Fix: don't dereference NULL pointers
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Mon, 21 Sep 2015 20:44:38 +0000 (16:44 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Mon, 21 Sep 2015 20:44:38 +0000 (16:44 -0400)
Detected by scan-build.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
liblttng-ust-comm/lttng-ust-comm.c
liblttng-ust-ctl/ustctl.c
liblttng-ust/lttng-ring-buffer-client.h
liblttng-ust/lttng-ring-buffer-metadata-client.h
libringbuffer/ring_buffer_backend.c
libringbuffer/ring_buffer_frontend.c

index bbc59fc2f986b26bd582212005b0e48c60f3a0ec..d213770f7a25f69059810d14d5f12569636cba2b 100644 (file)
@@ -377,6 +377,8 @@ ssize_t ustcomm_send_fds_unix_sock(int sock, int *fds, size_t nb_fd)
        msg.msg_controllen = CMSG_LEN(sizeof_fds);
 
        cmptr = CMSG_FIRSTHDR(&msg);
+       if (!cmptr)
+               return -EINVAL;
        cmptr->cmsg_level = SOL_SOCKET;
        cmptr->cmsg_type = SCM_RIGHTS;
        cmptr->cmsg_len = CMSG_LEN(sizeof_fds);
index 5801bc6b4b78e6b8c6b837d44755c79f1264f348..6b6f295b38bd81ff4ce3e26ad47f7ea37c351fc0 100644 (file)
@@ -1341,6 +1341,8 @@ int ustctl_get_mmap_read_offset(struct ustctl_consumer_stream *stream,
        unsigned long sb_bindex;
        struct lttng_ust_lib_ring_buffer *buf;
        struct ustctl_consumer_channel *consumer_chan;
+       struct lttng_ust_lib_ring_buffer_backend_pages_shmp *barray_idx;
+       struct lttng_ust_lib_ring_buffer_backend_pages *pages;
 
        if (!stream)
                return -EINVAL;
@@ -1351,8 +1353,14 @@ int ustctl_get_mmap_read_offset(struct ustctl_consumer_stream *stream,
                return -EINVAL;
        sb_bindex = subbuffer_id_get_index(&chan->backend.config,
                                        buf->backend.buf_rsb.id);
-       *off = shmp(consumer_chan->chan->handle,
-               shmp_index(consumer_chan->chan->handle, buf->backend.array, sb_bindex)->shmp)->mmap_offset;
+       barray_idx = shmp_index(consumer_chan->chan->handle, buf->backend.array,
+                       sb_bindex);
+       if (!barray_idx)
+               return -EINVAL;
+       pages = shmp(consumer_chan->chan->handle, barray_idx->shmp);
+       if (!pages)
+               return -EINVAL;
+       *off = pages->mmap_offset;
        return 0;
 }
 
@@ -1518,6 +1526,8 @@ struct lttng_ust_client_lib_ring_buffer_client_cb *get_client_cb(
        struct lttng_ust_client_lib_ring_buffer_client_cb *client_cb;
 
        chan = shmp(handle, buf->backend.chan);
+       if (!chan)
+               return NULL;
        config = &chan->backend.config;
        if (!config->cb_ptr)
                return NULL;
index c0ae0c841590dec0ad8eda825511df3c78407085..70235b8a812508bebdee4c456a312a8f0ce6a4dc 100644 (file)
@@ -339,6 +339,9 @@ static void client_buffer_begin(struct lttng_ust_lib_ring_buffer *buf, uint64_t
                                handle);
        struct lttng_channel *lttng_chan = channel_get_private(chan);
 
+       assert(header);
+       if (!header)
+               return;
        header->magic = CTF_MAGIC_NUMBER;
        memcpy(header->uuid, lttng_chan->uuid, sizeof(lttng_chan->uuid));
        header->stream_id = lttng_chan->id;
@@ -366,6 +369,9 @@ static void client_buffer_end(struct lttng_ust_lib_ring_buffer *buf, uint64_t ts
                                handle);
        unsigned long records_lost = 0;
 
+       assert(header);
+       if (!header)
+               return;
        header->ctx.timestamp_end = tsc;
        header->ctx.content_size =
                (uint64_t) data_size * CHAR_BIT;                /* in bits */
@@ -415,6 +421,8 @@ static int client_timestamp_begin(struct lttng_ust_lib_ring_buffer *buf,
        struct packet_header *header;
 
        header = client_packet_header(buf, handle);
+       if (!header)
+               return -1;
        *timestamp_begin = header->ctx.timestamp_begin;
        return 0;
 }
@@ -426,6 +434,8 @@ static int client_timestamp_end(struct lttng_ust_lib_ring_buffer *buf,
        struct packet_header *header;
 
        header = client_packet_header(buf, handle);
+       if (!header)
+               return -1;
        *timestamp_end = header->ctx.timestamp_end;
        return 0;
 }
@@ -437,6 +447,8 @@ static int client_events_discarded(struct lttng_ust_lib_ring_buffer *buf,
        struct packet_header *header;
 
        header = client_packet_header(buf, handle);
+       if (!header)
+               return -1;
        *events_discarded = header->ctx.events_discarded;
        return 0;
 }
@@ -448,6 +460,8 @@ static int client_content_size(struct lttng_ust_lib_ring_buffer *buf,
        struct packet_header *header;
 
        header = client_packet_header(buf, handle);
+       if (!header)
+               return -1;
        *content_size = header->ctx.content_size;
        return 0;
 }
@@ -459,6 +473,8 @@ static int client_packet_size(struct lttng_ust_lib_ring_buffer *buf,
        struct packet_header *header;
 
        header = client_packet_header(buf, handle);
+       if (!header)
+               return -1;
        *packet_size = header->ctx.packet_size;
        return 0;
 }
@@ -470,6 +486,8 @@ static int client_stream_id(struct lttng_ust_lib_ring_buffer *buf,
        struct packet_header *header;
 
        header = client_packet_header(buf, handle);
+       if (!header)
+               return -1;
        *stream_id = header->stream_id;
        return 0;
 }
index 921549faff4c8cc95ff5e3afe2c41aa653cc4c1c..ed8db359fa1a089563ec09652b8b2e167d959bf5 100644 (file)
@@ -101,6 +101,9 @@ static void client_buffer_begin(struct lttng_ust_lib_ring_buffer *buf, uint64_t
                                handle);
        struct lttng_channel *lttng_chan = channel_get_private(chan);
 
+       assert(header);
+       if (!header)
+               return;
        header->magic = TSDL_MAGIC_NUMBER;
        memcpy(header->uuid, lttng_chan->uuid, sizeof(lttng_chan->uuid));
        header->checksum = 0;           /* 0 if unused */
@@ -129,6 +132,9 @@ static void client_buffer_end(struct lttng_ust_lib_ring_buffer *buf, uint64_t ts
                                handle);
        unsigned long records_lost = 0;
 
+       assert(header);
+       if (!header)
+               return;
        header->content_size = data_size * CHAR_BIT;            /* in bits */
        header->packet_size = PAGE_ALIGN(data_size) * CHAR_BIT; /* in bits */
        /*
index 54fe627c9a497c5be2b279b94c5c92553a086b15..2e688b40f4810e1a80c57b7296edafaed7e97c14 100644 (file)
@@ -46,12 +46,16 @@ int lib_ring_buffer_backend_allocate(const struct lttng_ust_lib_ring_buffer_conf
                                     struct lttng_ust_shm_handle *handle,
                                     struct shm_object *shmobj)
 {
-       struct channel_backend *chanb = &shmp(handle, bufb->chan)->backend;
+       struct channel_backend *chanb;
        unsigned long subbuf_size, mmap_offset = 0;
        unsigned long num_subbuf_alloc;
        unsigned long i;
        long page_size;
 
+       chanb = &shmp(handle, bufb->chan)->backend;
+       if (!chanb)
+               return -EINVAL;
+
        subbuf_size = chanb->subbuf_size;
        num_subbuf_alloc = num_subbuf;
 
@@ -97,8 +101,14 @@ int lib_ring_buffer_backend_allocate(const struct lttng_ust_lib_ring_buffer_conf
        if (caa_unlikely(!shmp(handle, bufb->buf_wsb)))
                goto free_array;
 
-       for (i = 0; i < num_subbuf; i++)
-               shmp_index(handle, bufb->buf_wsb, i)->id = subbuffer_id(config, 0, 1, i);
+       for (i = 0; i < num_subbuf; i++) {
+               struct lttng_ust_lib_ring_buffer_backend_subbuffer *sb;
+
+               sb = shmp_index(handle, bufb->buf_wsb, i);
+               if (!sb)
+                       goto free_array;
+               sb->id = subbuffer_id(config, 0, 1, i);
+       }
 
        /* Assign read-side subbuffer table */
        if (extra_reader_sb)
@@ -109,16 +119,23 @@ int lib_ring_buffer_backend_allocate(const struct lttng_ust_lib_ring_buffer_conf
 
        /* Assign pages to page index */
        for (i = 0; i < num_subbuf_alloc; i++) {
+               struct lttng_ust_lib_ring_buffer_backend_pages_shmp *sbp;
+               struct lttng_ust_lib_ring_buffer_backend_pages *pages;
                struct shm_ref ref;
 
                ref.index = bufb->memory_map._ref.index;
                ref.offset = bufb->memory_map._ref.offset;
                ref.offset += i * subbuf_size;
 
-               set_shmp(shmp(handle, shmp_index(handle, bufb->array, i)->shmp)->p,
-                        ref);
+               sbp = shmp_index(handle, bufb->array, i);
+               if (!sbp)
+                       goto free_array;
+               pages = shmp(handle, sbp->shmp);
+               if (!pages)
+                       goto free_array;
+               set_shmp(pages->p, ref);
                if (config->output == RING_BUFFER_MMAP) {
-                       shmp(handle, shmp_index(handle, bufb->array, i)->shmp)->mmap_offset = mmap_offset;
+                       pages->mmap_offset = mmap_offset;
                        mmap_offset += subbuf_size;
                }
        }
@@ -152,17 +169,28 @@ int lib_ring_buffer_backend_create(struct lttng_ust_lib_ring_buffer_backend *buf
 void lib_ring_buffer_backend_reset(struct lttng_ust_lib_ring_buffer_backend *bufb,
                                   struct lttng_ust_shm_handle *handle)
 {
-       struct channel_backend *chanb = &shmp(handle, bufb->chan)->backend;
-       const struct lttng_ust_lib_ring_buffer_config *config = &chanb->config;
+       struct channel_backend *chanb;
+       const struct lttng_ust_lib_ring_buffer_config *config;
        unsigned long num_subbuf_alloc;
        unsigned int i;
 
+       chanb = &shmp(handle, bufb->chan)->backend;
+       if (!chanb)
+               abort();
+       config = &chanb->config;
+
        num_subbuf_alloc = chanb->num_subbuf;
        if (chanb->extra_reader_sb)
                num_subbuf_alloc++;
 
-       for (i = 0; i < chanb->num_subbuf; i++)
-               shmp_index(handle, bufb->buf_wsb, i)->id = subbuffer_id(config, 0, 1, i);
+       for (i = 0; i < chanb->num_subbuf; i++) {
+               struct lttng_ust_lib_ring_buffer_backend_subbuffer *sb;
+
+               sb = shmp_index(handle, bufb->buf_wsb, i);
+               if (!sb)
+                       abort();
+               sb->id = subbuffer_id(config, 0, 1, i);
+       }
        if (chanb->extra_reader_sb)
                bufb->buf_rsb.id = subbuffer_id(config, 0, 1,
                                                num_subbuf_alloc - 1);
@@ -170,10 +198,19 @@ void lib_ring_buffer_backend_reset(struct lttng_ust_lib_ring_buffer_backend *buf
                bufb->buf_rsb.id = subbuffer_id(config, 0, 1, 0);
 
        for (i = 0; i < num_subbuf_alloc; i++) {
+               struct lttng_ust_lib_ring_buffer_backend_pages_shmp *sbp;
+               struct lttng_ust_lib_ring_buffer_backend_pages *pages;
+
+               sbp = shmp_index(handle, bufb->array, i);
+               if (!sbp)
+                       abort();
+               pages = shmp(handle, sbp->shmp);
+               if (!pages)
+                       abort();
                /* Don't reset mmap_offset */
-               v_set(config, &shmp(handle, shmp_index(handle, bufb->array, i)->shmp)->records_commit, 0);
-               v_set(config, &shmp(handle, shmp_index(handle, bufb->array, i)->shmp)->records_unread, 0);
-               shmp(handle, shmp_index(handle, bufb->array, i)->shmp)->data_size = 0;
+               v_set(config, &pages->records_commit, 0);
+               v_set(config, &pages->records_unread, 0);
+               pages->data_size = 0;
                /* Don't reset backend page and virt addresses */
        }
        /* Don't reset num_pages_per_subbuf, cpu, allocated */
@@ -369,13 +406,17 @@ void channel_backend_free(struct channel_backend *chanb,
 size_t lib_ring_buffer_read(struct lttng_ust_lib_ring_buffer_backend *bufb, size_t offset,
                            void *dest, size_t len, struct lttng_ust_shm_handle *handle)
 {
-       struct channel_backend *chanb = &shmp(handle, bufb->chan)->backend;
-       const struct lttng_ust_lib_ring_buffer_config *config = &chanb->config;
+       struct channel_backend *chanb;
+       const struct lttng_ust_lib_ring_buffer_config *config;
        ssize_t orig_len;
        struct lttng_ust_lib_ring_buffer_backend_pages_shmp *rpages;
        unsigned long sb_bindex, id;
        void *src;
 
+       chanb = &shmp(handle, bufb->chan)->backend;
+       if (!chanb)
+               return 0;
+       config = &chanb->config;
        orig_len = len;
        offset &= chanb->buf_size - 1;
 
@@ -413,13 +454,17 @@ size_t lib_ring_buffer_read(struct lttng_ust_lib_ring_buffer_backend *bufb, size
 int lib_ring_buffer_read_cstr(struct lttng_ust_lib_ring_buffer_backend *bufb, size_t offset,
                              void *dest, size_t len, struct lttng_ust_shm_handle *handle)
 {
-       struct channel_backend *chanb = &shmp(handle, bufb->chan)->backend;
-       const struct lttng_ust_lib_ring_buffer_config *config = &chanb->config;
+       struct channel_backend *chanb;
+       const struct lttng_ust_lib_ring_buffer_config *config;
        ssize_t string_len, orig_offset;
        char *str;
        struct lttng_ust_lib_ring_buffer_backend_pages_shmp *rpages;
        unsigned long sb_bindex, id;
 
+       chanb = &shmp(handle, bufb->chan)->backend;
+       if (!chanb)
+               return -EINVAL;
+       config = &chanb->config;
        if (caa_unlikely(!len))
                return -EINVAL;
        offset &= chanb->buf_size - 1;
@@ -461,10 +506,14 @@ void *lib_ring_buffer_read_offset_address(struct lttng_ust_lib_ring_buffer_backe
                                          struct lttng_ust_shm_handle *handle)
 {
        struct lttng_ust_lib_ring_buffer_backend_pages_shmp *rpages;
-       struct channel_backend *chanb = &shmp(handle, bufb->chan)->backend;
-       const struct lttng_ust_lib_ring_buffer_config *config = &chanb->config;
+       struct channel_backend *chanb;
+       const struct lttng_ust_lib_ring_buffer_config *config;
        unsigned long sb_bindex, id;
 
+       chanb = &shmp(handle, bufb->chan)->backend;
+       if (!chanb)
+               return NULL;
+       config = &chanb->config;
        offset &= chanb->buf_size - 1;
        id = bufb->buf_rsb.id;
        sb_bindex = subbuffer_id_get_index(config, id);
@@ -490,13 +539,21 @@ void *lib_ring_buffer_offset_address(struct lttng_ust_lib_ring_buffer_backend *b
 {
        size_t sbidx;
        struct lttng_ust_lib_ring_buffer_backend_pages_shmp *rpages;
-       struct channel_backend *chanb = &shmp(handle, bufb->chan)->backend;
-       const struct lttng_ust_lib_ring_buffer_config *config = &chanb->config;
+       struct channel_backend *chanb;
+       const struct lttng_ust_lib_ring_buffer_config *config;
        unsigned long sb_bindex, id;
+       struct lttng_ust_lib_ring_buffer_backend_subbuffer *sb;
 
+       chanb = &shmp(handle, bufb->chan)->backend;
+       if (!chanb)
+               return NULL;
+       config = &chanb->config;
        offset &= chanb->buf_size - 1;
        sbidx = offset >> chanb->subbuf_size_order;
-       id = shmp_index(handle, bufb->buf_wsb, sbidx)->id;
+       sb = shmp_index(handle, bufb->buf_wsb, sbidx);
+       if (!sb)
+               return NULL;
+       id = sb->id;
        sb_bindex = subbuffer_id_get_index(config, id);
        rpages = shmp_index(handle, bufb->array, sb_bindex);
        CHAN_WARN_ON(chanb, config->mode == RING_BUFFER_OVERWRITE
index 45d46054cf45b2e6b4025a2f15e068068968a1f8..c7394b1fd668d6e307e251221fcb1d79df07fb9e 100644 (file)
@@ -164,10 +164,14 @@ static struct timer_signal_data timer_signal = {
 void lib_ring_buffer_reset(struct lttng_ust_lib_ring_buffer *buf,
                           struct lttng_ust_shm_handle *handle)
 {
-       struct channel *chan = shmp(handle, buf->backend.chan);
-       const struct lttng_ust_lib_ring_buffer_config *config = &chan->backend.config;
+       struct channel *chan;
+       const struct lttng_ust_lib_ring_buffer_config *config;
        unsigned int i;
 
+       chan = shmp(handle, buf->backend.chan);
+       if (!chan)
+               abort();
+       config = &chan->backend.config;
        /*
         * Reset iterator first. It will put the subbuffer if it currently holds
         * it.
@@ -400,6 +404,9 @@ void lib_ring_buffer_channel_switch_timer(int sig, siginfo_t *si, void *uc)
                for_each_possible_cpu(cpu) {
                        struct lttng_ust_lib_ring_buffer *buf =
                                shmp(handle, chan->backend.buf[cpu].shmp);
+
+                       if (!buf)
+                               abort();
                        if (uatomic_read(&buf->active_readers))
                                lib_ring_buffer_switch_slow(buf, SWITCH_ACTIVE,
                                        chan->handle);
@@ -408,6 +415,8 @@ void lib_ring_buffer_channel_switch_timer(int sig, siginfo_t *si, void *uc)
                struct lttng_ust_lib_ring_buffer *buf =
                        shmp(handle, chan->backend.buf[0].shmp);
 
+               if (!buf)
+                       abort();
                if (uatomic_read(&buf->active_readers))
                        lib_ring_buffer_switch_slow(buf, SWITCH_ACTIVE,
                                chan->handle);
@@ -435,6 +444,8 @@ void lib_ring_buffer_channel_do_read(struct channel *chan)
                        struct lttng_ust_lib_ring_buffer *buf =
                                shmp(handle, chan->backend.buf[cpu].shmp);
 
+                       if (!buf)
+                               abort();
                        if (uatomic_read(&buf->active_readers)
                            && lib_ring_buffer_poll_deliver(config, buf,
                                        chan, handle)) {
@@ -445,6 +456,8 @@ void lib_ring_buffer_channel_do_read(struct channel *chan)
                struct lttng_ust_lib_ring_buffer *buf =
                        shmp(handle, chan->backend.buf[0].shmp);
 
+               if (!buf)
+                       abort();
                if (uatomic_read(&buf->active_readers)
                    && lib_ring_buffer_poll_deliver(config, buf,
                                chan, handle)) {
This page took 0.032037 seconds and 4 git commands to generate.