From 9a79920ef9895041c09abefd8b3cf6763cac3b99 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Mon, 2 Jul 2018 15:06:12 +0900 Subject: [PATCH] Static analysis fixes Change-Id: I7bc42545a1c497f704d7bfa6ea1b7e3893acc697 --- arch/x86_64/kernel/syscall.c | 4 +-- executer/user/arch/x86_64/arch-eclair.c | 4 +-- executer/user/mcexec.c | 37 ++++++++++++++++++------- kernel/fileobj.c | 4 ++- kernel/syscall.c | 5 ++-- 5 files changed, 36 insertions(+), 18 deletions(-) diff --git a/arch/x86_64/kernel/syscall.c b/arch/x86_64/kernel/syscall.c index f41fa288..42d27c79 100644 --- a/arch/x86_64/kernel/syscall.c +++ b/arch/x86_64/kernel/syscall.c @@ -2081,7 +2081,7 @@ int do_process_vm_read_writev(int pid, range = lookup_process_memory_range(lthread->vm, (uintptr_t)local_iov, - (uintptr_t)(local_iov + liovcnt * sizeof(struct iovec))); + (uintptr_t)(local_iov + liovcnt)); if (!range) { ret = -EFAULT; @@ -2090,7 +2090,7 @@ int do_process_vm_read_writev(int pid, range = lookup_process_memory_range(lthread->vm, (uintptr_t)remote_iov, - (uintptr_t)(remote_iov + riovcnt * sizeof(struct iovec))); + (uintptr_t)(remote_iov + riovcnt)); if (!range) { ret = -EFAULT; diff --git a/executer/user/arch/x86_64/arch-eclair.c b/executer/user/arch/x86_64/arch-eclair.c index 841a92a9..6b1b0d2a 100644 --- a/executer/user/arch/x86_64/arch-eclair.c +++ b/executer/user/arch/x86_64/arch-eclair.c @@ -42,7 +42,7 @@ int print_kregs(char *rbp, size_t rbp_size, const struct arch_kregs *kregs) } for (i = 0; i < sizeof(regs_1)/sizeof(regs_1[0]); i++) { /* rsi, rdi, rbp, rsp */ - ret = print_bin(rbp, rbp_size, (void *)regs_1[i], sizeof(regs_1[0])); + ret = print_bin(rbp, rbp_size, regs_1 + i, sizeof(regs_1[0])); if (ret < 0) { return ret; } @@ -62,7 +62,7 @@ int print_kregs(char *rbp, size_t rbp_size, const struct arch_kregs *kregs) } for (i = 0; i < sizeof(regs_2)/sizeof(regs_2[0]); i++) { /* r12-r15 */ - ret = print_bin(rbp, rbp_size, (void *)regs_2[i], sizeof(regs_2[0])); + ret = print_bin(rbp, rbp_size, regs_2 + i, sizeof(regs_2[0])); if (ret < 0) { return ret; } diff --git a/executer/user/mcexec.c b/executer/user/mcexec.c index 5260dbdf..20474448 100644 --- a/executer/user/mcexec.c +++ b/executer/user/mcexec.c @@ -441,10 +441,12 @@ struct program_load_desc *load_interp(struct program_load_desc *desc0, FILE *fp) for (i = 0; i < hdr.e_phnum; i++) { if (fread(&phdr, sizeof(phdr), 1, fp) < 1) { __eprintf("Loading phdr failed (%d)\n", i); + free(desc); return NULL; } if (phdr.p_type == PT_INTERP) { __eprint("PT_INTERP on interp\n"); + free(desc); return NULL; } if (phdr.p_type == PT_LOAD) { @@ -505,11 +507,13 @@ retry: if (!execvp) { if (strlen(filename) + 1 > max_len) { + free(link_path); return ENAMETOOLONG; } strcpy(path, filename); error = access(path, X_OK); if (error) { + free(link_path); return errno; } found = 1; @@ -521,6 +525,7 @@ retry: } if (strlen(filename) >= 255) { + free(link_path); return ENAMETOOLONG; } @@ -530,6 +535,7 @@ retry: tofree = string = strdup(PATH); if (string == NULL) { printf("lookup_exec_path(): copying PATH, not enough memory?\n"); + free(link_path); return ENOMEM; } @@ -550,7 +556,8 @@ retry: } free(tofree); - if(!found){ + if (!found) { + free(link_path); return ENOENT; } break; @@ -562,6 +569,7 @@ retry: if (error < 0 || error >= max_len) { fprintf(stderr, "lookup_exec_path(): array too small?\n"); + free(link_path); return ENOMEM; } @@ -581,6 +589,7 @@ retry: if (error < 0 || error >= max_len) { fprintf(stderr, "lookup_exec_path(): array too small?\n"); + free(link_path); return ENOMEM; } @@ -611,6 +620,7 @@ retry: error = readlink(path, link_path, max_len); if (error == -1 || error == max_len) { fprintf(stderr, "lookup_exec_path(): error readlink\n"); + free(link_path); return EINVAL; } link_path[error] = '\0'; @@ -628,7 +638,7 @@ retry: filename = link_path; goto retry; } - + if (!found) { fprintf(stderr, "lookup_exec_path(): error finding file %s\n", filename); @@ -677,6 +687,7 @@ int load_elf_desc(char *filename, struct program_load_desc **desc_p, if (fread(&header, 1, 2, fp) != 2) { fprintf(stderr, "Error: Failed to read header from %s\n", filename); + fclose(fp); return errno; } @@ -699,6 +710,7 @@ int load_elf_desc(char *filename, struct program_load_desc **desc_p, if ((ret = ioctl(fd, MCEXEC_UP_OPEN_EXEC, filename)) != 0) { fprintf(stderr, "Error: open_exec() fails for %s: %d (fd: %d)\n", filename, ret, fd); + fclose(fp); return ret; } @@ -713,6 +725,7 @@ int load_elf_desc(char *filename, struct program_load_desc **desc_p, if (!exec_path) { fprintf(stderr, "WARNING: strdup(filename) failed\n"); + fclose(fp); return ENOMEM; } } @@ -720,12 +733,14 @@ int load_elf_desc(char *filename, struct program_load_desc **desc_p, char *cwd = getcwd(NULL, 0); if (!cwd) { fprintf(stderr, "Error: getting current working dir pathname\n"); + fclose(fp); return ENOMEM; } exec_path = malloc(strlen(cwd) + strlen(filename) + 2); if (!exec_path) { fprintf(stderr, "Error: allocating exec_path\n"); + fclose(fp); return ENOMEM; } @@ -735,8 +750,8 @@ int load_elf_desc(char *filename, struct program_load_desc **desc_p, desc = load_elf(fp, &interp_path); if (!desc) { - fclose(fp); fprintf(stderr, "Error: Failed to parse ELF!\n"); + fclose(fp); return 1; } @@ -746,18 +761,22 @@ int load_elf_desc(char *filename, struct program_load_desc **desc_p, path = search_file(interp_path, X_OK); if (!path) { fprintf(stderr, "Error: interp not found: %s\n", interp_path); + fclose(fp); return 1; } interp = fopen(path, "rb"); if (!interp) { fprintf(stderr, "Error: Failed to open %s\n", path); + fclose(fp); return 1; } desc = load_interp(desc, interp); if (!desc) { fprintf(stderr, "Error: Failed to parse interp!\n"); + fclose(fp); + fclose(interp); return 1; } } @@ -1775,11 +1794,7 @@ void bind_mount_recursive(const char *root, char *prefix) return; } - if (!(entry = readdir(dir))) { - return; - } - - do { + while ((entry = readdir(dir))) { len = snprintf(path, sizeof(path) - 1, "%s/%s", prefix, entry->d_name); path[len] = 0; @@ -1813,7 +1828,6 @@ void bind_mount_recursive(const char *root, char *prefix) } } } - while ((entry = readdir(dir)) != NULL); closedir(dir); } @@ -2712,7 +2726,8 @@ do_generic_syscall( sprintf(proc_path, "/proc/self/fd/%d", (int)w->sr.args[0]); /* Get filename */ - if ((len = readlink(proc_path, path, sizeof(path))) < 0) { + len = readlink(proc_path, path, sizeof(path)); + if (len < 0 || len >= sizeof(path)) { fprintf(stderr, "%s: error: readlink() failed for %s\n", __FUNCTION__, proc_path); goto out; @@ -3387,6 +3402,8 @@ int main_loop(struct thread_data_s *my_thread) ret = open(fn, w.sr.args[2], w.sr.args[3]); SET_ERR(ret); do_syscall_return(fd, cpu, ret, 0, 0, 0, 0); + if (ret >= 0) + close(ret); break; case __NR_futex: diff --git a/kernel/fileobj.c b/kernel/fileobj.c index 36c96330..550eff23 100644 --- a/kernel/fileobj.c +++ b/kernel/fileobj.c @@ -656,7 +656,9 @@ static int fileobj_get_page(struct memobj *memobj, off_t off, npages = 1 << p2align; virt = ihk_mc_alloc_pages_user(npages, (IHK_MC_AP_NOWAIT | - (to_memobj(obj)->flags & MF_ZEROFILL) ? IHK_MC_AP_USER : 0), virt_addr); + ((to_memobj(obj)->flags & MF_ZEROFILL) ? + IHK_MC_AP_USER : 0)), + virt_addr); if (!virt) { error = -ENOMEM; kprintf("fileobj_get_page(%p,%lx,%x,%x,%p):" diff --git a/kernel/syscall.c b/kernel/syscall.c index 08bc00c1..ffdedb21 100644 --- a/kernel/syscall.c +++ b/kernel/syscall.c @@ -8018,9 +8018,8 @@ SYSCALL_DECLARE(msync) if ((range->flag & VR_PRIVATE) || !range->memobj || !memobj_has_pager(range->memobj)) { - dkprintf("sys_msync(%#lx,%#lx,%#x):" - "unsyncable VMR %d %#lx-%#lx %#lx\n", - start0, len0, flags, error, + dkprintf("sys_msync(%#lx,%#lx,%#x):unsyncable VMR %#lx-%#lx %#lx\n", + start0, len0, flags, range->start, range->end, range->flag); /* nothing to do */ continue;