From a6d463ff0b018e902afe63801c8b2c1e9a92ddc2 Mon Sep 17 00:00:00 2001 From: Bobi Jam Date: Wed, 12 Apr 2017 01:34:32 +0800 Subject: [PATCH] LU-9315 pfl: static analysis issues 1. Buffer Overflow - Non-null Terminated String * lustre/utils/liblustreapi_layout.c: in llapi_layout_expected, Buffer overflow of 'donor_path' due to non null terminated string 'donor_path' 2. Use of Freed Memory by Pointer * lustre/utils/liblustreapi_layout.c: in llapi_layout_comp_del, Object 'comp' was dereferenced at line 1770 after being freed by calling '__llapi_comp_free' at line 1769 3. Result of function that may return NULL will be dereferenced * lustre/lov/lov_pack.c: in lov_unpackmd, Pointer 'lsm_op_find(magic)' returned from call to function 'lsm_op_find' at line 334 may be NULL and will be dereferenced at line 334. 4. Uninitialized Variable - possible * lustre/utils/liblustreapi.c: in find_check_comp_options, 'ret' might be used uninitialized in this function. Also there are 2 similar errors on lines 3243, 3264. Signed-off-by: Bobi Jam Change-Id: I397737affeaa409e97b0ed859efcd7ff2840cc89 Reviewed-on: https://review.whamcloud.com/26503 Tested-by: Jenkins Reviewed-by: Andreas Dilger Tested-by: Maloo Reviewed-by: Dmitry Eremin --- lustre/lov/lov_pack.c | 2 +- lustre/utils/liblustreapi.c | 2 +- lustre/utils/liblustreapi_layout.c | 11 ++++++----- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lustre/lov/lov_pack.c b/lustre/lov/lov_pack.c index f79827b..67dd99d 100644 --- a/lustre/lov/lov_pack.c +++ b/lustre/lov/lov_pack.c @@ -331,7 +331,7 @@ struct lov_stripe_md *lov_unpackmd(struct lov_obd *lov, void *buf, if (op == NULL) RETURN(ERR_PTR(-EINVAL)); - lsm = lsm_op_find(magic)->lsm_unpackmd(lov, buf, buf_size); + lsm = op->lsm_unpackmd(lov, buf, buf_size); RETURN(lsm); } diff --git a/lustre/utils/liblustreapi.c b/lustre/utils/liblustreapi.c index 08e06db..df4c165 100644 --- a/lustre/utils/liblustreapi.c +++ b/lustre/utils/liblustreapi.c @@ -3356,7 +3356,7 @@ static int find_check_comp_options(struct find_param *param) struct lov_comp_md_v1 *comp_v1; struct lov_user_md_v1 *v1 = ¶m->fp_lmd->lmd_lmm; struct lov_comp_md_entry_v1 *entry; - int i, ret; + int i, ret = 0; if (v1->lmm_magic != LOV_USER_MAGIC_COMP_V1) { if ((param->fp_check_comp_count && diff --git a/lustre/utils/liblustreapi_layout.c b/lustre/utils/liblustreapi_layout.c index 015adf5..83bab13 100644 --- a/lustre/utils/liblustreapi_layout.c +++ b/lustre/utils/liblustreapi_layout.c @@ -647,10 +647,12 @@ static void get_parent_dir(const char *path, char *buf, size_t size) strncpy(buf, path, size); p = strrchr(buf, '/'); - if (p != NULL) + if (p != NULL) { *p = '\0'; - else if (size >= 2) + } else if (size >= 2) { strncpy(buf, ".", 2); + buf[size - 1] = '\0'; + } } /** @@ -1769,11 +1771,10 @@ int llapi_layout_comp_del(struct llapi_layout *layout) return -1; } + layout->llot_cur_comp = + list_entry(comp->llc_list.prev, typeof(*comp), llc_list); list_del_init(&comp->llc_list); __llapi_comp_free(comp); - layout->llot_cur_comp = - list_entry(comp->llc_list.prev, typeof(*comp), - llc_list); return 0; } -- 1.8.3.1