Fix bugs in ext2 found by clang static analyzer

This commit is contained in:
Evgeniy Ivanov 2011-08-10 20:56:44 +00:00 committed by Ben Gras
parent 9602f63a72
commit 55c6f3f507
5 changed files with 19 additions and 16 deletions

View file

@ -183,7 +183,7 @@ PUBLIC int fs_unlink()
PUBLIC int fs_rdlink() PUBLIC int fs_rdlink()
{ {
block_t b; /* block containing link text */ block_t b; /* block containing link text */
struct buf *bp; /* buffer containing link text */ struct buf *bp = NULL; /* buffer containing link text */
char* link_text; /* either bp->b_data or rip->i_block */ char* link_text; /* either bp->b_data or rip->i_block */
register struct inode *rip; /* target inode */ register struct inode *rip; /* target inode */
register int r; /* return value */ register int r; /* return value */
@ -195,8 +195,6 @@ PUBLIC int fs_rdlink()
if( (rip = get_inode(fs_dev, (ino_t) fs_m_in.REQ_INODE_NR)) == NULL) if( (rip = get_inode(fs_dev, (ino_t) fs_m_in.REQ_INODE_NR)) == NULL)
return(EINVAL); return(EINVAL);
if (!S_ISLNK(rip->i_mode))
r = EACCES;
if (rip->i_size > MAX_FAST_SYMLINK_LENGTH) { if (rip->i_size > MAX_FAST_SYMLINK_LENGTH) {
/* normal symlink */ /* normal symlink */
if ((b = read_map(rip, (off_t) 0)) == NO_BLOCK) { if ((b = read_map(rip, (off_t) 0)) == NO_BLOCK) {
@ -219,7 +217,6 @@ PUBLIC int fs_rdlink()
/* We can safely cast to unsigned, because copylen is guaranteed to be /* We can safely cast to unsigned, because copylen is guaranteed to be
below max file size */ below max file size */
copylen = min( copylen, (unsigned) rip->i_size); copylen = min( copylen, (unsigned) rip->i_size);
bp = get_block(rip->i_dev, b, NORMAL);
r = sys_safecopyto(VFS_PROC_NR, (cp_grant_id_t) fs_m_in.REQ_GRANT, r = sys_safecopyto(VFS_PROC_NR, (cp_grant_id_t) fs_m_in.REQ_GRANT,
(vir_bytes) 0, (vir_bytes) link_text, (vir_bytes) 0, (vir_bytes) link_text,
(size_t) copylen, D); (size_t) copylen, D);
@ -353,12 +350,16 @@ PUBLIC int fs_rename()
old_ip = NULL; old_ip = NULL;
if (r == EENTERMOUNT) r = EXDEV; /* should this fail at all? */ if (r == EENTERMOUNT) r = EXDEV; /* should this fail at all? */
else if (r == ELEAVEMOUNT) r = EINVAL; /* rename on dot-dot */ else if (r == ELEAVEMOUNT) r = EINVAL; /* rename on dot-dot */
} else if (old_ip == NULL) {
return(err_code);
} }
/* Get new dir inode */ /* Get new dir inode */
if( (new_dirp = get_inode(fs_dev, (ino_t) fs_m_in.REQ_REN_NEW_DIR)) == NULL) if( (new_dirp = get_inode(fs_dev, (ino_t) fs_m_in.REQ_REN_NEW_DIR)) == NULL) {
r = err_code; put_inode(old_ip);
else { put_inode(old_dirp);
return(err_code);
} else {
if (new_dirp->i_links_count == NO_LINK) { /* Dir does not actually exist */ if (new_dirp->i_links_count == NO_LINK) { /* Dir does not actually exist */
put_inode(old_ip); put_inode(old_ip);
put_inode(old_dirp); put_inode(old_dirp);
@ -699,7 +700,6 @@ int half;
} else { } else {
len = offset; len = offset;
pos -= offset; pos -= offset;
offset = 0;
} }
zeroblock_range(rip, pos, len); zeroblock_range(rip, pos, len);

View file

@ -46,7 +46,7 @@ PUBLIC int main(int argc, char *argv[])
* three major activities: getting new work, processing the work, and * three major activities: getting new work, processing the work, and
* sending the reply. The loop never terminates, unless a panic occurs. * sending the reply. The loop never terminates, unless a panic occurs.
*/ */
int error, ind, transid; int error = OK, ind, transid;
unsigned short test_endian = 1; unsigned short test_endian = 1;
/* SEF local startup. */ /* SEF local startup. */
@ -74,7 +74,6 @@ PUBLIC int main(int argc, char *argv[])
assert(IS_VFS_FS_TRANSID(transid)); assert(IS_VFS_FS_TRANSID(transid));
src = fs_m_in.m_source; src = fs_m_in.m_source;
error = OK;
caller_uid = INVAL_UID; /* To trap errors */ caller_uid = INVAL_UID; /* To trap errors */
caller_gid = INVAL_GID; caller_gid = INVAL_GID;
req_nr = fs_m_in.m_type; req_nr = fs_m_in.m_type;

View file

@ -229,13 +229,16 @@ PUBLIC int fs_slink()
sip->i_dirt = DIRTY; sip->i_dirt = DIRTY;
link_target_buf = (char*) sip->i_block; link_target_buf = (char*) sip->i_block;
} else { } else {
r = (bp = new_block(sip, (off_t) 0)) == NULL ? err_code : if ((bp = new_block(sip, (off_t) 0)) != NULL) {
sys_safecopyfrom(VFS_PROC_NR, sys_safecopyfrom(VFS_PROC_NR,
(cp_grant_id_t) fs_m_in.REQ_GRANT3, (cp_grant_id_t) fs_m_in.REQ_GRANT3,
(vir_bytes) 0, (vir_bytes) bp->b_data, (vir_bytes) 0, (vir_bytes) bp->b_data,
(vir_bytes) fs_m_in.REQ_MEM_SIZE, D); (vir_bytes) fs_m_in.REQ_MEM_SIZE, D);
bp->b_dirt = DIRTY; bp->b_dirt = DIRTY;
link_target_buf = bp->b_data; link_target_buf = bp->b_data;
} else {
r = err_code;
}
} }
if (r == OK) { if (r == OK) {
link_target_buf[fs_m_in.REQ_MEM_SIZE] = '\0'; link_target_buf[fs_m_in.REQ_MEM_SIZE] = '\0';

View file

@ -432,7 +432,7 @@ unsigned bytes_ahead; /* bytes beyond position for immediate use */
block_t block, blocks_left; block_t block, blocks_left;
off_t ind1_pos; off_t ind1_pos;
dev_t dev; dev_t dev;
struct buf *bp; struct buf *bp = NULL;
static unsigned int readqsize = 0; static unsigned int readqsize = 0;
static struct buf **read_q; static struct buf **read_q;
@ -456,6 +456,7 @@ unsigned bytes_ahead; /* bytes beyond position for immediate use */
block = baseblock; block = baseblock;
bp = get_block(dev, block, PREFETCH); bp = get_block(dev, block, PREFETCH);
assert(bp != NULL);
if (bp->b_dev != NO_DEV) return(bp); if (bp->b_dev != NO_DEV) return(bp);
/* The best guess for the number of blocks to prefetch: A lot. /* The best guess for the number of blocks to prefetch: A lot.

View file

@ -106,7 +106,7 @@ int op; /* special actions */
* or newly created. * or newly created.
* If there wasn't one and WMAP_FREE is set, 'b3' is NO_BLOCK. * If there wasn't one and WMAP_FREE is set, 'b3' is NO_BLOCK.
*/ */
if (b3 == NO_BLOCK) { if (b3 == NO_BLOCK && (op & WMAP_FREE)) {
/* WMAP_FREE and no triple indirect block - then no /* WMAP_FREE and no triple indirect block - then no
* double and single indirect blocks either. * double and single indirect blocks either.
*/ */
@ -147,7 +147,7 @@ int op; /* special actions */
* or newly created. * or newly created.
* If there wasn't one and WMAP_FREE is set, 'b2' is NO_BLOCK. * If there wasn't one and WMAP_FREE is set, 'b2' is NO_BLOCK.
*/ */
if (b2 == NO_BLOCK) { if (b2 == NO_BLOCK && (op & WMAP_FREE)) {
/* WMAP_FREE and no double indirect block - then no /* WMAP_FREE and no double indirect block - then no
* single indirect block either. * single indirect block either.
*/ */