* [PATCH 0/4] v4l-utils: Some fixes for Coverity issues
@ 2013-07-25 13:09 Gregor Jasny
2013-07-25 13:09 ` [PATCH 1/4] xc3082: Fix use after free in free_firmware() Gregor Jasny
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Gregor Jasny @ 2013-07-25 13:09 UTC (permalink / raw)
To: linux-media; +Cc: Gregor Jasny
Hello,
the following patches fix issues that the Coverity static analyzer found
in v4l-utils.
Please review.
Thanks,
Gregor
Gregor Jasny (4):
xc3082: Fix use after free in free_firmware()
libdvbv5: Fix reallocation in parse_lcn
rds-ctl: Always terminate strings properly
libdvbv5: Fix copy and paste error in parse_service()
lib/libdvbv5/descriptors.c | 6 +++---
utils/rds-ctl/rds-ctl.cpp | 14 +++++++-------
utils/xc3028-firmware/firmware-tool.c | 2 +-
3 files changed, 11 insertions(+), 11 deletions(-)
--
1.8.3.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/4] xc3082: Fix use after free in free_firmware()
2013-07-25 13:09 [PATCH 0/4] v4l-utils: Some fixes for Coverity issues Gregor Jasny
@ 2013-07-25 13:09 ` Gregor Jasny
2013-07-25 13:09 ` [PATCH 2/4] libdvbv5: Fix reallocation in parse_lcn Gregor Jasny
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Gregor Jasny @ 2013-07-25 13:09 UTC (permalink / raw)
To: linux-media; +Cc: Gregor Jasny, Mauro Carvalho Chehab
Detected by Coverity Scanner.
CC: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
---
utils/xc3028-firmware/firmware-tool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/xc3028-firmware/firmware-tool.c b/utils/xc3028-firmware/firmware-tool.c
index b2e9de4..a7850df 100644
--- a/utils/xc3028-firmware/firmware-tool.c
+++ b/utils/xc3028-firmware/firmware-tool.c
@@ -86,13 +86,13 @@ static struct firmware* alloc_firmware(void) {
static void free_firmware(struct firmware *f) {
free(f->name);
- free(f->desc);
if(f->desc) {
unsigned int i = 0;
for(i = 0; i < f->nr_desc; ++ i) {
free(f->desc[i].data);
}
}
+ free(f->desc);
free(f);
}
--
1.8.3.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/4] libdvbv5: Fix reallocation in parse_lcn
2013-07-25 13:09 [PATCH 0/4] v4l-utils: Some fixes for Coverity issues Gregor Jasny
2013-07-25 13:09 ` [PATCH 1/4] xc3082: Fix use after free in free_firmware() Gregor Jasny
@ 2013-07-25 13:09 ` Gregor Jasny
2013-07-25 13:09 ` [PATCH 3/4] rds-ctl: Always terminate strings properly Gregor Jasny
2013-07-25 13:09 ` [PATCH 4/4] libdvbv5: Fix copy and paste error in parse_service() Gregor Jasny
3 siblings, 0 replies; 6+ messages in thread
From: Gregor Jasny @ 2013-07-25 13:09 UTC (permalink / raw)
To: linux-media; +Cc: Gregor Jasny, Mauro Carvalho Chehab
Detected by Coverity.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
CC: Mauro Carvalho Chehab <mchehab@infradead.org>
---
lib/libdvbv5/descriptors.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libdvbv5/descriptors.c b/lib/libdvbv5/descriptors.c
index 73338d8..99d8fa3 100644
--- a/lib/libdvbv5/descriptors.c
+++ b/lib/libdvbv5/descriptors.c
@@ -758,7 +758,7 @@ static void parse_lcn(struct nit_table *nit_table,
for (i = 0; i < dlen; i+= 4, p+= 4) {
struct lcn_table **lcn = &nit_table->lcn;
- *lcn = realloc(*lcn, (n + 1) * sizeof(*lcn));
+ *lcn = realloc(*lcn, (n + 1) * sizeof(**lcn));
(*lcn)[n].service_id = p[0] << 8 | p[1];
(*lcn)[n].lcn = (p[2] << 8 | p[3]) & 0x3ff;
nit_table->lcn_len++;
--
1.8.3.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/4] rds-ctl: Always terminate strings properly
2013-07-25 13:09 [PATCH 0/4] v4l-utils: Some fixes for Coverity issues Gregor Jasny
2013-07-25 13:09 ` [PATCH 1/4] xc3082: Fix use after free in free_firmware() Gregor Jasny
2013-07-25 13:09 ` [PATCH 2/4] libdvbv5: Fix reallocation in parse_lcn Gregor Jasny
@ 2013-07-25 13:09 ` Gregor Jasny
2013-07-25 13:27 ` Hans Verkuil
2013-07-25 13:09 ` [PATCH 4/4] libdvbv5: Fix copy and paste error in parse_service() Gregor Jasny
3 siblings, 1 reply; 6+ messages in thread
From: Gregor Jasny @ 2013-07-25 13:09 UTC (permalink / raw)
To: linux-media; +Cc: Gregor Jasny, Hans Verkuil
Detected by Coverity.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
CC: Hans Verkuil <hverkuil@xs4all.nl>
---
utils/rds-ctl/rds-ctl.cpp | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/utils/rds-ctl/rds-ctl.cpp b/utils/rds-ctl/rds-ctl.cpp
index a9fe2a8..74972eb 100644
--- a/utils/rds-ctl/rds-ctl.cpp
+++ b/utils/rds-ctl/rds-ctl.cpp
@@ -762,13 +762,11 @@ static int parse_cl(int argc, char **argv)
params.options[(int)opt] = 1;
switch (opt) {
case OptSetDevice:
- strncpy(params.fd_name, optarg, 80);
+ strncpy(params.fd_name, optarg, sizeof(params.fd_name));
if (optarg[0] >= '0' && optarg[0] <= '9' && strlen(optarg) <= 3) {
- static char newdev[20];
-
- sprintf(newdev, "/dev/radio%s", optarg);
- strncpy(params.fd_name, newdev, 20);
+ snprintf(params.fd_name, sizeof(params.fd_name), "/dev/radio%s", optarg);
}
+ params.fd_name[sizeof(params.fd_name) - 1] = '\0';
break;
case OptSetFreq:
params.freq = strtod(optarg, NULL);
@@ -786,7 +784,8 @@ static int parse_cl(int argc, char **argv)
{
if (access(optarg, F_OK) != -1) {
params.filemode_active = true;
- strncpy(params.fd_name, optarg, 80);
+ strncpy(params.fd_name, optarg, sizeof(params.fd_name));
+ params.fd_name[sizeof(params.fd_name) - 1] = '\0';
} else {
fprintf(stderr, "Unable to open file: %s\n", optarg);
return -1;
@@ -1006,7 +1005,8 @@ int main(int argc, char **argv)
fprintf(stderr, "No RDS-capable device found\n");
exit(1);
}
- strncpy(params.fd_name, devices[0].c_str(), 80);
+ strncpy(params.fd_name, devices[0].c_str(), sizeof(params.fd_name));
+ params.fd_name[sizeof(params.fd_name) - 1] = '\0';
printf("Using device: %s\n", params.fd_name);
}
if ((fd = test_open(params.fd_name, O_RDONLY | O_NONBLOCK)) < 0) {
--
1.8.3.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/4] libdvbv5: Fix copy and paste error in parse_service()
2013-07-25 13:09 [PATCH 0/4] v4l-utils: Some fixes for Coverity issues Gregor Jasny
` (2 preceding siblings ...)
2013-07-25 13:09 ` [PATCH 3/4] rds-ctl: Always terminate strings properly Gregor Jasny
@ 2013-07-25 13:09 ` Gregor Jasny
3 siblings, 0 replies; 6+ messages in thread
From: Gregor Jasny @ 2013-07-25 13:09 UTC (permalink / raw)
To: linux-media; +Cc: Gregor Jasny, Mauro Carvalho Chehab, André Roth
Detected by Coverity.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
CC: Mauro Carvalho Chehab <mchehab@infradead.org>
CC: André Roth <neolynx@gmail.com>
---
lib/libdvbv5/descriptors.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/libdvbv5/descriptors.c b/lib/libdvbv5/descriptors.c
index 99d8fa3..9b6b050 100644
--- a/lib/libdvbv5/descriptors.c
+++ b/lib/libdvbv5/descriptors.c
@@ -787,9 +787,9 @@ static void parse_service(struct dvb_v5_fe_parms *parms, struct service_table *s
if (verbose) {
if (service_table->provider_name)
printf("Provider %s", service_table->provider_name);
- if (service_table->service_alias)
+ if (service_table->provider_alias)
printf("(%s)", service_table->provider_alias);
- if (service_table->provider_name || service_table->service_alias)
+ if (service_table->provider_name || service_table->provider_alias)
printf("\n");
if (service_table->service_name)
printf("Service %s", service_table->service_name);
--
1.8.3.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 3/4] rds-ctl: Always terminate strings properly
2013-07-25 13:09 ` [PATCH 3/4] rds-ctl: Always terminate strings properly Gregor Jasny
@ 2013-07-25 13:27 ` Hans Verkuil
0 siblings, 0 replies; 6+ messages in thread
From: Hans Verkuil @ 2013-07-25 13:27 UTC (permalink / raw)
To: Gregor Jasny; +Cc: linux-media
On Thu 25 July 2013 15:09:33 Gregor Jasny wrote:
> Detected by Coverity.
>
> Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
> CC: Hans Verkuil <hverkuil@xs4all.nl>
Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com>
Thanks!
Hans
> ---
> utils/rds-ctl/rds-ctl.cpp | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/utils/rds-ctl/rds-ctl.cpp b/utils/rds-ctl/rds-ctl.cpp
> index a9fe2a8..74972eb 100644
> --- a/utils/rds-ctl/rds-ctl.cpp
> +++ b/utils/rds-ctl/rds-ctl.cpp
> @@ -762,13 +762,11 @@ static int parse_cl(int argc, char **argv)
> params.options[(int)opt] = 1;
> switch (opt) {
> case OptSetDevice:
> - strncpy(params.fd_name, optarg, 80);
> + strncpy(params.fd_name, optarg, sizeof(params.fd_name));
> if (optarg[0] >= '0' && optarg[0] <= '9' && strlen(optarg) <= 3) {
> - static char newdev[20];
> -
> - sprintf(newdev, "/dev/radio%s", optarg);
> - strncpy(params.fd_name, newdev, 20);
> + snprintf(params.fd_name, sizeof(params.fd_name), "/dev/radio%s", optarg);
> }
> + params.fd_name[sizeof(params.fd_name) - 1] = '\0';
> break;
> case OptSetFreq:
> params.freq = strtod(optarg, NULL);
> @@ -786,7 +784,8 @@ static int parse_cl(int argc, char **argv)
> {
> if (access(optarg, F_OK) != -1) {
> params.filemode_active = true;
> - strncpy(params.fd_name, optarg, 80);
> + strncpy(params.fd_name, optarg, sizeof(params.fd_name));
> + params.fd_name[sizeof(params.fd_name) - 1] = '\0';
> } else {
> fprintf(stderr, "Unable to open file: %s\n", optarg);
> return -1;
> @@ -1006,7 +1005,8 @@ int main(int argc, char **argv)
> fprintf(stderr, "No RDS-capable device found\n");
> exit(1);
> }
> - strncpy(params.fd_name, devices[0].c_str(), 80);
> + strncpy(params.fd_name, devices[0].c_str(), sizeof(params.fd_name));
> + params.fd_name[sizeof(params.fd_name) - 1] = '\0';
> printf("Using device: %s\n", params.fd_name);
> }
> if ((fd = test_open(params.fd_name, O_RDONLY | O_NONBLOCK)) < 0) {
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-07-25 13:27 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-25 13:09 [PATCH 0/4] v4l-utils: Some fixes for Coverity issues Gregor Jasny
2013-07-25 13:09 ` [PATCH 1/4] xc3082: Fix use after free in free_firmware() Gregor Jasny
2013-07-25 13:09 ` [PATCH 2/4] libdvbv5: Fix reallocation in parse_lcn Gregor Jasny
2013-07-25 13:09 ` [PATCH 3/4] rds-ctl: Always terminate strings properly Gregor Jasny
2013-07-25 13:27 ` Hans Verkuil
2013-07-25 13:09 ` [PATCH 4/4] libdvbv5: Fix copy and paste error in parse_service() Gregor Jasny
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.