[PATCH] Fix a few Coverity defects
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jul 9 17:33:52 UTC 2015
Hi!
Review&push appreciated!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From b00776e7d2a1f88ec04d70142c014a60464da78f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:12:09 +0200
Subject: [PATCH 1/8] dalloc: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/mdssvc/dalloc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/rpc_server/mdssvc/dalloc.h b/source3/rpc_server/mdssvc/dalloc.h
index 7a0aecc..b268893 100644
--- a/source3/rpc_server/mdssvc/dalloc.h
+++ b/source3/rpc_server/mdssvc/dalloc.h
@@ -103,7 +103,7 @@
nested = dalloc_get(d, "DALLOC_CTX", 2);
- But you can fetch elements from the neseted DALLOC_CTX:
+ But you can fetch elements from the nested DALLOC_CTX:
p = dalloc_get(d, "DALLOC_CTX", 2, "uint64_t", 0);
--
1.9.1
From 9b192a387abfbf6a429340141748d16ff7162bcd Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:16:00 +0200
Subject: [PATCH 2/8] dalloc: Fix CID 1097369 API usage errors (VARARGS)
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/mdssvc/dalloc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/source3/rpc_server/mdssvc/dalloc.c b/source3/rpc_server/mdssvc/dalloc.c
index 7a4a86c..28944b8 100644
--- a/source3/rpc_server/mdssvc/dalloc.c
+++ b/source3/rpc_server/mdssvc/dalloc.c
@@ -171,6 +171,7 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
array_len = talloc_array_length(d->dd_talloc_array);
elem = va_arg(args, int);
if (elem >= array_len) {
+ va_end(args);
result = -1;
goto done;
}
@@ -178,6 +179,8 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
type = va_arg(args, const char *);
}
+ va_end(args);
+
array_len = talloc_array_length(d->dd_talloc_array);
for (elem = 0; elem + 1 < array_len; elem += 2) {
@@ -190,7 +193,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
break;
}
}
- va_end(args);
done:
if (result != 0) {
--
1.9.1
From 191cc267567b822c1743fc650338b5802ba31a14 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:17:54 +0200
Subject: [PATCH 3/8] smbd: Fix CID 1311337 Error handling issues
(CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/server.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 5925119..5de7f9a 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -399,8 +399,7 @@ static bool smbd_notifyd_init(struct messaging_context *msg, bool interactive)
exit(1);
}
tevent_req_set_callback(req, notifyd_stopped, msg);
- tevent_req_poll(req, ev);
- return true;
+ return tevent_req_poll(req, ev);
}
/*
--
1.9.1
From 88e2a2c306791f24eab8e6c6bc25c23e581dd575 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:20:46 +0200
Subject: [PATCH 4/8] smbd: Fix CID 1311338 Error handling issues
(CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/scavenger.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c
index 3691ba0..6989466 100644
--- a/source3/smbd/scavenger.c
+++ b/source3/smbd/scavenger.c
@@ -269,7 +269,12 @@ static bool smbd_scavenger_start(struct smbd_scavenger_state *state)
scavenger_setup_sig_term_handler(state->ev);
- serverid_register(*state->scavenger_id, FLAG_MSG_GENERAL);
+ if (!serverid_register(*state->scavenger_id,
+ FLAG_MSG_GENERAL)) {
+ DBG_WARNING("serverid_register failed");
+ exit_server("serverid_register failed");
+ return false;
+ }
ok = scavenger_say_hello(fds[1], *state->scavenger_id);
if (!ok) {
--
1.9.1
From e16a7fd5dfb1b42a30f45fc0615e40358fc45c66 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:22:59 +0200
Subject: [PATCH 5/8] rpc_server: Fix CID 1311339 Error handling issues
(CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/mdssvc/mdssvc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
index 1143b45..8bf3989 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -1605,7 +1605,10 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
goto error;
}
/* For some reason the list of results always starts with a nil entry */
- dalloc_add_copy(fm_array, &nil, sl_nil_t);
+ result = dalloc_add_copy(fm_array, &nil, sl_nil_t);
+ if (result == -1) {
+ goto error;
+ }
reqinfo = dalloc_get(query, "DALLOC_CTX", 0, "sl_array_t", 1);
if (reqinfo == NULL) {
--
1.9.1
From f28ad3690de0b04490056b4a1ade4850845ec19b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:24:18 +0200
Subject: [PATCH 6/8] rpc_server: Fix CID 1311340 Null pointer dereferences
(NULL_RETURNS)
In practice this might not be relevant, but better be safe.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/mdssvc/mdssvc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
index 8bf3989..3f7da49 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -342,6 +342,9 @@ static bool add_filemeta(sl_array_t *reqinfo,
for (i = 0; i < metacount; i++) {
attribute = dalloc_get_object(reqinfo, i);
+ if (attribute == NULL) {
+ return false;
+ }
if (strcmp(attribute, "kMDItemDisplayName") == 0
|| strcmp(attribute, "kMDItemFSName") == 0) {
p = strrchr(path, '/');
--
1.9.1
From ba990b553f7bd59ea88becf6abfe98cd87c4755c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:27:41 +0200
Subject: [PATCH 7/8] rpc_server: Fix CID 1311341 Integer handling issues
(OVERFLOW_BEFORE_WIDEN)
Quoting the full message:
Potentially overflowing expression "total_octets * 8U" with type "unsigned int"
(32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a
context that expects an expression of type "uint64_t" (64 bits, unsigned).
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/mdssvc/marshalling.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
index a16966f..0a02f41 100644
--- a/source3/rpc_server/mdssvc/marshalling.c
+++ b/source3/rpc_server/mdssvc/marshalling.c
@@ -1304,8 +1304,8 @@ bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize)
}
total_octets--;
data_octets--;
- data_bytes = data_octets * 8;
- total_bytes = total_octets * 8;
+ data_bytes = ((uint64_t)data_octets) * 8;
+ total_bytes = ((uint64_t)total_octets) * 8;
if (data_bytes >= total_bytes) {
DEBUG(1,("%s: data_bytes: %" PRIu64 ", total_bytes: %" PRIu64 "\n",
--
1.9.1
From ec45dceaa83a59db49f92d844a3f0a71eb11e9ff Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 9 Jul 2015 19:30:07 +0200
Subject: [PATCH 8/8] rpc_server: Fix CID 1311342 Null pointer dereferences
(REVERSE_INULL)
elem was dereferenced already a few lines above
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/mdssvc/mdssvc.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
index 3f7da49..abfea43 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -1656,9 +1656,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
goto error;
}
- ok = add_filemeta(reqinfo, fm_array,
- elem ? elem->path : NULL,
- elem ? &sb : NULL);
+ ok = add_filemeta(reqinfo, fm_array, elem->path, &sb);
if (!ok) {
goto error;
}
--
1.9.1
More information about the samba-technical
mailing list