1. Buffer Overflow - Non-null Terminated String
* lustre/utils/liblustreapi_layout.c: in llapi_layout_expected,
Buffer overflow of 'donor_path' due to non null terminated string
'donor_path'
2. Use of Freed Memory by Pointer
* lustre/utils/liblustreapi_layout.c: in llapi_layout_comp_del,
Object 'comp' was dereferenced at line 1770 after being freed by
calling '__llapi_comp_free' at line 1769
3. Result of function that may return NULL will be dereferenced
* lustre/lov/lov_pack.c: in lov_unpackmd, Pointer
'lsm_op_find(magic)' returned from call to function 'lsm_op_find'
at line 334 may be NULL and will be dereferenced at line 334.
4. Uninitialized Variable - possible
* lustre/utils/liblustreapi.c: in find_check_comp_options, 'ret'
might be used uninitialized in this function. Also there are 2
similar errors on lines 3243, 3264.
Signed-off-by: Bobi Jam <bobijam.xu@intel.com>
Change-Id: I397737affeaa409e97b0ed859efcd7ff2840cc89
Reviewed-on: https://review.whamcloud.com/26503
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
if (op == NULL)
RETURN(ERR_PTR(-EINVAL));
- lsm = lsm_op_find(magic)->lsm_unpackmd(lov, buf, buf_size);
+ lsm = op->lsm_unpackmd(lov, buf, buf_size);
RETURN(lsm);
}
struct lov_comp_md_v1 *comp_v1;
struct lov_user_md_v1 *v1 = ¶m->fp_lmd->lmd_lmm;
struct lov_comp_md_entry_v1 *entry;
- int i, ret;
+ int i, ret = 0;
if (v1->lmm_magic != LOV_USER_MAGIC_COMP_V1) {
if ((param->fp_check_comp_count &&
strncpy(buf, path, size);
p = strrchr(buf, '/');
- if (p != NULL)
+ if (p != NULL) {
*p = '\0';
- else if (size >= 2)
+ } else if (size >= 2) {
strncpy(buf, ".", 2);
+ buf[size - 1] = '\0';
+ }
}
/**
return -1;
}
+ layout->llot_cur_comp =
+ list_entry(comp->llc_list.prev, typeof(*comp), llc_list);
list_del_init(&comp->llc_list);
__llapi_comp_free(comp);
- layout->llot_cur_comp =
- list_entry(comp->llc_list.prev, typeof(*comp),
- llc_list);
return 0;
}