Fix several problems found by Coverity.

lib/libmt/mtlib.c: In mt_start_element(), make sure we don't overflow the cur_sb array. CID 1271325 usr.bin/mt/mt.c: In main(), bzero the mt_com structure so that we aren't using any uninitialized stack variables. CID 1271319 In mt_param(), only allow one -s and one -p argument. This will prevent a memory leak caused by overwriting the param_name and/or param_value variables. CID 1271320 and CID 1271322 To make things simpler in mt_param(), make sure there there is only one exit path for the function. Make sure the arguments are explicitly freed. Sponsored by: Spectra Logic Pointed out by: emaste MFC after: 1 month
author: ken <ken@FreeBSD.org> 2015-02-25 04:30:23 +0000
committer: ken <ken@FreeBSD.org> 2015-02-25 04:30:23 +0000
commit: 917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7 (patch)
tree: 0dee7b276c03c17fd6f8c18d4ff9670eb9376e7d /lib/libmt
parent: 1a0d38818e867b19f837592c481c2f345c6acd49 (diff)
download: FreeBSD-src-917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7.zip
FreeBSD-src-917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libmt/mtlib.c b/lib/libmt/mtlib.c
index 2329fa6..ad73381 100644
--- a/lib/libmt/mtlib.c
+++ b/lib/libmt/mtlib.c
@@ -68,7 +68,7 @@ mt_start_element(void *user_data, const char *name, const char **attr)
 		return;
 
 	mtinfo->level++;
-	if ((u_int)mtinfo->level > (sizeof(mtinfo->cur_sb) /
+	if ((u_int)mtinfo->level >= (sizeof(mtinfo->cur_sb) /
             sizeof(mtinfo->cur_sb[0]))) {
 		mtinfo->error = 1;
                 snprintf(mtinfo->error_str, sizeof(mtinfo->error_str),
author	ken <ken@FreeBSD.org>	2015-02-25 04:30:23 +0000
committer	ken <ken@FreeBSD.org>	2015-02-25 04:30:23 +0000
commit	917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7 (patch)
tree	0dee7b276c03c17fd6f8c18d4ff9670eb9376e7d /lib/libmt
parent	1a0d38818e867b19f837592c481c2f345c6acd49 (diff)
download	FreeBSD-src-917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7.zip FreeBSD-src-917c14a976570c7f0bbdb0914cb7fdeb6f9f19e7.tar.gz