diff options
author | Jerome Marchand <jmarchan@redhat.com> | 2018-11-01 06:18:14 +0100 |
---|---|---|
committer | yonghong-song <ys114321@gmail.com> | 2018-10-31 22:18:14 -0700 |
commit | 415bd4e43b2c27e3999923c16f5ff39f9b1adcae (patch) | |
tree | d5fddfd4b4733396781c5081943369b9813d339f | |
parent | b998421b18a34d0b47a6bda996c91bad12fa5da0 (diff) | |
download | bcc-415bd4e43b2c27e3999923c16f5ff39f9b1adcae.zip bcc-415bd4e43b2c27e3999923c16f5ff39f9b1adcae.tar.gz bcc-415bd4e43b2c27e3999923c16f5ff39f9b1adcae.tar.bz2 |
covscan: fix miscellaneaous errors (#2003)
* Coverity #def53: COPY_PASTE_ERROR
* Coverity #def18: DC.STREAM_BUFFER. Double-check max length of dev
* Coverity #def44: MISSING_BREAK. This looks like it should be here
* Coverity #def67: STRING_NULL: potential OOB read if 0 bytes read.
* Coverity #def66: FORWARD_NULL: potential null ptr deref
* Coverity #def17: RESOURCE_LEAK: missing free()
* Dont free the result of dirname
dirname() may return pointers to statically allocated memory. Don't
free the pointer it returns.
-rw-r--r-- | src/cc/bcc_elf.c | 11 | ||||
-rw-r--r-- | src/cc/bcc_proc.c | 4 | ||||
-rw-r--r-- | src/cc/frontends/b/type_check.cc | 1 | ||||
-rw-r--r-- | src/cc/frontends/p4/compiler/ebpfTable.py | 2 | ||||
-rw-r--r-- | src/cc/libbpf.c | 20 |
5 files changed, 22 insertions, 16 deletions
diff --git a/src/cc/bcc_elf.c b/src/cc/bcc_elf.c index c425db6..0c696bd 100644 --- a/src/cc/bcc_elf.c +++ b/src/cc/bcc_elf.c @@ -398,6 +398,7 @@ static int verify_checksum(const char *file, unsigned int crc) { static char *find_debug_via_debuglink(Elf *e, const char *binpath, int check_crc) { char fullpath[PATH_MAX]; + char *tmppath; char *bindir = NULL; char *res = NULL; unsigned int crc; @@ -406,8 +407,8 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath, if (!find_debuglink(e, &name, &crc)) return NULL; - bindir = strdup(binpath); - bindir = dirname(bindir); + tmppath = strdup(binpath); + bindir = dirname(tmppath); // Search for the file in 'binpath', but ignore the file we find if it // matches the binary itself: the binary will always be probed later on, @@ -434,9 +435,11 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath, } DONE: - free(bindir); - if (res && check_crc && !verify_checksum(res, crc)) + free(tmppath); + if (res && check_crc && !verify_checksum(res, crc)) { + free(res); return NULL; + } return res; } diff --git a/src/cc/bcc_proc.c b/src/cc/bcc_proc.c index d694eb9..f1c30c2 100644 --- a/src/cc/bcc_proc.c +++ b/src/cc/bcc_proc.c @@ -92,14 +92,14 @@ int bcc_procutils_each_module(int pid, bcc_procutils_modulecb callback, if (!procmap) return -1; - char buf[PATH_MAX + 1], perm[5], dev[8]; + char buf[PATH_MAX + 1], perm[5], dev[6]; char *name; uint64_t begin, end, inode; unsigned long long offset; while (true) { buf[0] = '\0'; // From fs/proc/task_mmu.c:show_map_vma - if (fscanf(procmap, "%lx-%lx %s %llx %s %lu%[^\n]", &begin, &end, perm, + if (fscanf(procmap, "%lx-%lx %4s %llx %5s %lu%[^\n]", &begin, &end, perm, &offset, dev, &inode, buf) != 7) break; diff --git a/src/cc/frontends/b/type_check.cc b/src/cc/frontends/b/type_check.cc index 8d49de9..7c5b7ce 100644 --- a/src/cc/frontends/b/type_check.cc +++ b/src/cc/frontends/b/type_check.cc @@ -204,6 +204,7 @@ StatusTuple TypeCheck::visit_binop_expr_node(BinopExprNode *n) { case Tok::TCGT: case Tok::TCGE: n->bit_width_ = 1; + break; default: n->bit_width_ = std::max(n->lhs_->bit_width_, n->rhs_->bit_width_); } diff --git a/src/cc/frontends/p4/compiler/ebpfTable.py b/src/cc/frontends/p4/compiler/ebpfTable.py index eb1efd9..4b7e023 100644 --- a/src/cc/frontends/p4/compiler/ebpfTable.py +++ b/src/cc/frontends/p4/compiler/ebpfTable.py @@ -110,7 +110,7 @@ class EbpfTableKey(object): ebpfHeader = program.getInstance(instance.name) assert isinstance(ebpfHeader, ebpfInstance.SimpleInstance) basetype = ebpfHeader.type - eInstance = program.getInstance(instance.base_name) + eInstance = program.getInstance(instance.name) ebpfField = basetype.getField(fieldname) assert isinstance(ebpfField, ebpfStructType.EbpfField) diff --git a/src/cc/libbpf.c b/src/cc/libbpf.c index 8a7caec..5cf3554 100644 --- a/src/cc/libbpf.c +++ b/src/cc/libbpf.c @@ -521,14 +521,16 @@ int bpf_prog_load(enum bpf_prog_type prog_type, const char *name, } } - if (strncmp(name, "kprobe__", 8) == 0) - name_offset = 8; - else if (strncmp(name, "tracepoint__", 12) == 0) - name_offset = 12; - else if (strncmp(name, "raw_tracepoint__", 16) == 0) - name_offset = 16; - memcpy(attr.prog_name, name + name_offset, - min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1)); + if (name_len) { + if (strncmp(name, "kprobe__", 8) == 0) + name_offset = 8; + else if (strncmp(name, "tracepoint__", 12) == 0) + name_offset = 12; + else if (strncmp(name, "raw_tracepoint__", 16) == 0) + name_offset = 16; + memcpy(attr.prog_name, name + name_offset, + min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1)); + } ret = syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr)); // BPF object name is not supported on older Kernels. @@ -698,7 +700,7 @@ static int bpf_get_retprobe_bit(const char *event_type) close(fd); if (ret < 0 || ret >= sizeof(buf)) return -1; - if (strlen(buf) < strlen("config:")) + if (strncmp(buf, "config:", strlen("config:"))) return -1; errno = 0; ret = (int)strtol(buf + strlen("config:"), NULL, 10); |