Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Oct 2015 16:58:36 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 203937] makefs: Coverity CID 975347, 975348: No provisions for i/o error
Message-ID:  <bug-203937-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203937

            Bug ID: 203937
           Summary: makefs: Coverity CID 975347, 975348: No provisions for
                    i/o error
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: scdbackup@gmx.net

usr.sbin/makefs/cd9660/cd9660_eltorito.c

CID 975347 : Unchecked return value from library (CHECKED_RETURN)
   5. check_return: Calling fseek(fd, 32UL - strlen(part_type) - 1UL, 1)
   without checking return value.

575        fseek(fd, 32 - strlen(part_type) - 1, SEEK_CUR);

CID 975348: Unchecked return value from library (CHECKED_RETURN)
   33. check_return: Calling fseek(fd, 510L, 0) without checking return

639     fseek(fd, 0x1fe, SEEK_SET);

(Ouch, an ISO producer which does not work on sequential file
 objects. That's quite inconvenient for users.)

--------------- Source analysis:

There are three fseek() with unchecked result:

In cd9660_write_apm_partition_entry():

573     fseek(fd, 32 - strlen(part_name) - 1, SEEK_CUR);

575        fseek(fd, 32 - strlen(part_type) - 1, SEEK_CUR);

In cd9660_write_boot():

639     fseek(fd, 0x1fe, SEEK_SET);

Failed fseeko() is handled by calling err(), which exits the process:

554     if (fseeko(fd, (off_t)(idx + 1) * sector_size, SEEK_SET) == -1)
555             err(1, "fseeko");

--------------- Remedy proposal:

Bail out by err(), too:

-       fseek(fd, 32 - strlen(part_name) - 1, SEEK_CUR);
+       if (fseek(fd, 32 - strlen(part_name) - 1, SEEK_CUR) == -1)
+               err(1, "fseek for APM partition");

-       fseek(fd, 32 - strlen(part_type) - 1, SEEK_CUR);
+       if (fseek(fd, 32 - strlen(part_type) - 1, SEEK_CUR) == -1)
+               err(1, "fseek for APM partition");

-               fseek(fd, 0x1fe, SEEK_SET);
+               if (fseek(fd, 0x1fe, SEEK_SET) == -1)
+                       err(1, "fseek for MBR partition");

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203937-8>