Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Jun 2017 17:13:02 -0700
From:      Conrad Meyer <cem@freebsd.org>
To:        Maxim Sobolev <sobomax@freebsd.org>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,  svn-src-head@freebsd.org
Subject:   Re: svn commit: r320048 - head/usr.bin/mkuzip
Message-ID:  <CAG6CVpVrWA0J6LyRFvXc3LKmLH5O0HekkrgGmMtCBoM2Vg4cjA@mail.gmail.com>
In-Reply-To: <201706170258.v5H2wWCT006080@repo.freebsd.org>
References:  <201706170258.v5H2wWCT006080@repo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
ffd is leaked in return paths.  Coverity CID 1376420.

On Fri, Jun 16, 2017 at 7:58 PM, Maxim Sobolev <sobomax@freebsd.org> wrote:
> Author: sobomax
> Date: Sat Jun 17 02:58:31 2017
> New Revision: 320048
> URL: https://svnweb.freebsd.org/changeset/base/320048
>
> Log:
>   o Move logic that determines size of the input image into its own
>     file. That logic has grown quite significantly now;
>
>   o add a special handling for the snapshot images. Those have some
>     extra headers at the end of the image and we don't need those
>     in the output image really.
>
>   MFC after:    6 weeks
>
> ...
> Added: head/usr.bin/mkuzip/mkuz_insize.c
> ...
> +off_t
> +mkuz_get_insize(struct mkuz_cfg *cfp)
> +{
> +       int ffd;
> +       off_t ms;
> +       struct stat sb;
> +       struct statfs statfsbuf;
> +
> +       if (fstat(cfp->fdr, &sb) != 0) {
> +               warn("fstat(%s)", cfp->iname);
> +               return (-1);
> +       }
> +       if ((sb.st_flags & SF_SNAPSHOT) != 0) {
> +               if (fstatfs(cfp->fdr, &statfsbuf) != 0) {
> +                       warn("fstatfs(%s)", cfp->iname);
> +                       return (-1);
> +               }
> +               ffd = open(statfsbuf.f_mntfromname, O_RDONLY);
> +               if (ffd < 0) {
> +                       warn("open(%s, O_RDONLY)", statfsbuf.f_mntfromname);
> +                       return (-1);
> +               }
> +               if (ioctl(ffd, DIOCGMEDIASIZE, &ms) < 0) {
> +                       warn("ioctl(DIOCGMEDIASIZE)");
> +                       return (-1);

ffd leaked here.

> +               }

ffd also leaked here via fallthrough return.

> +               sb.st_size = ms;
> +       } else if (S_ISCHR(sb.st_mode)) {
> +               if (ioctl(cfp->fdr, DIOCGMEDIASIZE, &ms) < 0) {
> +                       warn("ioctl(DIOCGMEDIASIZE)");
> +                       return (-1);
> +               }
> +               sb.st_size = ms;
> +       } else if (!S_ISREG(sb.st_mode)) {
> +               warnx("%s: not a character device or regular file\n",
> +                       cfp->iname);
> +               return (-1);
> +       }
> +       return (sb.st_size);
> +}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpVrWA0J6LyRFvXc3LKmLH5O0HekkrgGmMtCBoM2Vg4cjA>