diff options
| author | Bhumika Goyal <bgoyal@redhat.com> | 2018-08-07 15:28:13 +0530 |
|---|---|---|
| committer | Amar Tumballi <amarts@redhat.com> | 2018-08-21 05:01:08 +0000 |
| commit | 6fa531c57c633827283fba6a3cdaa1c68976ccb7 (patch) | |
| tree | 200f300af453ad45e7e7491f989757170d01adb8 /xlators | |
| parent | 2348b8ae6ce02f83069d01478a31bb2498cc6183 (diff) | |
xlators: protocol: Fix deferencing pointer after free coverity issues
The pointer of type struct iobuf * is getting dereferenced after
getting freed by iobuf_unref function. Therefore, move this function
after all the dereferences of this pointer type.
Also, it is useful coding standard to have iobuf_unref just after
iobref_add. So, move iobref_add too.
Occurences found using Coccinelle script:
@@
identifier rsphdr_iobuf;
expression E;
identifier func;
@@
*iobuf_unref(rsphdr_iobuf);
...
*E = func(rsphdr_iobuf);
Fixes CID: 1390517, 1390278, 1388666, 1356588, 1356587 at [1].
and also some more occurences which were found using the above script but not
caught by Coverity.
[1]. https://scan6.coverity.com/reports.htm#v42388/p10714/fileInstanceId=84384920&defectInstanceId=25600709&mergedDefectId=1388666
Change-Id: I579e9d12698f14e9e24bc926c6efef16bac5c06c
updates: bz#789278
Signed-off-by: Bhumika Goyal <bgoyal@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/protocol/client/src/client-helpers.c | 10 | ||||
| -rw-r--r-- | xlators/protocol/client/src/client-rpc-fops.c | 37 | ||||
| -rw-r--r-- | xlators/protocol/client/src/client-rpc-fops_v2.c | 9 |
3 files changed, 24 insertions, 32 deletions
diff --git a/xlators/protocol/client/src/client-helpers.c b/xlators/protocol/client/src/client-helpers.c index 75cfd55b8fa..ddb88795fee 100644 --- a/xlators/protocol/client/src/client-helpers.c +++ b/xlators/protocol/client/src/client-helpers.c @@ -1268,15 +1268,14 @@ client_handle_fop_requirements (xlator_t *this, call_frame_t *frame, } } - iobref_add (*rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - if (*rsp_count + 1 >= MAX_IOVEC) { op_errno = ENOMEM; goto out; } rsp_vector[*rsp_count].iov_base = iobuf_ptr (rsp_iobuf); rsp_vector[*rsp_count].iov_len = iobuf_pagesize (rsp_iobuf); + iobref_add (*rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; if (args->size > rsp_vector[*rsp_count].iov_len) { gf_msg (this->name, GF_LOG_WARNING, ENOMEM, @@ -2371,15 +2370,14 @@ client_handle_fop_requirements_v2 (xlator_t *this, call_frame_t *frame, } } - iobref_add (*rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - if (*rsp_count + 1 >= MAX_IOVEC) { op_errno = ENOMEM; goto out; } rsp_vector[*rsp_count].iov_base = iobuf_ptr (rsp_iobuf); rsp_vector[*rsp_count].iov_len = iobuf_pagesize (rsp_iobuf); + iobref_add (*rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; if (args->size > rsp_vector[*rsp_count].iov_len) { gf_msg (this->name, GF_LOG_WARNING, ENOMEM, diff --git a/xlators/protocol/client/src/client-rpc-fops.c b/xlators/protocol/client/src/client-rpc-fops.c index cf2d913dd71..5c5a96d9178 100644 --- a/xlators/protocol/client/src/client-rpc-fops.c +++ b/xlators/protocol/client/src/client-rpc-fops.c @@ -3456,13 +3456,13 @@ client3_3_readlink (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsp_iobuf); rsphdr->iov_len = iobuf_pagesize (rsp_iobuf); count = 1; local->iobref = rsp_iobref; + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; rsp_iobref = NULL; @@ -4029,12 +4029,11 @@ client3_3_readv (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - rsp_vec.iov_base = iobuf_ptr (rsp_iobuf); rsp_vec.iov_len = iobuf_pagesize (rsp_iobuf); + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; if (args->size > rsp_vec.iov_len) { @@ -4555,14 +4554,13 @@ client3_3_fgetxattr (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsp_iobuf); rsphdr->iov_len = iobuf_pagesize (rsp_iobuf);; count = 1; local->iobref = rsp_iobref; + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; rsp_iobref = NULL; @@ -4650,14 +4648,13 @@ client3_3_getxattr (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsp_iobuf); rsphdr->iov_len = iobuf_pagesize (rsp_iobuf); count = 1; local->iobref = rsp_iobref; + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; rsp_iobref = NULL; @@ -4771,14 +4768,13 @@ client3_3_xattrop (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsp_iobuf); rsphdr->iov_len = iobuf_pagesize (rsp_iobuf); count = 1; local->iobref = rsp_iobref; + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; rsp_iobref = NULL; @@ -4872,13 +4868,13 @@ client3_3_fxattrop (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsp_iobuf); rsphdr->iov_len = iobuf_pagesize (rsp_iobuf); count = 1; local->iobref = rsp_iobref; + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; rsp_iobref = NULL; @@ -5485,14 +5481,13 @@ client3_3_readdirp (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsp_iobuf); rsphdr->iov_len = iobuf_pagesize (rsp_iobuf); count = 1; local->iobref = rsp_iobref; + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; rsp_iobref = NULL; } @@ -5884,12 +5879,12 @@ client3_3_compound (call_frame_t *frame, xlator_t *this, void *data) goto unwind; } - iobref_add (rsphdr_iobref, rsphdr_iobuf); - iobuf_unref (rsphdr_iobuf); rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsphdr_iobuf); rsphdr->iov_len = iobuf_pagesize (rsphdr_iobuf); rsphdr_count = 1; + iobref_add (rsphdr_iobref, rsphdr_iobuf); + iobuf_unref (rsphdr_iobuf); rsphdr_iobuf = NULL; req.compound_fop_enum = c_args->fop_enum; diff --git a/xlators/protocol/client/src/client-rpc-fops_v2.c b/xlators/protocol/client/src/client-rpc-fops_v2.c index 35731920a2e..dc5b8d4ac83 100644 --- a/xlators/protocol/client/src/client-rpc-fops_v2.c +++ b/xlators/protocol/client/src/client-rpc-fops_v2.c @@ -4960,14 +4960,13 @@ client4_0_readdirp (call_frame_t *frame, xlator_t *this, goto unwind; } - iobref_add (rsp_iobref, rsp_iobuf); - iobuf_unref (rsp_iobuf); - rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsp_iobuf); rsphdr->iov_len = iobuf_pagesize (rsp_iobuf); count = 1; local->iobref = rsp_iobref; + iobref_add (rsp_iobref, rsp_iobuf); + iobuf_unref (rsp_iobuf); rsp_iobuf = NULL; rsp_iobref = NULL; } @@ -5952,12 +5951,12 @@ client4_0_compound (call_frame_t *frame, xlator_t *this, void *data) goto unwind; } - iobref_add (rsphdr_iobref, rsphdr_iobuf); - iobuf_unref (rsphdr_iobuf); rsphdr = &vector[0]; rsphdr->iov_base = iobuf_ptr (rsphdr_iobuf); rsphdr->iov_len = iobuf_pagesize (rsphdr_iobuf); rsphdr_count = 1; + iobref_add (rsphdr_iobref, rsphdr_iobuf); + iobuf_unref (rsphdr_iobuf); rsphdr_iobuf = NULL; req.compound_fop_enum = c_args->fop_enum; |