From: Oliver Kurth Date: Wed, 30 Oct 2019 18:18:22 +0000 (-0700) Subject: Address issues from Coverity scan of open-vm-tools. X-Git-Tag: stable-11.1.0~182 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89aba4b6790337fab1f1277421c5db3ea08a43ef;p=thirdparty%2Fopen-vm-tools.git Address issues from Coverity scan of open-vm-tools. Fix two issues reported by the Coverity scan of open-vm-tools and annotate a third: * Validate siginfo read from a pipe in order to address a tainted data issue reported in signalSource.c. * Add a "Fall through" comment to address a missing break reported in panic.c. * Annotate an intentional NULL-dereference in guestSDKLog.c. --- diff --git a/open-vm-tools/lib/panic/panic.c b/open-vm-tools/lib/panic/panic.c index ff3a5d930..b5d2310f2 100644 --- a/open-vm-tools/lib/panic/panic.c +++ b/open-vm-tools/lib/panic/panic.c @@ -568,6 +568,7 @@ Panic_Panic(const char *format, case 1: Log("PANIC: %s", buf); Log("Panic loop\n"); + /* Fall through */ default: fprintf(stderr, "Panic loop\n"); Util_ExitProcessAbruptly(1); diff --git a/open-vm-tools/libvmtools/guestSDKLog.c b/open-vm-tools/libvmtools/guestSDKLog.c index 843047a7e..39119d3fb 100644 --- a/open-vm-tools/libvmtools/guestSDKLog.c +++ b/open-vm-tools/libvmtools/guestSDKLog.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2013-2016 VMware, Inc. All rights reserved. + * Copyright (C) 2013-2016,2019 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -144,6 +144,7 @@ GuestSDK_Panic(const char *fmt, ...) // IN printf("PANIC: %s", buffer); /* force segfault */ + /* coverity[var_deref_op] */ buffer[0] = *p; while (1) ; // avoid compiler warning } diff --git a/open-vm-tools/libvmtools/signalSource.c b/open-vm-tools/libvmtools/signalSource.c index b3be1f96b..6f590e8b0 100644 --- a/open-vm-tools/libvmtools/signalSource.c +++ b/open-vm-tools/libvmtools/signalSource.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2008-2016 VMware, Inc. All rights reserved. + * Copyright (C) 2008-2016,2019 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -78,15 +78,19 @@ SignalSourceReadSigInfo(void) if (gHandler.wakeupFd.revents & G_IO_IN) { siginfo_t info; ssize_t nbytes = read(gHandler.wakeupFd.fd, &info, sizeof info); + if (nbytes == -1) { - g_warning("Signal source: reading from wake up fd failed."); + g_warning("Signal source: reading from wake up fd failed.\n"); + return; + } else if (nbytes < sizeof info) { + g_warning("Signal source: reading from wake up fd returned %"FMTSZ"d," + " expected %"FMTSZ"u.\n", nbytes, sizeof info); + return; + } else if (info.si_signo < 0 || info.si_signo >= MAX_SIGNALS) { + g_warning("Signal source: bad signal number %d.\n", info.si_signo); return; - } else { - /* XXX: Maybe we should handle this in some other way? */ - ASSERT(nbytes == sizeof info); } memcpy(&gHandler.currSignal, &info, sizeof info); - ASSERT(0 <= info.si_signo && info.si_signo < MAX_SIGNALS); gHandler.signals[info.si_signo] = SIG_SRC_SIGNALED; gHandler.wakeupFd.revents = 0; }