Address issues from Coverity scan of open-vm-tools.

Fix two issues reported by the Coverity scan of open-vm-tools
and annotate a third:

* Validate siginfo read from a pipe in order to address
a tainted data issue reported in signalSource.c.

* Add a "Fall through" comment to address a missing break
reported in panic.c.

* Annotate an intentional NULL-dereference in guestSDKLog.c.

diff --git a/open-vm-tools/lib/panic/panic.c b/open-vm-tools/lib/panic/panic.c
index ff3a5d930f7be57cca45d9d3ae0ffdef68179183..b5d2310f2d04e1dde3aa7dad553bdf1c347e594f 100644 (file)
--- a/open-vm-tools/lib/panic/panic.c
+++ b/open-vm-tools/lib/panic/panic.c
@@ -568,6 +568,7 @@ Panic_Panic(const char *format,
    case 1:
       Log("PANIC: %s", buf);
       Log("Panic loop\n");
+      /* Fall through */
    default:
       fprintf(stderr, "Panic loop\n");
       Util_ExitProcessAbruptly(1);

diff --git a/open-vm-tools/libvmtools/guestSDKLog.c b/open-vm-tools/libvmtools/guestSDKLog.c
index 843047a7e941dcab302fbdd0a80a648a2722e25d..39119d3fb9ded4056d8bcbc67b2d138ccc1c9c09 100644 (file)
--- a/open-vm-tools/libvmtools/guestSDKLog.c
+++ b/open-vm-tools/libvmtools/guestSDKLog.c
@@ -1,5 +1,5 @@
 /*********************************************************
- * Copyright (C) 2013-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2013-2016,2019 VMware, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published
@@ -144,6 +144,7 @@ GuestSDK_Panic(const char *fmt, ...) // IN
    printf("PANIC: %s", buffer);
 
    /* force segfault */
+   /* coverity[var_deref_op] */
    buffer[0] = *p;
    while (1) ; // avoid compiler warning
 }

diff --git a/open-vm-tools/libvmtools/signalSource.c b/open-vm-tools/libvmtools/signalSource.c
index b3be1f96bc67a0ba7812cccbfb2837535c3c8e98..6f590e8b0c43585a7e24f6b0415af924d53e9f9d 100644 (file)
--- a/open-vm-tools/libvmtools/signalSource.c
+++ b/open-vm-tools/libvmtools/signalSource.c
@@ -1,5 +1,5 @@
 /*********************************************************
- * Copyright (C) 2008-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2008-2016,2019 VMware, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published
@@ -78,15 +78,19 @@ SignalSourceReadSigInfo(void)
    if (gHandler.wakeupFd.revents & G_IO_IN) {
       siginfo_t info;
       ssize_t nbytes = read(gHandler.wakeupFd.fd, &info, sizeof info);
+
       if (nbytes == -1) {
-         g_warning("Signal source: reading from wake up fd failed.");
+         g_warning("Signal source: reading from wake up fd failed.\n");
+         return;
+      } else if (nbytes < sizeof info) {
+         g_warning("Signal source: reading from wake up fd returned %"FMTSZ"d,"
+                   " expected %"FMTSZ"u.\n", nbytes, sizeof info);
+         return;
+      } else if (info.si_signo < 0 || info.si_signo >= MAX_SIGNALS) {
+         g_warning("Signal source: bad signal number %d.\n", info.si_signo);
          return;
-      } else {
-         /* XXX: Maybe we should handle this in some other way? */
-         ASSERT(nbytes == sizeof info);
       }
       memcpy(&gHandler.currSignal, &info, sizeof info);
-      ASSERT(0 <= info.si_signo && info.si_signo < MAX_SIGNALS);
       gHandler.signals[info.si_signo] = SIG_SRC_SIGNALED;
       gHandler.wakeupFd.revents = 0;
    }