LU-9315 pfl: static analysis issues

1. Buffer Overflow - Non-null Terminated String
 * lustre/utils/liblustreapi_layout.c: in llapi_layout_expected,
   Buffer overflow of 'donor_path' due to non null terminated string
   'donor_path'
2. Use of Freed Memory by Pointer
 * lustre/utils/liblustreapi_layout.c: in llapi_layout_comp_del,
   Object 'comp' was dereferenced at line 1770 after being freed by
   calling '__llapi_comp_free' at line 1769
3. Result of function that may return NULL will be dereferenced
 * lustre/lov/lov_pack.c: in lov_unpackmd, Pointer
   'lsm_op_find(magic)' returned from call to function 'lsm_op_find'
   at line 334 may be NULL and will be dereferenced at line 334.
4. Uninitialized Variable - possible
 * lustre/utils/liblustreapi.c: in find_check_comp_options, 'ret'
   might be used uninitialized in this function. Also there are 2
   similar errors on lines 3243, 3264.

Signed-off-by: Bobi Jam <bobijam.xu@intel.com>
Change-Id: I397737affeaa409e97b0ed859efcd7ff2840cc89
Reviewed-on: https://review.whamcloud.com/26503
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>

diff --git a/lustre/lov/lov_pack.c b/lustre/lov/lov_pack.c
index f79827b..67dd99d 100644 (file)
--- a/lustre/lov/lov_pack.c
+++ b/lustre/lov/lov_pack.c
@@ -331,7 +331,7 @@ struct lov_stripe_md *lov_unpackmd(struct lov_obd *lov, void *buf,
        if (op == NULL)
                RETURN(ERR_PTR(-EINVAL));
 
-       lsm = lsm_op_find(magic)->lsm_unpackmd(lov, buf, buf_size);
+       lsm = op->lsm_unpackmd(lov, buf, buf_size);
 
        RETURN(lsm);
 }

diff --git a/lustre/utils/liblustreapi.c b/lustre/utils/liblustreapi.c
index 08e06db..df4c165 100644 (file)
--- a/lustre/utils/liblustreapi.c
+++ b/lustre/utils/liblustreapi.c
@@ -3356,7 +3356,7 @@ static int find_check_comp_options(struct find_param *param)
        struct lov_comp_md_v1 *comp_v1;
        struct lov_user_md_v1 *v1 = &param->fp_lmd->lmd_lmm;
        struct lov_comp_md_entry_v1 *entry;
-       int i, ret;
+       int i, ret = 0;
 
        if (v1->lmm_magic != LOV_USER_MAGIC_COMP_V1) {
                if ((param->fp_check_comp_count &&

diff --git a/lustre/utils/liblustreapi_layout.c b/lustre/utils/liblustreapi_layout.c
index 015adf5..83bab13 100644 (file)
--- a/lustre/utils/liblustreapi_layout.c
+++ b/lustre/utils/liblustreapi_layout.c
@@ -647,10 +647,12 @@ static void get_parent_dir(const char *path, char *buf, size_t size)
        strncpy(buf, path, size);
        p = strrchr(buf, '/');
 
-       if (p != NULL)
+       if (p != NULL) {
                *p = '\0';
-       else if (size >= 2)
+       } else if (size >= 2) {
                strncpy(buf, ".", 2);
+               buf[size - 1] = '\0';
+       }
 }
 
 /**
@@ -1769,11 +1771,10 @@ int llapi_layout_comp_del(struct llapi_layout *layout)
                return -1;
        }
 
+       layout->llot_cur_comp =
+               list_entry(comp->llc_list.prev, typeof(*comp), llc_list);
        list_del_init(&comp->llc_list);
        __llapi_comp_free(comp);
-       layout->llot_cur_comp =
-               list_entry(comp->llc_list.prev, typeof(*comp),
-                          llc_list);
 
        return 0;
 }