc))
|
|
|
33c334 |
+ free(tmppath);
|
|
|
33c334 |
+ if (res && check_crc && !verify_checksum(res, crc)) {
|
|
|
33c334 |
+ free(res);
|
|
|
33c334 |
return NULL;
|
|
|
33c334 |
+ }
|
|
|
33c334 |
return res;
|
|
|
33c334 |
}
|
|
|
33c334 |
|
|
|
33c334 |
diff --git a/src/cc/bcc_proc.c b/src/cc/bcc_proc.c
|
|
|
33c334 |
index d694eb9..f1c30c2 100644
|
|
|
33c334 |
--- a/src/cc/bcc_proc.c
|
|
|
33c334 |
+++ b/src/cc/bcc_proc.c
|
|
|
33c334 |
@@ -92,14 +92,14 @@ int bcc_procutils_each_module(int pid, bcc_procutils_modulecb callback,
|
|
|
33c334 |
if (!procmap)
|
|
|
33c334 |
return -1;
|
|
|
33c334 |
|
|
|
33c334 |
- char buf[PATH_MAX + 1], perm[5], dev[8];
|
|
|
33c334 |
+ char buf[PATH_MAX + 1], perm[5], dev[6];
|
|
|
33c334 |
char *name;
|
|
|
33c334 |
uint64_t begin, end, inode;
|
|
|
33c334 |
unsigned long long offset;
|
|
|
33c334 |
while (true) {
|
|
|
33c334 |
buf[0] = '\0';
|
|
|
33c334 |
// From fs/proc/task_mmu.c:show_map_vma
|
|
|
33c334 |
- if (fscanf(procmap, "%lx-%lx %s %llx %s %lu%[^\n]", &begin, &end, perm,
|
|
|
33c334 |
+ if (fscanf(procmap, "%lx-%lx %4s %llx %5s %lu%[^\n]", &begin, &end, perm,
|
|
|
33c334 |
&offset, dev, &inode, buf) != 7)
|
|
|
33c334 |
break;
|
|
|
33c334 |
|
|
|
33c334 |
diff --git a/src/cc/frontends/b/type_check.cc b/src/cc/frontends/b/type_check.cc
|
|
|
33c334 |
index 8d49de9..7c5b7ce 100644
|
|
|
33c334 |
--- a/src/cc/frontends/b/type_check.cc
|
|
|
33c334 |
+++ b/src/cc/frontends/b/type_check.cc
|
|
|
33c334 |
@@ -204,6 +204,7 @@ StatusTuple TypeCheck::visit_binop_expr_node(BinopExprNode *n) {
|
|
|
33c334 |
case Tok::TCGT:
|
|
|
33c334 |
case Tok::TCGE:
|
|
|
33c334 |
n->bit_width_ = 1;
|
|
|
33c334 |
+ break;
|
|
|
33c334 |
default:
|
|
|
33c334 |
n->bit_width_ = std::max(n->lhs_->bit_width_, n->rhs_->bit_width_);
|
|
|
33c334 |
}
|
|
|
33c334 |
diff --git a/src/cc/frontends/p4/compiler/ebpfTable.py b/src/cc/frontends/p4/compiler/ebpfTable.py
|
|
|
33c334 |
index eb1efd9..4b7e023 100644
|
|
|
33c334 |
--- a/src/cc/frontends/p4/compiler/ebpfTable.py
|
|
|
33c334 |
+++ b/src/cc/frontends/p4/compiler/ebpfTable.py
|
|
|
33c334 |
@@ -110,7 +110,7 @@ import ebpfAction
|
|
|
33c334 |
ebpfHeader = program.getInstance(instance.name)
|
|
|
33c334 |
assert isinstance(ebpfHeader, ebpfInstance.SimpleInstance)
|
|
|
33c334 |
basetype = ebpfHeader.type
|
|
|
33c334 |
- eInstance = program.getInstance(instance.base_name)
|
|
|
33c334 |
+ eInstance = program.getInstance(instance.name)
|
|
|
33c334 |
|
|
|
33c334 |
ebpfField = basetype.getField(fieldname)
|
|
|
33c334 |
assert isinstance(ebpfField, ebpfStructType.EbpfField)
|
|
|
33c334 |
diff --git a/src/cc/libbpf.c b/src/cc/libbpf.c
|
|
|
33c334 |
index 8a7caec..5cf3554 100644
|
|
|
33c334 |
--- a/src/cc/libbpf.c
|
|
|
33c334 |
+++ b/src/cc/libbpf.c
|
|
|
33c334 |
@@ -521,14 +521,16 @@ int bpf_prog_load(enum bpf_prog_type prog_type, const char *name,
|
|
|
33c334 |
}
|
|
|
33c334 |
}
|
|
|
33c334 |
|
|
|
33c334 |
- if (strncmp(name, "kprobe__", 8) == 0)
|
|
|
33c334 |
- name_offset = 8;
|
|
|
33c334 |
- else if (strncmp(name, "tracepoint__", 12) == 0)
|
|
|
33c334 |
- name_offset = 12;
|
|
|
33c334 |
- else if (strncmp(name, "raw_tracepoint__", 16) == 0)
|
|
|
33c334 |
- name_offset = 16;
|
|
|
33c334 |
- memcpy(attr.prog_name, name + name_offset,
|
|
|
33c334 |
- min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1));
|
|
|
33c334 |
+ if (name_len) {
|
|
|
33c334 |
+ if (strncmp(name, "kprobe__", 8) == 0)
|
|
|
33c334 |
+ name_offset = 8;
|
|
|
33c334 |
+ else if (strncmp(name, "tracepoint__", 12) == 0)
|
|
|
33c334 |
+ name_offset = 12;
|
|
|
33c334 |
+ else if (strncmp(name, "raw_tracepoint__", 16) == 0)
|
|
|
33c334 |
+ name_offset = 16;
|
|
|
33c334 |
+ memcpy(attr.prog_name, name + name_offset,
|
|
|
33c334 |
+ min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1));
|
|
|
33c334 |
+ }
|
|
|
33c334 |
|
|
|
33c334 |
ret = syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr));
|
|
|
33c334 |
// BPF object name is not supported on older Kernels.
|
|
|
33c334 |
@@ -698,7 +700,7 @@ static int bpf_get_retprobe_bit(const char *event_type)
|
|
|
33c334 |
close(fd);
|
|
|
33c334 |
if (ret < 0 || ret >= sizeof(buf))
|
|
|
33c334 |
return -1;
|
|
|
33c334 |
- if (strlen(buf) < strlen("config:"))
|
|
|
33c334 |
+ if (strncmp(buf, "config:", strlen("config:")))
|
|
|
33c334 |
return -1;
|
|
|
33c334 |
errno = 0;
|
|
|
33c334 |
ret = (int)strtol(buf + strlen("config:"), NULL, 10);
|
|
|
33c334 |
--
|
|
|
33c334 |
2.17.2
|
|
|
33c334 |
|