From 10f80df01825066987452b11a9ec785555540c64 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Andre Date: Tue, 29 Oct 2013 13:54:15 +0900 Subject: [PATCH] evas/cserve2: Fix new Coverity issues Nothing extraordinary here. Most potential crashes are extremely unlikely. - Fix CID 1113444 - Fix CID 1113442 - Fix CID 1113441 (Logically dead code, can not be NULL) - Fix CID 1113440: Explicit null dereferenced This is actually an impossible situation. Fixed by checking for nullity and printing out some error messages instead of just crashing. - Fix CID 1113439: Dereference after null check Logically impossible code as both idxpath and datapath must be either set or null at the same time. Change the if logic to tell Coverity there's no bug. - Fix CID 1113438 (Argument cannot be negative) Fix wrong check of return value from shm_open. - Fix CID 1113437 (Argument cannot be negative) Fix wrong check of return value from shm_open. - Fix CID 1113436 (Dereference null return value) This case really shouldn't happen. But the extra check does not hurt. - Fix CID 1113435 (Dereference before null check) Check for nullity after map open. - Fix CID 1113434 (Extra sizeof expression) Debug buggy debug tool :) - Fix CID 1113433 (Uninitialized scalar variable) Insignificant issue: only prints wrong debug logs :) - Fix CID 1113431 (Uninitialized scalar value) Check if (!found) only to print out logs. Not a big deal if found was invalid. - Fix CID 1039462 (Logically dead code) --- src/bin/evas/dummy_slave.c | 2 +- src/bin/evas/evas_cserve2_cache.c | 10 ++++++---- src/bin/evas/evas_cserve2_index.c | 2 -- src/bin/evas/evas_cserve2_shm.c | 4 ++-- src/bin/evas/evas_cserve2_shm_debug.c | 4 ++-- src/lib/evas/cache2/evas_cache2.c | 2 +- src/lib/evas/cserve2/evas_cs2_client.c | 19 ++++++++++++++----- 7 files changed, 26 insertions(+), 17 deletions(-) diff --git a/src/bin/evas/dummy_slave.c b/src/bin/evas/dummy_slave.c index a64ec53d90..9b5638053b 100644 --- a/src/bin/evas/dummy_slave.c +++ b/src/bin/evas/dummy_slave.c @@ -170,7 +170,7 @@ int main(int c, char **v) Error_Type err; const char *file, *key; p = params; - file = (const char *)(p + sizeof(*p)); + file = (const char *)(p + 1); key = file + strlen(file) + 1; if ((err = image_open(file, key, &result)) != CSERVE2_NONE) error_send(wfd, err); diff --git a/src/bin/evas/evas_cserve2_cache.c b/src/bin/evas/evas_cserve2_cache.c index 9f92543919..4c20a72d33 100644 --- a/src/bin/evas/evas_cserve2_cache.c +++ b/src/bin/evas/evas_cserve2_cache.c @@ -1588,8 +1588,8 @@ _image_entry_new(Client *client, int rid, ref = eina_hash_find(client->files.referencing, &client_file_id); if (!ref) { - ERR("Couldn't find file id: %d, for image id: %d", - client_file_id, image_id); + ERR("Couldn't find file id for client image id: %d", + client_file_id); cserve2_client_error_send(client, rid, CSERVE2_INVALID_CACHE); return NULL; @@ -2373,7 +2373,7 @@ _font_entry_debug_size_cb(const Eina_Hash *hash EINA_UNUSED, // name if (fe->src->name) { - str = cserve2_shared_string_get(fe->src->file); + str = cserve2_shared_string_get(fe->src->name); di->size+= strlen(str) + 1; } @@ -2769,8 +2769,10 @@ try_again: 0, &unscaled, buf, sizeof(buf)); if (!orig_entry) return -1; - image_id = orig_entry->base.id; orig_data = _image_data_find(ENTRYID(orig_entry)); + if (!orig_data) return -1; + + image_id = ENTRYID(orig_entry); orig_data->unused = EINA_TRUE; fentry = _file_entry_find(orig_data->file_id); fentry->images = eina_list_append(fentry->images, orig_entry); diff --git a/src/bin/evas/evas_cserve2_index.c b/src/bin/evas/evas_cserve2_index.c index e6b13ce93e..f0d6f71a58 100644 --- a/src/bin/evas/evas_cserve2_index.c +++ b/src/bin/evas/evas_cserve2_index.c @@ -581,8 +581,6 @@ _shared_index_entry_get_by_id(Shared_Index *si, unsigned int id) for (cur = start_high; cur < si->sa->header->count; cur++) { obj = (Index_Entry *) (base + (elemsize * cur)); - if (!obj) - return NULL; if (!obj->id) return NULL; if (obj->id == id) diff --git a/src/bin/evas/evas_cserve2_shm.c b/src/bin/evas/evas_cserve2_shm.c index d95afc7782..6ccfbcd2a4 100644 --- a/src/bin/evas/evas_cserve2_shm.c +++ b/src/bin/evas/evas_cserve2_shm.c @@ -132,7 +132,7 @@ cserve2_shm_segment_request(Shm_Handle *shm, size_t size) if (!segment) return NULL; fd = shm_open(map->name, O_RDWR, S_IRUSR | S_IWUSR); - if (!fd) + if (fd == -1) { ERR("Could not reopen shm handle: %m"); free(segment); @@ -184,7 +184,7 @@ cserve2_shm_resize(Shm_Handle *shm, size_t newsize) } fd = shm_open(shm->mapping->name, O_RDWR, S_IRUSR | S_IWUSR); - if (!fd) + if (fd == -1) { ERR("Could not reopen shm handle: %m"); return NULL; diff --git a/src/bin/evas/evas_cserve2_shm_debug.c b/src/bin/evas/evas_cserve2_shm_debug.c index 10bb48453e..73b13b3e78 100644 --- a/src/bin/evas/evas_cserve2_shm_debug.c +++ b/src/bin/evas/evas_cserve2_shm_debug.c @@ -725,8 +725,8 @@ main(int argc EINA_UNUSED, char **argv EINA_UNUSED) if (isatty(STDOUT_FILENO)) { - ioctl(STDOUT_FILENO, TIOCGWINSZ, &w); - _termsize = w.ws_col; + if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &w) == 0) + _termsize = w.ws_col; } if (argc > 1) diff --git a/src/lib/evas/cache2/evas_cache2.c b/src/lib/evas/cache2/evas_cache2.c index e1a9d01120..35cceb6e65 100644 --- a/src/lib/evas/cache2/evas_cache2.c +++ b/src/lib/evas/cache2/evas_cache2.c @@ -657,7 +657,7 @@ evas_cache2_image_open(Evas_Cache2 *cache, const char *path, const char *key, Image_Timestamp tstamp; Evas_Image_Load_Opts prevent; - if ((!path) || ((!path) && (!key))) + if (!path) { *error = EVAS_LOAD_ERROR_GENERIC; return NULL; diff --git a/src/lib/evas/cserve2/evas_cs2_client.c b/src/lib/evas/cserve2/evas_cs2_client.c index 67c597a0cf..5410b0b212 100644 --- a/src/lib/evas/cserve2/evas_cs2_client.c +++ b/src/lib/evas/cserve2/evas_cs2_client.c @@ -545,7 +545,7 @@ _server_dispatch(Eina_Bool *failed) Eina_List *l, *l_next; Client_Request *cr; Msg_Base *msg; - Eina_Bool found; + Eina_Bool found = EINA_FALSE; msg = _server_read(&size); if (!msg) @@ -1691,8 +1691,9 @@ _glyph_map_remap_check(Glyph_Map *map, const char *idxpath, const char *datapath // Note: Since the shm name contains cserve2's PID it should most likely // always change in case of crash/restart - if ((datapath && strcmp(datapath, map->mempool.path)) - || (idxpath && strcmp(idxpath, map->index.path))) + if (datapath && idxpath && + ((strncmp(datapath, map->mempool.path, SHARED_BUFFER_PATH_MAX) != 0) || + (strncmp(idxpath, map->index.path, SHARED_BUFFER_PATH_MAX) != 0))) { CS_Glyph_Out *gl, *cursor; @@ -1735,7 +1736,13 @@ _glyph_map_remap_check(Glyph_Map *map, const char *idxpath, const char *datapath else { gl->sb = oldbuf; - EINA_REFCOUNT_REF(gl->sb); + if (gl->sb) + EINA_REFCOUNT_REF(gl->sb); + else + { + ERR("Glyph pool can not be remapped! (invalid refs)"); + eina_clist_remove(&gl->map_entry); + } } } @@ -1824,11 +1831,13 @@ _font_entry_glyph_map_rebuild_check(Font_Entry *fe, Font_Hint_Flags hints) if (!idxpath || !datapath) return -1; fe->map =_glyph_map_open(fe, idxpath, datapath); + if (!fe->map) return -1; + changed = EINA_TRUE; } changed |= _glyph_map_remap_check(fe->map, idxpath, datapath); - if (changed && fe->map && fe->map->index.data && fe->map->mempool.data) + if (changed && fe->map->index.data && fe->map->mempool.data) { CS_Glyph_Out *gl; const Glyph_Data *gd;