Fix 22 covs in linux-core-dump

2025-02-03 12:12:06 +00:00 · 2016-05-23 11:19:29 +02:00 · 2016-05-23 11:19:29 +02:00 · 2f908ce238
commit 2f908ce238
parent ff24d2921c
1 changed files with 66 additions and 33 deletions
--- a/libr/debug/p/native/linux/linux_coredump.c
+++ b/libr/debug/p/native/linux/linux_coredump.c
@ -277,10 +277,13 @@ static bool has_map_deleted_part(char *name) {
 }

 static bool getAnonymousValue(char *keyw) {
-	for (keyw = strchr (keyw, ' '); isspace (*keyw); keyw ++) {
-		/* nothing here */
+	if (!keyw) return false;
+	keyw = strchr (keyw, ' ');
+	if (!keyw) return false;
+	while (*keyw && isspace (*keyw)) {
+		keyw ++;
 	}
-	return *keyw != '0';
+	return *keyw && *keyw != '0';
 }

 static char *isAnonymousKeyword(const char *pp) {
@ -291,11 +294,10 @@ static char *isAnonymousKeyword(const char *pp) {
 }

 static bool has_map_anonymous_content(char *buff_smaps, ut64 start_addr, ut64 end_addr) {
-	char *p, *pp, *extern_tok, *keyw;
-	bool is_anonymous;
-
-	char *identity = r_str_newf ("%08"PFMT64x"-%08"PFMT64x"", start_addr, end_addr);
+	char *p, *pp, *extern_tok, *keyw = NULL;
+	char *identity = r_str_newf ("%08"PFMT64x"-%08"PFMT64x, start_addr, end_addr);
 	char *str = strdup (buff_smaps);
+	bool is_anonymous;

 	p = strtok_r (str, "\n", &extern_tok);
 	for (; p; p = strtok_r (NULL, "\n", &extern_tok)) {
@ -310,13 +312,16 @@ static bool has_map_anonymous_content(char *buff_smaps, ut64 start_addr, ut64 en
 			}
 		}
 	}
+	free (identity);
 	free (str);
 	return 0;
 }

 static bool dump_this_map(char *buff_smaps, ut64 start_addr, ut64 end_addr, bool file_backed, bool anonymous, ut8 perms, ut8 filter_flags) {
-	char *identity, *aux, *p, *pp, *ppp, *extern_tok, *flags_str;
+	char *p, *pp, *ppp, *extern_tok, *flags_str;
+	char *identity = NULL;
 	bool found = false;
+	char *aux = NULL;
 	ut8 vmflags;

 	/* if the map doesn't have r/w quit right here */
@ -330,9 +335,16 @@ static bool dump_this_map(char *buff_smaps, ut64 start_addr, ut64 end_addr, bool
 			start_addr, end_addr, file_backed, anonymous, filter_flags);
 #endif
 	identity = r_str_newf ("%08"PFMT64x"-%08"PFMT64x"", start_addr, end_addr);
+	if (!identity) {
+		return false;
+	}
 	vmflags = 0;
 	flags_str = NULL;
 	aux = strdup (buff_smaps);
+	if (!aux) {
+		free (identity);
+		return false;
+	}

 	pp = strtok_r (aux, "\n", &extern_tok);
 	for (; pp ; pp = strtok_r (NULL, "\n", &extern_tok)) {
@ -348,11 +360,17 @@ static bool dump_this_map(char *buff_smaps, ut64 start_addr, ut64 end_addr, bool
 	}

 	if (!flags_str && !found) {
+		/* if we don't have VmFlags, just dump it. I'll fix it later on */
 		eprintf ("VmFlags: not found\n");
-		return true;	/* if we don't have VmFlags, just dump it. I'll fix it later on */
+		free (identity);
+		free (aux);
+		return true;
 	}

 	flags_str = strchr (flags_str, ' ');
+	if (!flags_str) {
+		goto fail;
+	}
 	while (*flags_str++ == ' ') {
 		/* nothing here */
 	}
@ -386,54 +404,61 @@ static bool dump_this_map(char *buff_smaps, ut64 start_addr, ut64 end_addr, bool
 	eprintf ("vmflags: %u\n", vmflags);
 	/* first check for dd and io flags */
 	if ((vmflags & DD_FLAG) || (vmflags & IO_FLAG)) {
-		return false;
+		goto fail;
 	}

 	if (vmflags & HT_FLAG) {
 		if ((filter_flags & MAP_HUG_PRIV) && anonymous) {
 			eprintf ("filter_flags & MAP_HUG_PRIV\n");
-			return true;
+			goto beach:
 		}
 		if (filter_flags & MAP_HUG_SHR) {
 			eprintf ("filter_flags & MAP_HUG_SHR\n");
-			return true;
+			goto beach;
 		}
 	}

 	if (vmflags & SH_FLAG) {
 		if (filter_flags & MAP_ANON_SHR) {
 			eprintf ("filter_flags & MAP_ANON_SHR\n");
-			return true;
+			goto beach;
 		}
 		if (filter_flags & MAP_HUG_SHR) {
 			eprintf ("filter_flags & MAP_HUG_SHR\n");
-			return true;
+			goto beach;
 		}
 	}

 	if (vmflags & PV_FLAG) {
 		if ((filter_flags & MAP_ANON_PRIV) && anonymous) {
 			eprintf ("filter_flags & MAP_ANON_PRIV\n");
-			return true;
+			goto beach;
 		}
 		if ((filter_flags & MAP_HUG_PRIV) && anonymous) {
 			eprintf ("filter_flags & MAP_HUG_PRIV\n");
-			return true;
+			goto beach;
 		}
 	}
 	if (file_backed) {
 		if (filter_flags & MAP_FILE_PRIV) {
 			eprintf ("filter_flags & MAP_FILE_PRIV\n");
-			return true;
+			goto beach;
 		}
 		if (filter_flags & MAP_FILE_SHR) {
 			eprintf ("filter_flags & MAP_FILE_PRIV\n");
-			return true;
+			goto beach;
 		}
 	}

 	eprintf ("dump_this_map: nothing found, returning false\n");
+fail:
+	free (identity);
+	free (aux);
 	return false;
+beach:
+	free (identity);
+	free (aux);
+	return true;
 }

 static void clean_maps(linux_map_entry_t *h) {
@ -446,7 +471,7 @@ static void clean_maps(linux_map_entry_t *h) {
 }

 static linux_map_entry_t *linux_get_mapped_files(RDebug *dbg, ut8 filter_flags) {
-	char *buff, *buff_smaps, *file, *name, *p, *end_line, *end_token;
+	char *buff = NULL, *buff_smaps, *file, *name, *p, *end_line, *end_token;
 	linux_map_entry_t *me_head, *me_tail;
 	ut64 start_addr, end_addr, offset;
 	linux_map_entry_t *pmentry;
@ -473,8 +498,7 @@ static linux_map_entry_t *linux_get_mapped_files(RDebug *dbg, ut8 filter_flags)
 		eprintf ("r_file_slurp buff == NULL\n");
 		goto error;
 	}
-
-	free (file);
+	R_FREE (file);

 	p = strtok_r (buff, "\n", &end_line);
 	while (p) {
@ -489,7 +513,7 @@ static linux_map_entry_t *linux_get_mapped_files(RDebug *dbg, ut8 filter_flags)
 			case PERM:
 				get_map_perms (pp, &flag_perm);
 				break;
-			case OFFSET:
+			case OFFSET: /* XXX this is not used acording to coverity */
 				get_map_offset (pp, &offset);
 				break;
 			case DEV:
@ -586,7 +610,7 @@ error:
 }

 static auxv_buff_t *linux_get_auxv(RDebug *dbg) {
-	char *buff;
+	char *buff = NULL;
 	auxv_buff_t *auxv = NULL;
 	int auxv_entries;
 	int size;
@ -603,6 +627,7 @@ static auxv_buff_t *linux_get_auxv(RDebug *dbg) {
 	if (auxv_entries > 0) {
 		auxv = R_NEW0 (auxv_buff_t);
 		if (!auxv) {
+			free (buff);
 			return NULL;
 		}
 		auxv->size = size;
@ -641,6 +666,7 @@ static Elf64_Ehdr *build_elf_hdr(int n_segments) {
 	for (pad_byte = EI_PAD; pad_byte < EI_NIDENT; pad_byte++) {
 		h->e_ident[pad_byte] = '\0';
 	}
+	/* buffer overrun here */
 	h->e_ident[EI_NIDENT] = EI_NIDENT;
 	h->e_type = ET_CORE; /* CORE */
 	h->e_machine = EM_X86_64;
@ -721,7 +747,7 @@ static void *get_nt_data(linux_map_entry_t *head, size_t *nt_file_size) {
 }

 static ut8 *build_note_section(linux_elf_note_t *sec_note, size_t *size_note_section) {
-	const char *n_core = "CORE";
+	const char n_core[] = "CORE";
 	elf_fpregset_t *fp_regset;
 	linux_map_entry_t *maps;
 	prpsinfo_t *prpsinfo;
@ -862,19 +888,19 @@ static ut8 *build_note_section(linux_elf_note_t *sec_note, size_t *size_note_sec
 	memcpy (note_data, maps_data, size_nt_file_pad);
 	note_data += size_nt_file_pad;
 	note_data = pnote_data;
+	free (maps_data);
 	return note_data;
 }

 static bool dump_elf_pheaders(RBuffer *dest, linux_elf_note_t *sec_note, st64 *offset) {
-	Elf64_Phdr phdr;
-	linux_map_entry_t *me_p;
 	size_t note_section_size;
-	ut8 *note_data;
-	bool ret;
+	linux_map_entry_t *me_p;
 	st64 offset_to_next;
+	Elf64_Phdr phdr;
+	bool ret;

 	eprintf ("offset_to_note: %"PFMT64d"\n", *offset);
-	note_data = build_note_section (sec_note, &note_section_size);
+	ut8 *note_data = build_note_section (sec_note, &note_section_size);
 	if (!note_data)	return false;
 	eprintf ("note_section_size : %ld\n", note_section_size);

@ -920,7 +946,6 @@ static bool dump_elf_pheaders(RBuffer *dest, linux_elf_note_t *sec_note, st64 *o
 	}

 	*offset = offset_to_next;
-	eprintf ("pheaders writen\n");

 	ret = r_buf_append_bytes (dest, (const ut8*)note_data, note_section_size);
 	if (!ret) {
@ -928,7 +953,7 @@ static bool dump_elf_pheaders(RBuffer *dest, linux_elf_note_t *sec_note, st64 *o
 		free (note_data);
 		return false;
 	}
-	eprintf ("note writen\n");
+	free (note_data);
 	return true;
 }

@ -1019,10 +1044,11 @@ static proc_stat_content_t *get_proc_content(RDebug *dbg) {
 	buff = r_file_slurp (file, &size);
 	if (!buff) {
 		eprintf ("get_proc_stat: r_file_slurp error\n");
+		free (file);
 		return NULL;
 	}
+	R_FREE (file);

-	free (file);
 	p = R_NEW0 (proc_stat_content_t);
 	if (!p) {
 		eprintf ("get_proc_content: proc_stat_content_t\n");
@ -1057,6 +1083,11 @@ static proc_stat_content_t *get_proc_content(RDebug *dbg) {

 	temp_p_sigpend = strstr (buff, s_sigpend);
 	temp_p_sighold = strstr (buff, s_sighold);
+	if (!temp_p_sigpend || !temp_p_sighold) {
+		free (buff);
+		free (p);
+		return NULL;
+	}

 	/* sigpend */
 	while (!isdigit (*temp_p_sigpend++)) {
@ -1094,7 +1125,7 @@ static proc_stat_content_t *get_proc_content(RDebug *dbg) {
 	free (buff);

 	/* Check the coredump_filter value */
-	file = r_str_newf ("/proc/%d/coredump_filter", dbg->pid);
+	const char *file = sdb_fmt (0, "/proc/%d/coredump_filter", dbg->pid);
 	buff = r_file_slurp (file, &size);
 	if (!buff) {
 		eprintf ("get_proc_stat: r_file_slurp error\n");
@ -1106,6 +1137,7 @@ static proc_stat_content_t *get_proc_content(RDebug *dbg) {
 	if (p->num_threads > 1) {
 		eprintf ("Warning! No thread coredump support yet.\n");
 	}
+	free (buff);
 	return p;
 }

@ -1218,5 +1250,6 @@ bool linux_generate_corefile (RDebug *dbg, RBuffer *dest) {
 	}
 cleanup:
 	may_clean_all (sec_note, proc_data, elf_hdr);
+	free (shdr_pxnum);
 	return !error;
 }