From 415bd4e43b2c27e3999923c16f5ff39f9b1adcae Mon Sep 17 00:00:00 2001
From: Jerome Marchand <jmarchan@redhat.com>
Date: Thu, 1 Nov 2018 06:18:14 +0100
Subject: [PATCH] covscan: fix miscellaneaous errors (#2003)
* Coverity #def53: COPY_PASTE_ERROR
* Coverity #def18: DC.STREAM_BUFFER. Double-check max length of dev
* Coverity #def44: MISSING_BREAK. This looks like it should be here
* Coverity #def67: STRING_NULL: potential OOB read if 0 bytes read.
* Coverity #def66: FORWARD_NULL: potential null ptr deref
* Coverity #def17: RESOURCE_LEAK: missing free()
* Dont free the result of dirname
dirname() may return pointers to statically allocated memory. Don't
free the pointer it returns.
---
src/cc/bcc_elf.c | 11 +++++++----
src/cc/bcc_proc.c | 4 ++--
src/cc/frontends/b/type_check.cc | 1 +
src/cc/frontends/p4/compiler/ebpfTable.py | 2 +-
src/cc/libbpf.c | 20 +++++++++++---------
5 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/src/cc/bcc_elf.c b/src/cc/bcc_elf.c
index c425db6..0c696bd 100644
--- a/src/cc/bcc_elf.c
+++ b/src/cc/bcc_elf.c
@@ -398,6 +398,7 @@ static int verify_checksum(const char *file, unsigned int crc) {
static char *find_debug_via_debuglink(Elf *e, const char *binpath,
int check_crc) {
char fullpath[PATH_MAX];
+ char *tmppath;
char *bindir = NULL;
char *res = NULL;
unsigned int crc;
@@ -406,8 +407,8 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath,
if (!find_debuglink(e, &name, &crc))
return NULL;
- bindir = strdup(binpath);
- bindir = dirname(bindir);
+ tmppath = strdup(binpath);
+ bindir = dirname(tmppath);
// Search for the file in 'binpath', but ignore the file we find if it
// matches the binary itself: the binary will always be probed later on,
@@ -434,9 +435,11 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath,
}
DONE:
- free(bindir);
- if (res && check_crc && !verify_checksum(res, crc))
+ free(tmppath);
+ if (res && check_crc && !verify_checksum(res, crc)) {
+ free(res);
return NULL;
+ }
return res;
}
diff --git a/src/cc/bcc_proc.c b/src/cc/bcc_proc.c
index d694eb9..f1c30c2 100644
--- a/src/cc/bcc_proc.c
+++ b/src/cc/bcc_proc.c
@@ -92,14 +92,14 @@ int bcc_procutils_each_module(int pid, bcc_procutils_modulecb callback,
if (!procmap)
return -1;
- char buf[PATH_MAX + 1], perm[5], dev[8];
+ char buf[PATH_MAX + 1], perm[5], dev[6];
char *name;
uint64_t begin, end, inode;
unsigned long long offset;
while (true) {
buf[0] = '\0';
// From fs/proc/task_mmu.c:show_map_vma
- if (fscanf(procmap, "%lx-%lx %s %llx %s %lu%[^\n]", &begin, &end, perm,
+ if (fscanf(procmap, "%lx-%lx %4s %llx %5s %lu%[^\n]", &begin, &end, perm,
&offset, dev, &inode, buf) != 7)
break;
diff --git a/src/cc/frontends/b/type_check.cc b/src/cc/frontends/b/type_check.cc
index 8d49de9..7c5b7ce 100644
--- a/src/cc/frontends/b/type_check.cc
+++ b/src/cc/frontends/b/type_check.cc
@@ -204,6 +204,7 @@ StatusTuple TypeCheck::visit_binop_expr_node(BinopExprNode *n) {
case Tok::TCGT:
case Tok::TCGE:
n->bit_width_ = 1;
+ break;
default:
n->bit_width_ = std::max(n->lhs_->bit_width_, n->rhs_->bit_width_);
}
diff --git a/src/cc/frontends/p4/compiler/ebpfTable.py b/src/cc/frontends/p4/compiler/ebpfTable.py
index eb1efd9..4b7e023 100644
--- a/src/cc/frontends/p4/compiler/ebpfTable.py
+++ b/src/cc/frontends/p4/compiler/ebpfTable.py
@@ -110,7 +110,7 @@ import ebpfAction
ebpfHeader = program.getInstance(instance.name)
assert isinstance(ebpfHeader, ebpfInstance.SimpleInstance)
basetype = ebpfHeader.type
- eInstance = program.getInstance(instance.base_name)
+ eInstance = program.getInstance(instance.name)
ebpfField = basetype.getField(fieldname)
assert isinstance(ebpfField, ebpfStructType.EbpfField)
diff --git a/src/cc/libbpf.c b/src/cc/libbpf.c
index 8a7caec..5cf3554 100644
--- a/src/cc/libbpf.c
+++ b/src/cc/libbpf.c
@@ -521,14 +521,16 @@ int bpf_prog_load(enum bpf_prog_type prog_type, const char *name,
}
}
- if (strncmp(name, "kprobe__", 8) == 0)
- name_offset = 8;
- else if (strncmp(name, "tracepoint__", 12) == 0)
- name_offset = 12;
- else if (strncmp(name, "raw_tracepoint__", 16) == 0)
- name_offset = 16;
- memcpy(attr.prog_name, name + name_offset,
- min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1));
+ if (name_len) {
+ if (strncmp(name, "kprobe__", 8) == 0)
+ name_offset = 8;
+ else if (strncmp(name, "tracepoint__", 12) == 0)
+ name_offset = 12;
+ else if (strncmp(name, "raw_tracepoint__", 16) == 0)
+ name_offset = 16;
+ memcpy(attr.prog_name, name + name_offset,
+ min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1));
+ }
ret = syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr));
// BPF object name is not supported on older Kernels.
@@ -698,7 +700,7 @@ static int bpf_get_retprobe_bit(const char *event_type)
close(fd);
if (ret < 0 || ret >= sizeof(buf))
return -1;
- if (strlen(buf) < strlen("config:"))
+ if (strncmp(buf, "config:", strlen("config:")))
return -1;
errno = 0;
ret = (int)strtol(buf + strlen("config:"), NULL, 10);
--
2.17.2