Author: asomers
Date: Thu Feb 2 19:50:28 2017
New Revision: 313103
URL: https://svnweb.freebsd.org/changeset/base/313103
Log:
MFC r311160, r311210, r311288, r311292, r311298, r311340
r311160:
misc minor fixes in mpr(4)
sys/dev/mpr/mpr_sas.c
* Fix a potential null pointer dereference (CID 1305731)
* Check for overrun of the ccb_scsiio.cdb_io.cdb_bytes buffer (CID
1211934)
sys/dev/mpr/mpr_sas_lsi.c
* Nullify a dangling pointer in mprsas_get_sata_identify
* Fix a memory leak in mprsas_SSU_to_SATA_devices (CID 1211935)
Reported by: Coverity (partially)
CID: 1305731 1211934 1211935
Reviewed by: slm
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D8880
r311210:
Quell Coverity for diskinfo(8)
* CID 1198994: Don't run the speed disk on a disk with no sectors
* CID 1011442: Don't call close(2) if open(2) fails
* CID 1011161: Use snprintf instead of sprintf
* CID 1009825: Check the return value of lseek
Reported by: Coverity
CID: 1198994 1011442 1011161 1009825
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311288:
Delete dead code in chat(8)
It's always been dead, ever since first import in 1994. It's still dead in
OpenBSD's version, too.
Reported by: Coverity
CID: 270586
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311292:
Remove dead code in rpc_parse.c
It's been dead ever since it was imported from TI-RPC in 1995. The dead
code is still present in Illumos today, but was removed from NetBSD in 2006.
Reported by: Coverity
CID: 270097
Obtained from: NetBSD
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311298:
Remove dead code in dhclient(8)
The offending code has been dead ever since the import from OpenBSD in
r195805. OpenBSD later deleted that entire function.
Reported by: Coverity
CID: 500059
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
r311340:
Misc Coverity fixes for tail(1)
CID 1006402: Initialize stack variable
CID 271580: Don't leak memory when ENOMEM.
Reported by: Coverity
CID: 271580 1006402
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Modified:
stable/10/sbin/dhclient/dispatch.c
stable/10/sys/dev/mpr/mpr_sas.c
stable/10/sys/dev/mpr/mpr_sas_lsi.c
stable/10/usr.bin/chat/chat.c
stable/10/usr.bin/rpcgen/rpc_parse.c
stable/10/usr.bin/tail/reverse.c
stable/10/usr.sbin/diskinfo/diskinfo.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sbin/dhclient/dispatch.c
==============================================================================
--- stable/10/sbin/dhclient/dispatch.c Thu Feb 2 19:23:07 2017
(r313102)
+++ stable/10/sbin/dhclient/dispatch.c Thu Feb 2 19:50:28 2017
(r313103)
@@ -453,16 +453,12 @@ add_protocol(char *name, int fd, void (*
void
remove_protocol(struct protocol *proto)
{
- struct protocol *p, *next, *prev;
+ struct protocol *p, *next;
- prev = NULL;
for (p = protocols; p; p = next) {
next = p->next;
if (p == proto) {
- if (prev)
- prev->next = p->next;
- else
- protocols = p->next;
+ protocols = p->next;
free(p);
}
}
Modified: stable/10/sys/dev/mpr/mpr_sas.c
==============================================================================
--- stable/10/sys/dev/mpr/mpr_sas.c Thu Feb 2 19:23:07 2017
(r313102)
+++ stable/10/sys/dev/mpr/mpr_sas.c Thu Feb 2 19:50:28 2017
(r313103)
@@ -1846,8 +1846,12 @@ mprsas_action_scsiio(struct mprsas_softc
if (csio->ccb_h.flags & CAM_CDB_POINTER)
bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len);
- else
+ else {
+ KASSERT(csio->cdb_len <= IOCDBLEN,
+ ("cdb_len %d is greater than IOCDBLEN but CAM_CDB_POINTER
is not set",
+ csio->cdb_len));
bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len);
+ }
req->IoFlags = htole16(csio->cdb_len);
/*
@@ -2429,6 +2433,7 @@ mprsas_scsiio_complete(struct mpr_softc
* driver is being shutdown.
*/
if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) &&
+ (csio->data_ptr != NULL) &&
((csio->data_ptr[0] & 0x1f) == T_DIRECT) &&
(sc->mapping_table[target_id].device_info &
MPI2_SAS_DEVICE_INFO_SATA_DEVICE) &&
Modified: stable/10/sys/dev/mpr/mpr_sas_lsi.c
==============================================================================
--- stable/10/sys/dev/mpr/mpr_sas_lsi.c Thu Feb 2 19:23:07 2017
(r313102)
+++ stable/10/sys/dev/mpr/mpr_sas_lsi.c Thu Feb 2 19:50:28 2017
(r313103)
@@ -1056,6 +1056,7 @@ out:
mpr_free_command(sc, cm);
else if (error == 0)
error = EWOULDBLOCK;
+ cm->cm_data = NULL;
free(buffer, M_MPR);
return (error);
}
@@ -1196,18 +1197,18 @@ mprsas_SSU_to_SATA_devices(struct mpr_so
continue;
}
- ccb = xpt_alloc_ccb_nowait();
- if (ccb == NULL) {
- mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB to stop "
- "unit.\n");
- return;
- }
-
/*
* The stop_at_shutdown flag will be set if this device is
* a SATA direct-access end device.
*/
if (target->stop_at_shutdown) {
+ ccb = xpt_alloc_ccb_nowait();
+ if (ccb == NULL) {
+ mpr_dprint(sc, MPR_FAULT, "Unable to alloc CCB
to stop "
+ "unit.\n");
+ return;
+ }
+
if (xpt_create_path(&ccb->ccb_h.path, xpt_periph,
pathid, targetid, CAM_LUN_WILDCARD) !=
CAM_REQ_CMP) {
Modified: stable/10/usr.bin/chat/chat.c
==============================================================================
--- stable/10/usr.bin/chat/chat.c Thu Feb 2 19:23:07 2017
(r313102)
+++ stable/10/usr.bin/chat/chat.c Thu Feb 2 19:50:28 2017
(r313103)
@@ -1173,7 +1173,7 @@ int
get_string(char *string)
{
char temp[STR_LEN];
- int c, printed = 0;
+ int c;
size_t len, minlen;
char *s = temp, *end = s + STR_LEN;
char *logged = temp;
@@ -1306,13 +1306,6 @@ get_string(char *string)
alarm(0);
- if (verbose && printed) {
- if (alarmed)
- chat_logf(" -- read timed out");
- else
- chat_logf(" -- read failed: %m");
- }
-
exit_code = 3;
alarmed = 0;
return (0);
Modified: stable/10/usr.bin/rpcgen/rpc_parse.c
==============================================================================
--- stable/10/usr.bin/rpcgen/rpc_parse.c Thu Feb 2 19:23:07 2017
(r313102)
+++ stable/10/usr.bin/rpcgen/rpc_parse.c Thu Feb 2 19:50:28 2017
(r313103)
@@ -290,7 +290,6 @@ def_union(definition *defp)
declaration dec;
case_list *cases;
case_list **tailp;
- int flag;
defp->def_kind = DEF_UNION;
scan(TOK_IDENT, &tok);
@@ -309,7 +308,6 @@ def_union(definition *defp)
cases->case_name = tok.str;
scan(TOK_COLON, &tok);
/* now peek at next token */
- flag = 0;
if (peekscan(TOK_CASE, &tok)){
do {
scan2(TOK_IDENT, TOK_CHARCONST, &tok);
@@ -322,14 +320,6 @@ def_union(definition *defp)
scan(TOK_COLON, &tok);
} while (peekscan(TOK_CASE, &tok));
}
- else
- if (flag)
- {
-
- *tailp = cases;
- tailp = &cases->next;
- cases = XALLOC(case_list);
- };
get_declaration(&dec, DEF_UNION);
cases->case_decl = dec;
Modified: stable/10/usr.bin/tail/reverse.c
==============================================================================
--- stable/10/usr.bin/tail/reverse.c Thu Feb 2 19:23:07 2017
(r313102)
+++ stable/10/usr.bin/tail/reverse.c Thu Feb 2 19:50:28 2017
(r313103)
@@ -117,6 +117,7 @@ r_reg(FILE *fp, const char *fn, enum STY
map.start = NULL;
map.mapoff = map.maxoff = size;
map.fd = fileno(fp);
+ map.maplen = 0;
/*
* Last char is special, ignore whether newline or not. Note that
@@ -205,7 +206,13 @@ r_buf(FILE *fp, const char *fn)
(tl->l = malloc(BSZ)) == NULL) {
if (!mark)
err(1, "malloc");
- tl = enomem ? tl->next : mark;
+ if (enomem)
+ tl = tl->next;
+ else {
+ if (tl)
+ free(tl);
+ tl = mark;
+ }
enomem += tl->len;
} else if (mark) {
tl->next = mark;
Modified: stable/10/usr.sbin/diskinfo/diskinfo.c
==============================================================================
--- stable/10/usr.sbin/diskinfo/diskinfo.c Thu Feb 2 19:23:07 2017
(r313102)
+++ stable/10/usr.sbin/diskinfo/diskinfo.c Thu Feb 2 19:50:28 2017
(r313103)
@@ -89,13 +89,12 @@ main(int argc, char **argv)
for (i = 0; i < argc; i++) {
fd = open(argv[i], O_RDONLY);
if (fd < 0 && errno == ENOENT && *argv[i] != '/') {
- sprintf(buf, "%s%s", _PATH_DEV, argv[i]);
+ snprintf(buf, BUFSIZ, "%s%s", _PATH_DEV, argv[i]);
fd = open(buf, O_RDONLY);
}
if (fd < 0) {
warn("%s", argv[i]);
- exitval = 1;
- goto out;
+ exit(1);
}
error = ioctl(fd, DIOCGMEDIASIZE, &mediasize);
if (error) {
@@ -176,7 +175,8 @@ rdsect(int fd, off_t blockno, u_int sect
{
int error;
- lseek(fd, (off_t)blockno * sectorsize, SEEK_SET);
+ if (lseek(fd, (off_t)blockno * sectorsize, SEEK_SET) == -1)
+ err(1, "lseek");
error = read(fd, sector, sectorsize);
if (error == -1)
err(1, "read");
@@ -241,6 +241,9 @@ speeddisk(int fd, off_t mediasize, u_int
off_t b0, b1, sectorcount, step;
sectorcount = mediasize / sectorsize;
+ if (sectorcount <= 0)
+ return; /* Can't test devices with no sectors */
+
step = 1ULL << (flsll(sectorcount / (4 * 200)) - 1);
if (step > 16384)
step = 16384;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
