From owner-freebsd-bugs@FreeBSD.ORG Thu Mar 11 06:40:02 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BC2C1065676 for ; Thu, 11 Mar 2010 06:40:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C2B368FC1C for ; Thu, 11 Mar 2010 06:40:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o2B6e1xI043427 for ; Thu, 11 Mar 2010 06:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o2B6e1p1043426; Thu, 11 Mar 2010 06:40:01 GMT (envelope-from gnats) Resent-Date: Thu, 11 Mar 2010 06:40:01 GMT Resent-Message-Id: <201003110640.o2B6e1p1043426@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Garrett Cooper Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9092A106566B for ; Thu, 11 Mar 2010 06:31:37 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 7FD618FC15 for ; Thu, 11 Mar 2010 06:31:37 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2B6Vb91051182 for ; Thu, 11 Mar 2010 06:31:37 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o2B6Vb4W051181; Thu, 11 Mar 2010 06:31:37 GMT (envelope-from nobody) Message-Id: <201003110631.o2B6Vb4W051181@www.freebsd.org> Date: Thu, 11 Mar 2010 06:31:37 GMT From: Garrett Cooper To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/144644: [patch] Fix *alloc cornercases with config(1) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Mar 2010 06:40:02 -0000 >Number: 144644 >Category: kern >Synopsis: [patch] Fix *alloc cornercases with config(1) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 11 06:40:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Garrett Cooper >Release: 9-CURRENT >Organization: Cisco Systems, Inc. >Environment: FreeBSD bayonetta.localdomain 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Thu Mar 4 13:16:39 PST 2010 gcooper@bayonetta.localdomain:/usr/obj/usr/src/sys/BAYONETTA amd64 >Description: There are a number of corner cases that aren't properly dealt with in config(1) when memory allocations fail. There may be issues with memory leaks in config(1), but this is outside of the scope of this patch. >How-To-Repeat: >Fix: See attached patch. Patch attached with submission follows: Index: mkoptions.c =================================================================== --- mkoptions.c (revision 204996) +++ mkoptions.c (working copy) @@ -70,6 +70,9 @@ /* Fake the cpu types as options. */ SLIST_FOREACH(cp, &cputype, cpu_next) { op = (struct opt *)calloc(1, sizeof(*op)); + if (op == NULL) { + errx(EXIT_FAILURE, "calloc"); + } op->op_name = ns(cp->cpu_name); SLIST_INSERT_HEAD(&opt, op, op_next); } @@ -84,6 +87,9 @@ /* Fake MAXUSERS as an option. */ op = (struct opt *)calloc(1, sizeof(*op)); + if (op == NULL) { + errx(EXIT_FAILURE, "calloc"); + } op->op_name = ns("MAXUSERS"); snprintf(buf, sizeof(buf), "%d", maxusers); op->op_value = ns(buf); @@ -199,6 +205,9 @@ tidy++; } else { op = (struct opt *) calloc(1, sizeof *op); + if (op == NULL) { + errx(EXIT_FAILURE, "calloc"); + } op->op_name = inw; op->op_value = invalue; SLIST_INSERT_HEAD(&op_head, op, op_next); @@ -225,6 +234,9 @@ if (value && !seen) { /* New option appears */ op = (struct opt *) calloc(1, sizeof *op); + if (op == NULL) { + errx(EXIT_FAILURE, "calloc"); + } op->op_name = ns(name); op->op_value = value ? ns(value) : NULL; SLIST_INSERT_HEAD(&op_head, op, op_next); @@ -336,6 +348,9 @@ } po = (struct opt_list *) calloc(1, sizeof *po); + if (po == NULL) { + errx(EXIT_FAILURE, "calloc"); + } po->o_name = this; po->o_file = val; SLIST_INSERT_HEAD(&otab, po, o_next); Index: main.c =================================================================== --- main.c (revision 204996) +++ main.c (working copy) @@ -120,7 +120,7 @@ if (*destdir == '\0') strlcpy(destdir, optarg, sizeof(destdir)); else - errx(2, "directory already set"); + errx(EXIT_FAILURE, "directory already set"); break; case 'g': debugging++; @@ -175,7 +175,7 @@ if (mkdir(p, 0777)) err(2, "%s", p); } else if (!S_ISDIR(buf.st_mode)) - errx(2, "%s isn't a directory", p); + errx(EXIT_FAILURE, "%s isn't a directory", p); SLIST_INIT(&cputype); SLIST_INIT(&mkopt); @@ -256,7 +256,7 @@ int i; if (realpath("../..", srcdir) == NULL) - errx(2, "Unable to find root of source tree"); + errx(EXIT_FAILURE, "Unable to find root of source tree"); if ((pwd = getenv("PWD")) != NULL && *pwd == '/' && (pwd = strdup(pwd)) != NULL) { /* Remove the last two path components. */ @@ -650,6 +650,9 @@ } } hl = calloc(1, sizeof(*hl)); + if (hl == NULL) { + errx(EXIT_FAILURE, "calloc"); + } hl->h_name = s; hl->h_next = htab; htab = hl; Index: mkmakefile.c =================================================================== --- mkmakefile.c (revision 204996) +++ mkmakefile.c (working copy) @@ -98,6 +98,9 @@ struct file_list *fp; fp = (struct file_list *) calloc(1, sizeof *fp); + if (fp == NULL) { + errx(EXIT_FAILURE, "calloc"); + } STAILQ_INSERT_TAIL(&ftab, fp, f_next); return (fp); } Index: lang.l =================================================================== --- lang.l (revision 204996) +++ lang.l (working copy) @@ -31,6 +31,7 @@ * $FreeBSD$ */ +#include #include #include #include @@ -220,6 +221,9 @@ struct cfgfile *cf; cf = calloc(1, sizeof(*cf)); + if (cf == NULL) { + errx(EXIT_FAILURE, "calloc"); + } assert(cf != NULL); asprintf(&cf->cfg_path, "%s", fname); STAILQ_INSERT_TAIL(&cfgfiles, cf, cfg_next); Index: config.y =================================================================== --- config.y (revision 204996) +++ config.y (working copy) @@ -166,6 +166,9 @@ CPU Save_id { struct cputype *cp = (struct cputype *)calloc(1, sizeof (struct cputype)); + if (cp == NULL) { + errx(EXIT_FAILURE, "calloc"); + } cp->cpu_name = $2; SLIST_INSERT_HEAD(&cputype, cp, cpu_next); } | @@ -197,6 +200,9 @@ struct hint *hint; hint = (struct hint *)calloc(1, sizeof (struct hint)); + if (hint == NULL) { + errx(EXIT_FAILURE, "calloc"); + } hint->hint_name = $2; STAILQ_INSERT_TAIL(&hints, hint, hint_next); hintmode = 1; @@ -331,6 +337,9 @@ struct files_name *nl; nl = (struct files_name *) calloc(1, sizeof *nl); + if (nl == NULL) { + errx(EXIT_FAILURE, "calloc"); + } nl->f_name = name; STAILQ_INSERT_TAIL(&fntab, nl, f_next); } @@ -364,6 +373,9 @@ } np = (struct device *) calloc(1, sizeof *np); + if (np == NULL) { + errx(EXIT_FAILURE, "calloc"); + } np->d_name = name; STAILQ_INSERT_TAIL(&dtab, np, d_next); } @@ -422,6 +434,9 @@ } op = (struct opt *)calloc(1, sizeof (struct opt)); + if (op == NULL) { + errx(EXIT_FAILURE, "calloc"); + } op->op_name = name; op->op_ownfile = 0; op->op_value = value; >Release-Note: >Audit-Trail: >Unformatted: