From a3655b7bf64b7e016602d0b2bec450d27575816e Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Mon, 15 Oct 2012 13:12:53 -0400

Subject: [PATCH 3/4] Fixes for problems discovered by coverity scan.

Related: rhbz#1085434

Signed-off-by: Peter Jones <pjones@fedoraproject.org>

---

 extlinux/main.c         |  9 ++++++++-

 libfat/fat.h            |  9 +++++++--

 libinstaller/advio.c    | 17 +++++++++--------

 libinstaller/syslxcom.c |  8 ++++++++

 libinstaller/syslxint.h | 10 +++++++---

 linux/syslinux.c        |  3 ---

 mtools/syslinux.c       |  1 +

 utils/Makefile          |  2 +-

 utils/isohybrid.c       | 20 ++++++++++++++------

 9 files changed, 55 insertions(+), 24 deletions(-)

diff --git a/extlinux/main.c b/extlinux/main.c

index e574051..a461533 100755

--- a/extlinux/main.c

+++ b/extlinux/main.c

@@ -292,7 +292,12 @@ int patch_file_and_bootblock(int fd, const char *dir, int devfd)

     nsect = (boot_image_len + SECTOR_SIZE - 1) >> SECTOR_SHIFT;

     nsect += 2;			/* Two sectors for the ADV */

     sectp = alloca(sizeof(sector_t) * nsect);

-    if (fs_type == EXT2 || fs_type == VFAT) {

+    if (sectp == NULL) {

+	perror("alloca");

+	exit(1);

+    }

+    memset(sectp, '\0', sizeof(sector_t) * nsect);

+    if (fd >= 0 && (fs_type == EXT2 || fs_type == VFAT)) {

 	if (sectmap(fd, sectp, nsect)) {

 		perror("bmap");

 		exit(1);

@@ -423,6 +428,8 @@ int ext2_fat_install_file(const char *path, int devfd, struct stat *rst)

     /* Map the file, and patch the initial sector accordingly */

     modbytes = patch_file_and_bootblock(fd, path, devfd);

+    if (modbytes < 0)

+	goto bail;

     /* Write the patch area again - this relies on the file being

        overwritten in place! */

diff --git a/libfat/fat.h b/libfat/fat.h

index b4e32f7..acafdb6 100644

--- a/libfat/fat.h

+++ b/libfat/fat.h

@@ -23,8 +23,13 @@

 /* The poor excuse FAT has for a superblock -- in the boot sector */

 struct fat_bootsect {

-    le8_t bsJump[3];		/* Jump to code */

-    char bsOemName[8];		/* Formatting program */

+    union {

+	struct {

+	    uint8_t bsJump[3];	/* Jump to code */

+	    char bsOemName[8];	/* Formatting program */

+	};

+	uint8_t bsHead[11];

+    };

     le16_t bsBytesPerSec;	/* Bytes/sector */

     le8_t bsSecPerClust;	/* Sectors/cluster */

     le16_t bsResSectors;	/* Reserved sectors */

diff --git a/libinstaller/advio.c b/libinstaller/advio.c

index 56f607d..01894f2 100644

--- a/libinstaller/advio.c

+++ b/libinstaller/advio.c

@@ -135,15 +135,16 @@ int write_adv(const char *path, const char *cfg)

 		       xst.st_dev != st.st_dev || xst.st_size != st.st_size) {

 		fprintf(stderr, "%s: race condition on write\n", file);

 		err = -2;

+	    } else {

+		/* Write our own version ... */

+		if (xpwrite(fd, syslinux_adv, 2 * ADV_SIZE,

+			    st.st_size - 2 * ADV_SIZE) != 2 * ADV_SIZE) {

+		    err = -1;

+		}

+

+		sync();

+		set_attributes(fd);

 	    }

-	    /* Write our own version ... */

-	    if (xpwrite(fd, syslinux_adv, 2 * ADV_SIZE,

-			st.st_size - 2 * ADV_SIZE) != 2 * ADV_SIZE) {

-		err = -1;

-	    }

-

-	    sync();

-	    set_attributes(fd);

 	}

     }

diff --git a/libinstaller/syslxcom.c b/libinstaller/syslxcom.c

index a6a8339..dae81bc 100644

--- a/libinstaller/syslxcom.c

+++ b/libinstaller/syslxcom.c

@@ -87,6 +87,9 @@ ssize_t xpwrite(int fd, const void *buf, size_t count, off_t offset)

     ssize_t rv;

     ssize_t done = 0;

+    if (fd < 0)

+	die(strerror(EBADF));

+

     while (count) {

 	rv = pwrite(fd, bufp, count, offset);

 	if (rv == 0) {

@@ -279,6 +282,11 @@ static int sectmap_fib(int fd, sector_t *sectors, int nsectors)

  */

 int sectmap(int fd, sector_t *sectors, int nsectors)

 {

+    if (fd < 0) {

+	errno = EBADF;

+	return -1;

+    }

+

     if (!sectmap_fie(fd, sectors, nsectors))

 	return 0;

diff --git a/libinstaller/syslxint.h b/libinstaller/syslxint.h

index 7c9da51..8d39f74 100644

--- a/libinstaller/syslxint.h

+++ b/libinstaller/syslxint.h

@@ -193,8 +193,13 @@ struct syslinux_extent {

 /* FAT bootsector format, also used by other disk-based derivatives */

 struct boot_sector {

-    uint8_t bsJump[3];

-    char bsOemName[8];

+    union {

+	struct {

+	    uint8_t bsJump[3];

+	    char bsOemName[8];

+	};

+	uint8_t bsHead[11];

+    };

     uint16_t bsBytesPerSec;

     uint8_t bsSecPerClust;

     uint16_t bsResSectors;

@@ -241,7 +246,6 @@ struct boot_sector {

     uint16_t bsSignature;

 } __attribute__ ((packed));

-#define bsHead      bsJump

 #define bsHeadLen   offsetof(struct boot_sector, bsBytesPerSec)

 #define bsCode	    bs32.Code	/* The common safe choice */

 #define bsCodeLen   (offsetof(struct boot_sector, bsSignature) - \

diff --git a/linux/syslinux.c b/linux/syslinux.c

index c7a9ecc..6e23a7a 100755

--- a/linux/syslinux.c

+++ b/linux/syslinux.c

@@ -335,9 +335,6 @@ int main(int argc, char *argv[])

 	    snprintf(mntname, sizeof mntname, "syslinux.mnt.%lu.%d",

 		     (unsigned long)mypid, i);

-	    if (lstat(mntname, &dst) != -1 || errno != ENOENT)

-		continue;

-

 	    rv = mkdir(mntname, 0000);

 	    if (rv == -1) {

diff --git a/mtools/syslinux.c b/mtools/syslinux.c

index ac189c6..4bec0e3 100755

--- a/mtools/syslinux.c

+++ b/mtools/syslinux.c

@@ -208,6 +208,7 @@ int main(int argc, char *argv[])

 	!mtools_conf)

 	die_err(tmpdir);

+    umask(077);

     mtc_fd = mkstemp(mtools_conf);

     if (mtc_fd < 0 || !(mtc = fdopen(mtc_fd, "w")))

 	die_err(mtools_conf);

diff --git a/utils/Makefile b/utils/Makefile

index 44cb54f..4fabe04 100644

--- a/utils/Makefile

+++ b/utils/Makefile

@@ -51,7 +51,7 @@ isohdpfx.c: $(ISOHDPFX) isohdpfxarray.pl

 	$(PERL) isohdpfxarray.pl $(ISOHDPFX) > $@

 isohybrid: isohybrid.o isohdpfx.o

-	$(CC) $(LDFLAGS) -luuid -o $@ $^

+	$(CC) $(LDFLAGS) -fshort-wchar -luuid -o $@ $^

 gethostip: gethostip.o

 	$(CC) $(LDFLAGS) -o $@ $^

diff --git a/utils/isohybrid.c b/utils/isohybrid.c

index ac04bfd..865c114 100644

--- a/utils/isohybrid.c

+++ b/utils/isohybrid.c

@@ -357,6 +357,8 @@ check_option(int argc, char *argv[])

         case ':':

             errx(1, "option `-%c' takes an argument", optopt);

+            printh();

+            exit(0);

         default:

         case '?':

             if (optopt)

@@ -618,7 +620,7 @@ initialise_mbr(uint8_t *mbr)

     bsect = (offset % sector) + 1;

     bcyle = offset / (head * sector);

-    bsect += (bcyle & 0x300) >> 2;

+    bsect += bcyle >> 2;

     bcyle  &= 0xFF;

     ehead = head - 1;

@@ -792,7 +794,7 @@ initialise_gpt(uint8_t *gpt, uint32_t current, uint32_t alternate, int primary)

     memcpy(part->partTypeGUID, basic_partition, sizeof(uuid_t));

     part->firstLBA = lendian_64(0);

     part->lastLBA = lendian_64(psize);

-    memcpy(part->name, "ISOHybrid ISO", 28);

+    memcpy(part->name, L"ISOHybrid ISO", 28);

     gpt += sizeof(struct gpt_part_header);

     part++;

@@ -801,7 +803,7 @@ initialise_gpt(uint8_t *gpt, uint32_t current, uint32_t alternate, int primary)

     memcpy(part->partTypeGUID, basic_partition, sizeof(uuid_t));

     part->firstLBA = lendian_64(efi_lba * 4);

     part->lastLBA = lendian_64(part->firstLBA + efi_count - 1);

-    memcpy(part->name, "ISOHybrid", 20);

+    memcpy(part->name, L"ISOHybrid", 20);

     gpt += sizeof(struct gpt_part_header);

@@ -814,7 +816,7 @@ initialise_gpt(uint8_t *gpt, uint32_t current, uint32_t alternate, int primary)

 	memcpy(part->partTypeGUID, hfs_partition, sizeof(uuid_t));

 	part->firstLBA = lendian_64(mac_lba * 4);

 	part->lastLBA = lendian_64(part->firstLBA + mac_count - 1);

-	memcpy(part->name, "ISOHybrid", 20);

+	memcpy(part->name, L"ISOHybrid", 20);

 	part--;

     }

@@ -891,7 +893,11 @@ main(int argc, char *argv[])

     size_t orig_gpt_size, free_space, gpt_size;

     struct iso_primary_descriptor descriptor;

-    prog = strcpy(alloca(strlen(argv[0]) + 1), argv[0]);

+    prog = alloca(strlen(argv[0]) + 1);

+    if (!prog)

+	err(1, "");

+    strcpy(prog, argv[0]);

+

     i = check_option(argc, argv);

     argc -= i;

     argv += i;

@@ -1097,7 +1103,9 @@ main(int argc, char *argv[])

 	initialise_apm(buf, APM_OFFSET);

-	fseek(fp, APM_OFFSET, SEEK_SET);

+	if (fseek(fp, APM_OFFSET, SEEK_SET))

+	    err(1, "%s: seek error - 7", argv[0]);

+

 	fwrite(buf, sizeof(char), apm_size, fp);

     }

-- 

1.9.3