New Coverity Scan Report Available
Hi It looks like the submission I did at the end of last week worked. There are some fixed issues and about 10 new issues. The new ones seem to be mostly in the RTL code and BSP code. FWIW looking through the over 100 outstanding, I see many that need to be reviewed by someone familiar with that piece of code. Some are for not checking return values. One in the fdt shell command indicates the argument processing loop will never be executed which I find hard to believe. It would be helpful if everyone who can takes a look at the report. I am happy to help decipher the reports. --joel ___ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
[PATCH] libdl/alloc: Add a locking interface to the allocator.
From: Chris Johns
- Allow an allocator to lock the allocations. This is needed to
lock the heap allocator so the text and trampoline table are
as close together as possible to allow for the largest possible
object file size.
- Update the default heap allocator to lock the heap allocator.
- Update ELF loading to lock the allocator.
Updates #3685
---
cpukit/include/rtems/rtl/rtl-allocator.h | 20 ++
cpukit/libdl/rtl-alloc-heap.c| 23
cpukit/libdl/rtl-allocator.c | 34
cpukit/libdl/rtl-elf.c | 11
4 files changed, 83 insertions(+), 5 deletions(-)
diff --git a/cpukit/include/rtems/rtl/rtl-allocator.h
b/cpukit/include/rtems/rtl/rtl-allocator.h
index 1a5d615582..da221fef68 100644
--- a/cpukit/include/rtems/rtl/rtl-allocator.h
+++ b/cpukit/include/rtems/rtl/rtl-allocator.h
@@ -50,6 +50,8 @@ typedef enum rtems_rtl_alloc_tags rtems_rtl_alloc_tag;
enum rtems_rtl_alloc_cmd {
RTEMS_RTL_ALLOC_NEW,/**< Allocate new memory. */
RTEMS_RTL_ALLOC_DEL,/**< Delete allocated memory. */
+ RTEMS_RTL_ALLOC_LOCK, /**< Lock the allocator. */
+ RTEMS_RTL_ALLOC_UNLOCK, /**< Unlock the allocator. */
RTEMS_RTL_ALLOC_WR_ENABLE, /**< Enable writes to the memory. */
RTEMS_RTL_ALLOC_WR_DISABLE, /**< Disable writes to the memory. */
};
@@ -121,6 +123,24 @@ void* rtems_rtl_alloc_new (rtems_rtl_alloc_tag tag, size_t
size, bool zero);
*/
void rtems_rtl_alloc_del (rtems_rtl_alloc_tag tag, void* address);
+/**
+ * The Runtime Loader allocator lock. An allocator that depends on a
+ * separate allocation process, for example the heap, may need to be
+ * locked during loading of an object file to make sure the locality
+ * of the memory. This call be used to lock such an allocator.
+ * Allocator calls in this interface are protected by the RTL lock.
+ */
+void rtems_rtl_alloc_lock (void);
+
+/**
+ * The Runtime Loader allocator unlock. An allocator that depends on a
+ * separate allocation process, for example the heap, may need to be
+ * locked during loading of an object file to make sure the locality
+ * of the memory. This call can be used to unlock such an allocator.
+ * Allocator calls in this interface are protected by the RTL lock.
+ */
+void rtems_rtl_alloc_unlock (void);
+
/**
* The Runtime Loader allocator enable write on a bloc of allocated memory.
*
diff --git a/cpukit/libdl/rtl-alloc-heap.c b/cpukit/libdl/rtl-alloc-heap.c
index 4ffdaf23b1..f1bdcca507 100644
--- a/cpukit/libdl/rtl-alloc-heap.c
+++ b/cpukit/libdl/rtl-alloc-heap.c
@@ -17,17 +17,30 @@
#include "rtl-alloc-heap.h"
+#include
+
void
rtems_rtl_alloc_heap (rtems_rtl_alloc_cmd cmd,
rtems_rtl_alloc_tag tag,
void** address,
size_t size)
{
- if (cmd == RTEMS_RTL_ALLOC_NEW)
-*address = malloc (size);
- else if (cmd == RTEMS_RTL_ALLOC_DEL)
+ switch (cmd)
{
-free (*address);
-*address = NULL;
+case RTEMS_RTL_ALLOC_NEW:
+ *address = malloc (size);
+ break;
+case RTEMS_RTL_ALLOC_DEL:
+ free (*address);
+ *address = NULL;
+ break;
+case RTEMS_RTL_ALLOC_LOCK:
+ _RTEMS_Lock_allocator();
+ break;
+case RTEMS_RTL_ALLOC_UNLOCK:
+ _RTEMS_Unlock_allocator();
+ break;
+default:
+ break;
}
}
diff --git a/cpukit/libdl/rtl-allocator.c b/cpukit/libdl/rtl-allocator.c
index 01ce9e580f..0dca6b2f9a 100644
--- a/cpukit/libdl/rtl-allocator.c
+++ b/cpukit/libdl/rtl-allocator.c
@@ -107,6 +107,40 @@ rtems_rtl_alloc_wr_enable (rtems_rtl_alloc_tag tag, void*
address)
rtems_rtl_unlock ();
}
+void
+rtems_rtl_alloc_lock (void)
+{
+ rtems_rtl_data* rtl = rtems_rtl_lock ();
+
+ if (rtems_rtl_trace (RTEMS_RTL_TRACE_ALLOCATOR))
+printf ("rtl: alloc: lock\n");
+
+ if (rtl != NULL)
+rtl->allocator.allocator (RTEMS_RTL_ALLOC_LOCK,
+ RTEMS_RTL_ALLOC_OBJECT, /* should be ignored */
+ NULL,
+ 0);
+
+ rtems_rtl_unlock ();
+}
+
+
+void
+rtems_rtl_alloc_unlock (void)
+{
+ rtems_rtl_data* rtl = rtems_rtl_lock ();
+
+ if (rtems_rtl_trace (RTEMS_RTL_TRACE_ALLOCATOR))
+printf ("rtl: alloc: unlock\n");
+
+ if (rtl != NULL)
+rtl->allocator.allocator (RTEMS_RTL_ALLOC_UNLOCK,
+ RTEMS_RTL_ALLOC_OBJECT, /* should be ignored */
+ NULL,
+ 0);
+
+ rtems_rtl_unlock ();
+}
void
rtems_rtl_alloc_wr_disable (rtems_rtl_alloc_tag tag, void* address)
{
diff --git a/cpukit/libdl/rtl-elf.c b/cpukit/libdl/rtl-elf.c
index 54ea1464cc..963cb4b2f4 100644
--- a/cpukit/libdl/rtl-elf.c
+++ b/cpukit/libdl/rtl-elf.c
@@ -1456,6 +1456,12 @@ rtems_rtl_elf_file_load (rtems_rtl_obj* obj, int fd)
*/
obj->entry = (void*)(uintptr_t) ehdr.e_entry;
+ /*
+ * Lock the allocator so the section
[PATCH 2/4] libdl/archive: Fix the config file string index while removing tailing white space.
From: Chris Johns
Coverity issue 1442540
Updates #3686
---
cpukit/include/rtems/rtl/rtl-archive.h | 2 +-
cpukit/libdl/rtl-archive.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/cpukit/include/rtems/rtl/rtl-archive.h
b/cpukit/include/rtems/rtl/rtl-archive.h
index 1fe3aae385..8aa163e782 100644
--- a/cpukit/include/rtems/rtl/rtl-archive.h
+++ b/cpukit/include/rtems/rtl/rtl-archive.h
@@ -103,7 +103,7 @@ typedef struct rtems_rtl_archives
const char* config_name;/**< Config file name. */
time_t config_mtime; /**< Config last modified time. */
size_t config_length; /**< Length the config data. */
- const char* config; /**< Config file contents. */
+ char* config; /**< Config file contents. */
rtems_chain_control archives; /**< The located archives. */
} rtems_rtl_archives;
diff --git a/cpukit/libdl/rtl-archive.c b/cpukit/libdl/rtl-archive.c
index faa6616eb1..8490b4bc07 100644
--- a/cpukit/libdl/rtl-archive.c
+++ b/cpukit/libdl/rtl-archive.c
@@ -528,9 +528,9 @@ rtems_rtl_archives_load_config (rtems_rtl_archives*
archives)
++b;
}
b = ls - 1;
-while (b > 0 && isspace (s[b]))
+while (b > 0 && isspace (s[r + b]))
{
- s[b] = '\0';
+ s[r + b] = '\0';
--b;
}
r += ls;
--
2.19.1
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
[PATCH 3/4] libdl/archive: Check for an overflow of the symbol table.
From: Chris Johns
Coverty 1442636
Updates #3686
---
cpukit/libdl/rtl-archive.c | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/cpukit/libdl/rtl-archive.c b/cpukit/libdl/rtl-archive.c
index 8490b4bc07..77ad2b0d30 100644
--- a/cpukit/libdl/rtl-archive.c
+++ b/cpukit/libdl/rtl-archive.c
@@ -678,10 +678,20 @@ rtems_rtl_archive_loader (rtems_rtl_archive* archive,
void* data)
}
/*
- * The first 4 byte value is the number of entries.
+ * The first 4 byte value is the number of entries. Range check the
+ * value so the alloc size does not overflow (Coverity 1442636).
*/
archive->symbols.entries =
rtems_rtl_archive_read_32 (archive->symbols.base);
+ if (archive->symbols.entries >= (SIZE_MAX / sizeof
(rtems_rtl_archive_symbol)))
+ {
+rtems_rtl_alloc_del (RTEMS_RTL_ALLOC_SYMBOL, archive->symbols.base);
+close (fd);
+memset (&archive->symbols, 0, sizeof (archive->symbols));
+rtems_rtl_archive_set_error (errno, "too many symbols");
+return true;
+ }
+
archive->symbols.size = size;
archive->symbols.names = archive->symbols.base;
archive->symbols.names += (archive->symbols.entries + 1) * 4;
@@ -691,8 +701,7 @@ rtems_rtl_archive_loader (rtems_rtl_archive* archive, void*
data)
*/
if (archive->symbols.entries > RTEMS_RTL_ARCHIVE_SYMBOLS_SORT)
{
-const size_t size =
- archive->symbols.entries * sizeof (rtems_rtl_archive_symbol);
+size = archive->symbols.entries * sizeof (rtems_rtl_archive_symbol);
archive->symbols.symbols =
rtems_rtl_alloc_new (RTEMS_RTL_ALLOC_SYMBOL, size, true);
if (archive->symbols.symbols != NULL)
--
2.19.1
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
[PATCH 4/4] libdl/unresolved: Fix return value for rtems_rtl_unresolved_remove
From: Chris Johns
Coverity 1399717
Updates #3686
---
cpukit/libdl/rtl-unresolved.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cpukit/libdl/rtl-unresolved.c b/cpukit/libdl/rtl-unresolved.c
index 7ee572c351..dc21e9bcc1 100644
--- a/cpukit/libdl/rtl-unresolved.c
+++ b/cpukit/libdl/rtl-unresolved.c
@@ -672,9 +672,9 @@ rtems_rtl_unresolved_remove (rtems_rtl_obj*obj,
{
rtems_rtl_unresolved* unresolved;
unresolved = rtems_rtl_unresolved_unprotected ();
- if (!unresolved)
+ if (unresolved == NULL)
return false;
- return false;
+ return true;
}
/**
--
2.19.1
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
[PATCH 1/4] libdl/archive: Return false on read failure.
From: Chris Johns
Coverity issue 1442641
Updates #3686
---
cpukit/libdl/rtl-archive.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/cpukit/libdl/rtl-archive.c b/cpukit/libdl/rtl-archive.c
index 07d40187e1..faa6616eb1 100644
--- a/cpukit/libdl/rtl-archive.c
+++ b/cpukit/libdl/rtl-archive.c
@@ -474,6 +474,7 @@ rtems_rtl_archives_load_config (rtems_rtl_archives*
archives)
archives->config_length = 0;
if (rtems_rtl_trace (RTEMS_RTL_TRACE_ARCHIVES))
printf ("rtl: archive: config read error: %s\n", strerror (errno));
+ return false;
}
close (fd);
--
2.19.1
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
