diff options
author | asomers <asomers@FreeBSD.org> | 2017-02-02 18:27:20 +0000 |
---|---|---|
committer | asomers <asomers@FreeBSD.org> | 2017-02-02 18:27:20 +0000 |
commit | a766b842dd5c8d955f98bec419d78c2c143734db (patch) | |
tree | c705fab6d5ca9b83a4b12abb07036a4d2546d510 | |
parent | 96413020c324b010a7fe7febe571f213bdedb892 (diff) | |
download | FreeBSD-src-a766b842dd5c8d955f98bec419d78c2c143734db.zip FreeBSD-src-a766b842dd5c8d955f98bec419d78c2c143734db.tar.gz |
MFC r311160, r311210, r311288, r311292, r311298, r311340
r311160:
misc minor fixes in mpr(4)
sys/dev/mpr/mpr_sas.c
* Fix a potential null pointer dereference (CID 1305731)
* Check for overrun of the ccb_scsiio.cdb_io.cdb_bytes buffer (CID
1211934)
sys/dev/mpr/mpr_sas_lsi.c
* Nullify a dangling pointer in mprsas_get_sata_identify
* Fix a memory leak in mprsas_SSU_to_SATA_devices (CID 1211935)
Reported by: Coverity (partially)
CID: 1305731 1211934 1211935
Reviewed by: slm
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D8880
r311210:
Quell Coverity for diskinfo(8)
* CID 1198994: Don't run the speed disk on a disk with no sectors
* CID 1011442: Don't call close(2) if open(2) fails
* CID 1011161: Use snprintf instead of sprintf
* CID 1009825: Check the return value of lseek
Reported by: Coverity
CID: 1198994 1011442 1011161 1009825
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311288:
Delete dead code in chat(8)
It's always been dead, ever since first import in 1994. It's still dead in
OpenBSD's version, too.
Reported by: Coverity
CID: 270586
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311292:
Remove dead code in rpc_parse.c
It's been dead ever since it was imported from TI-RPC in 1995. The dead
code is still present in Illumos today, but was removed from NetBSD in 2006.
Reported by: Coverity
CID: 270097
Obtained from: NetBSD
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311298:
Remove dead code in dhclient(8)
The offending code has been dead ever since the import from OpenBSD in
r195805. OpenBSD later deleted that entire function.
Reported by: Coverity
CID: 500059
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311340:
Misc Coverity fixes for tail(1)
CID 1006402: Initialize stack variable
CID 271580: Don't leak memory when ENOMEM.
Reported by: Coverity
CID: 271580 1006402
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
-rw-r--r-- | sbin/dhclient/dispatch.c | 8 | ||||
-rw-r--r-- | sys/dev/mpr/mpr_sas.c | 7 | ||||
-rw-r--r-- | sys/dev/mpr/mpr_sas_lsi.c | 15 | ||||
-rw-r--r-- | usr.bin/chat/chat.c | 9 | ||||
-rw-r--r-- | usr.bin/rpcgen/rpc_parse.c | 10 | ||||
-rw-r--r-- | usr.bin/tail/reverse.c | 9 | ||||
-rw-r--r-- | usr.sbin/diskinfo/diskinfo.c | 11 |
7 files changed, 32 insertions, 37 deletions
diff --git a/sbin/dhclient/dispatch.c b/sbin/dhclient/dispatch.c index 3317ceb..d493717 100644 --- a/sbin/dhclient/dispatch.c +++ b/sbin/dhclient/dispatch.c @@ -453,16 +453,12 @@ add_protocol(char *name, int fd, void (*handler)(struct protocol *), void remove_protocol(struct protocol *proto) { - struct protocol *p, *next, *prev; + struct protocol *p, *next; - prev = NULL; for (p = protocols; p; p = next) { next = p->next; if (p == proto) { - if (prev) - prev->next = p->next; - else - protocols = p->next; + protocols = p->next; free(p); } } diff --git a/sys/dev/mpr/mpr_sas.c b/sys/dev/mpr/mpr_sas.c index d44e502..c9d83d8 100644 --- a/sys/dev/mpr/mpr_sas.c +++ b/sys/dev/mpr/mpr_sas.c @@ -1846,8 +1846,12 @@ mprsas_action_scsiio(struct mprsas_softc *sassc, union ccb *ccb) if (csio->ccb_h.flags & CAM_CDB_POINTER) bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len); - else + else { + KASSERT(csio->cdb_len <= IOCDBLEN, + ("cdb_len %d is greater than IOCDBLEN but CAM_CDB_POINTER is not set", + csio->cdb_len)); bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len); + } req->IoFlags = htole16(csio->cdb_len); /* @@ -2429,6 +2433,7 @@ mprsas_scsiio_complete(struct mpr_softc *sc, struct mpr_command *cm) * driver is being shutdown. */ if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) && + (csio->data_ptr != NULL) && ((csio->data_ptr[0] & 0x1f) == T_DIRECT) && (sc->mapping_table[target_id].device_info & MPI2_SAS_DEVICE_INFO_SATA_DEVICE) && diff --git a/sys/dev/mpr/mpr_sas_lsi.c b/sys/dev/mpr/mpr_sas_lsi.c index 640338a..aeb9864 100644 --- a/sys/dev/mpr/mpr_sas_lsi.c +++ b/sys/dev/mpr/mpr_sas_lsi.c @@ -1056,6 +1056,7 @@ out: mpr_free_command(sc, cm); else if (error == 0) error = EWOULDBLOCK; + cm->cm_data = NULL; free(buffer, M_MPR); return (error); } @@ -1196,18 +1197,18 @@ mprsas_SSU_to_SATA_devices(struct mpr_softc *sc) continue; } - ccb = xpt_alloc_ccb_nowait(); - if (ccb == NULL) { - mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB to stop " - "unit.\n"); - return; - } - /* * The stop_at_shutdown flag will be set if this device is * a SATA direct-access end device. */ if (target->stop_at_shutdown) { + ccb = xpt_alloc_ccb_nowait(); + if (ccb == NULL) { + mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB to stop " + "unit.\n"); + return; + } + if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, pathid, targetid, CAM_LUN_WILDCARD) != CAM_REQ_CMP) { diff --git a/usr.bin/chat/chat.c b/usr.bin/chat/chat.c index 107d951..059aa24 100644 --- a/usr.bin/chat/chat.c +++ b/usr.bin/chat/chat.c @@ -1173,7 +1173,7 @@ int get_string(char *string) { char temp[STR_LEN]; - int c, printed = 0; + int c; size_t len, minlen; char *s = temp, *end = s + STR_LEN; char *logged = temp; @@ -1306,13 +1306,6 @@ get_string(char *string) alarm(0); - if (verbose && printed) { - if (alarmed) - chat_logf(" -- read timed out"); - else - chat_logf(" -- read failed: %m"); - } - exit_code = 3; alarmed = 0; return (0); diff --git a/usr.bin/rpcgen/rpc_parse.c b/usr.bin/rpcgen/rpc_parse.c index 69392b7..9f88033 100644 --- a/usr.bin/rpcgen/rpc_parse.c +++ b/usr.bin/rpcgen/rpc_parse.c @@ -290,7 +290,6 @@ def_union(definition *defp) declaration dec; case_list *cases; case_list **tailp; - int flag; defp->def_kind = DEF_UNION; scan(TOK_IDENT, &tok); @@ -309,7 +308,6 @@ def_union(definition *defp) cases->case_name = tok.str; scan(TOK_COLON, &tok); /* now peek at next token */ - flag = 0; if (peekscan(TOK_CASE, &tok)){ do { scan2(TOK_IDENT, TOK_CHARCONST, &tok); @@ -322,14 +320,6 @@ def_union(definition *defp) scan(TOK_COLON, &tok); } while (peekscan(TOK_CASE, &tok)); } - else - if (flag) - { - - *tailp = cases; - tailp = &cases->next; - cases = XALLOC(case_list); - } get_declaration(&dec, DEF_UNION); cases->case_decl = dec; diff --git a/usr.bin/tail/reverse.c b/usr.bin/tail/reverse.c index 511f88c..8726905 100644 --- a/usr.bin/tail/reverse.c +++ b/usr.bin/tail/reverse.c @@ -117,6 +117,7 @@ r_reg(FILE *fp, const char *fn, enum STYLE style, off_t off, struct stat *sbp) map.start = NULL; map.mapoff = map.maxoff = size; map.fd = fileno(fp); + map.maplen = 0; /* * Last char is special, ignore whether newline or not. Note that @@ -205,7 +206,13 @@ r_buf(FILE *fp, const char *fn) (tl->l = malloc(BSZ)) == NULL) { if (!mark) err(1, "malloc"); - tl = enomem ? tl->next : mark; + if (enomem) + tl = tl->next; + else { + if (tl) + free(tl); + tl = mark; + } enomem += tl->len; } else if (mark) { tl->next = mark; diff --git a/usr.sbin/diskinfo/diskinfo.c b/usr.sbin/diskinfo/diskinfo.c index 373b3fe..c984f3e 100644 --- a/usr.sbin/diskinfo/diskinfo.c +++ b/usr.sbin/diskinfo/diskinfo.c @@ -94,13 +94,12 @@ main(int argc, char **argv) for (i = 0; i < argc; i++) { fd = open(argv[i], O_RDONLY); if (fd < 0 && errno == ENOENT && *argv[i] != '/') { - sprintf(buf, "%s%s", _PATH_DEV, argv[i]); + snprintf(buf, BUFSIZ, "%s%s", _PATH_DEV, argv[i]); fd = open(buf, O_RDONLY); } if (fd < 0) { warn("%s", argv[i]); - exitval = 1; - goto out; + exit(1); } error = ioctl(fd, DIOCGMEDIASIZE, &mediasize); if (error) { @@ -186,7 +185,8 @@ rdsect(int fd, off_t blockno, u_int sectorsize) { int error; - lseek(fd, (off_t)blockno * sectorsize, SEEK_SET); + if (lseek(fd, (off_t)blockno * sectorsize, SEEK_SET) == -1) + err(1, "lseek"); error = read(fd, sector, sectorsize); if (error == -1) err(1, "read"); @@ -251,6 +251,9 @@ speeddisk(int fd, off_t mediasize, u_int sectorsize) off_t b0, b1, sectorcount, step; sectorcount = mediasize / sectorsize; + if (sectorcount <= 0) + return; /* Can't test devices with no sectors */ + step = 1ULL << (flsll(sectorcount / (4 * 200)) - 1); if (step > 16384) step = 16384; |