On Fri, Feb 02, 2018 at 03:51:12PM +0000, Bruce Richardson wrote:
> On Fri, Feb 02, 2018 at 03:47:43PM +0000, Bruce Richardson wrote:
> > On Fri, Feb 02, 2018 at 07:44:39AM -0500, Neil Horman wrote:
> > > On Fri, Feb 02, 2018 at 12:00:58PM +0000, Bruce Richardson wrote:
> > > > Coverity flags an issue where the resources used by the FILE object for
> > > > the temporary input file are leaked. This is a very minor issue, but is
> > > > easily fixed, while also avoiding later problems where we try to close
> > > > an invalid file descriptor in the failure case.
> > > >
> > > > The fix is to use "dup()" to get a new file descriptor number rather
> > > > than
> > > > using the value directly from fileno. This allows us to close the file
> > > > opened with tmpfile() within in scope block, while allowing the
> > > > duplicate
> > > > to pass to the outer block and be closed when the function terminates.
> > > >
> > > > As a side-effect I/O in the function is therefore changed from using
> > > > stdio
> > > > fread/fwrite to read/write system calls.
> > > >
> > > > Coverity issue: 260399
> > > > Fixes: 0d68533617e3 ("pmdinfogen: allow using stdin and stdout")
> > > >
> > > > Signed-off-by: Bruce Richardson <bruce.richard...@intel.com>
> > > > ---
> > > > buildtools/pmdinfogen/pmdinfogen.c | 16 ++++++++++------
> > > > 1 file changed, 10 insertions(+), 6 deletions(-)
> > > >
> > > > diff --git a/buildtools/pmdinfogen/pmdinfogen.c
> > > > b/buildtools/pmdinfogen/pmdinfogen.c
> > > > index 45b267346..0f35ca46b 100644
> > > > --- a/buildtools/pmdinfogen/pmdinfogen.c
> > > > +++ b/buildtools/pmdinfogen/pmdinfogen.c
> > > > @@ -50,20 +50,24 @@ static void *grab_file(const char *filename,
> > > > unsigned long *size)
> > > > /* from stdin, use a temporary file to mmap */
> > > > FILE *infile;
> > > > char buffer[1024];
> > > > - size_t n;
> > > > + int n;
> > > >
> > > > infile = tmpfile();
> > > > if (infile == NULL) {
> > > > perror("tmpfile");
> > > > return NULL;
> > > > }
> > > > - while (!feof(stdin)) {
> > > > - n = fread(buffer, 1, sizeof(buffer), stdin);
> > > > - if (fwrite(buffer, 1, n, infile) != n)
> > > > + fd = dup(fileno(infile));
> > > > + fclose(infile);
> > > > + if (fd < 0)
> > > > + return NULL;
> > > > +
> > > > + n = read(STDIN_FILENO, buffer, sizeof(buffer));
> > > > + while (n > 0) {
> > > > + if (write(fd, buffer, n) != n)
> > > > goto failed;
> > > > + n = read(STDIN_FILENO, buffer, sizeof(buffer));
> > > > }
> > > > - fflush(infile);
> > > > - fd = fileno(infile);
> > > > }
> > > >
> > > > if (fstat(fd, &st))
> > > > --
> > > > 2.14.3
> > > >
> > > >
> > >
> > > Wouldn't it be just as good, and easier to check fd for == -1 as a
> > > condition of
> > > calling close?
> > >
> > > like
> > > failed:
> > > if (fd >= 0)
> > > close(fd);
> > >
> > That would fix the problem of calling goto failed with fd set to -1, but
> > would not fix the resource issue that coverity was complaining about. We
> > were allocating a stdio FILE object, then taking just the fileno of it
> > and letting the file number go out of scope. This cleans this that up,
> s/file number/FILE object ptr/
>
Yeah, Ok, I can see that, though I still think its a bit of a false positive,
since the definition of tmpfile says it will automatically unlink the file on
process exit. No matter though, what you have is an improvement regardless.
> > so that we just use file numbers and properly close the FILE * once it's
> > outlived its usefulness.
> >
> > BTW: I did investigate using open and O_TMPFILE in place of tmpfile()
> > call, but while it would work great on Linux, it's not available
> > elsewhere, so tmpfile looks the best option.
> >
yeah, thats both OS and filesystem specific, I wouldn't trust it too much.
Acked-by: Neil Horman <nhor...@tuxdriver.com>
> > Regards,
> > /Bruce
>
