Merge pull request #1169 from igor-ivanov/pr/oshmem-fix-scan-coverity

igor-ivanov · igor-ivanov · commit 3def93ab607a · 2015-12-02T18:37:44.000+04:00
oshmem: Fix scan coverity issues
diff --git a/oshmem/info/info.c b/oshmem/info/info.c
@@ -17,6 +17,7 @@
 #include "orte/runtime/orte_globals.h"
 #include "orte/util/show_help.h"
 
+#include "opal/util/opal_environ.h"
 #include "opal/util/output.h"
 
 #include "oshmem/version.h"
@@ -220,6 +221,17 @@ static int oshmem_info_get_heap_size(char *value, size_t *interp)
     long long size = 0;
 
     p = value;
+    *interp = 0;
+
+    if (!p) {
+        return OSHMEM_ERR_BAD_PARAM;
+    }
+
+    /* Sanity check for buffer overflow attack (coverity issue: Use of untrusted string value) */
+    if (16 < strlen(p)) {
+        return OSHMEM_ERR_BAD_PARAM;
+    }
+
     if (1 == sscanf(p, "%lld%n", &size, &idx)) {
         if (p[idx] != '\0') {
             if (p[idx + 1] == '\0') {
@@ -243,20 +255,25 @@ static int oshmem_info_get_heap_size(char *value, size_t *interp)
     if (size <= 0) {
         return OSHMEM_ERR_BAD_PARAM;
     } else {
+        opal_setenv(OSHMEM_ENV_SYMMETRIC_SIZE, p, true, &environ);
+        opal_setenv(SHMEM_HEAP_SIZE, p, true, &environ);
+/* Probably needless code */
+#if 0
         char *tmp = p;
 
         if(!p) {
             asprintf(&tmp, "%lld", size * factor);
         }
 
         if (tmp) {
-            setenv(OSHMEM_ENV_SYMMETRIC_SIZE, tmp, 1);
-            setenv(SHMEM_HEAP_SIZE, tmp, 1);
+            opal_setenv(OSHMEM_ENV_SYMMETRIC_SIZE, p, true, &environ);
+            opal_setenv(SHMEM_HEAP_SIZE, p, true, &environ);
         }
 
         if (!p && tmp) {
             free(tmp);
         }
+#endif
     }
 
     *interp = size * factor;
diff --git a/oshmem/mca/memheap/base/memheap_base_static.c b/oshmem/mca/memheap/base/memheap_base_static.c
@@ -183,15 +183,19 @@ static int _load_segments(void)
 
     while (NULL != fgets(line, sizeof(line), fp)) {
         memset(&seg, 0, sizeof(seg));
-        sscanf(line,
+        if (3 > sscanf(line,
                "%llx-%llx %s %llx %s %llx %s",
                (unsigned long long *) &seg.start,
                (unsigned long long *) &seg.end,
                seg.perms,
                (unsigned long long *) &seg.offset,
                seg.dev,
                (unsigned long long *) &seg.inode,
-               seg.pathname);
+               seg.pathname)) {
+            MEMHEAP_ERROR("Failed to sscanf /proc/self/maps output %s", line);
+            fclose(fp);
+            return OSHMEM_ERROR;
+        }
 
         if (OSHMEM_ERROR == _check_address(&seg))
             continue;
diff --git a/oshmem/proc/proc.c b/oshmem/proc/proc.c
@@ -151,6 +151,7 @@ oshmem_group_t* oshmem_proc_group_create(int pe_start,
         /* allocate an array */
         proc_array = (oshmem_proc_t**) malloc(pe_size * sizeof(oshmem_proc_t*));
         if (NULL == proc_array) {
+            OBJ_RELEASE(group);
             OPAL_THREAD_UNLOCK(&oshmem_proc_lock);
             return NULL ;
         }
@@ -162,6 +163,9 @@ oshmem_group_t* oshmem_proc_group_create(int pe_start,
             if (NULL == proc) {
                 opal_output(0,
                              "Error: Can not find proc object for pe = %d", i);
+                free(proc_array);
+                OBJ_RELEASE(group);
+                OPAL_THREAD_UNLOCK(&oshmem_proc_lock);
                 return NULL;
             }
             if (count_pe >= (int) pe_size) {
@@ -200,8 +204,9 @@ oshmem_group_t* oshmem_proc_group_create(int pe_start,
                         "Error: No collective modules are available: group is not created, returning NULL");
             oshmem_proc_group_destroy(group);
             OPAL_THREAD_UNLOCK(&oshmem_proc_lock);
-            return NULL ;
-        } OPAL_THREAD_UNLOCK(&oshmem_proc_lock);
+            return NULL;
+        }
+        OPAL_THREAD_UNLOCK(&oshmem_proc_lock);
     }
 
     return group;
