From 2e40c869df425738ef06e7159a16adf5bf82c548 Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Wed, 10 Sep 2014 15:57:26 -0400

Subject: [PATCH 08/18] Try to avoid covscan freaking out about sscanf with %n.

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

covscan says:

 5. efibootmgr-0.8.0/src/lib/disk.c:96:tainted_data_argument – Calling

 function "fgets(char * restrict, int, FILE * restrict)" taints argument

 "line".

 10. efibootmgr-0.8.0/src/lib/disk.c:103:vararg_transitive – Call to

 "sscanf(char const * restrict, char const * restrict, ...)" with

 tainted argument "line" taints "major".

 11. efibootmgr-0.8.0/src/lib/disk.c:103:vararg_transitive – Call to

 "sscanf(char const * restrict, char const * restrict, ...)" with

 tainted argument "line" taints "scanned".

 13. efibootmgr-0.8.0/src/lib/disk.c:103:tainted_data – Using tainted

 variable "scanned" as an index into an array "line".

I *think* that's really complaining that if sscanf fails before

processing %n, then "scanned" is indeterminate here.  So I've assigned

it to 0.

Either way, if any of that goes wrong, the code's going to completely

fail.

Signed-off-by: Peter Jones <pjones@redhat.com>

---

 src/lib/disk.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/disk.c b/src/lib/disk.c

index 904010b..4536a67 100644

--- a/src/lib/disk.c

+++ b/src/lib/disk.c

@@ -56,7 +56,7 @@ get_virtblk_major(void)

 	}

 	while (fgets(line, sizeof line, f) != NULL) {

 		size_t len = strlen(line);

-		int major, scanned;

+		int major, scanned = 0;

 		if (len == 0 || line[len - 1] != '\n') {

 			break;

@@ -95,7 +95,7 @@ get_nvme_major(void)

 	}

 	while (fgets(line, sizeof line, f) != NULL) {

 		size_t len = strlen(line);

-		int major, scanned;

+		int major, scanned = 0;

 		if (len == 0 || line[len - 1] != '\n') {

 			break;

-- 

1.9.3