Fix: strdup memory check #523
Conversation
XV02
requested review from
amissael95,
piste-jp,
juliocelon,
vandelvan and
chukero
There was a problem hiding this comment.
Hey @XV02, thanks for your effort! Great work!
But I'm concerned by the amount of To-dos you added, have you properly tested each check before creating this PR? I am hoping you only forgot to delete those comments because otherwise we will not approve a PR that adds technical debt.
I left a comment in each of those To-dos to keep track of each of them and know which ones have been tested.
Thanks!
| @@ -1912,7 +1912,12 @@ int ltfs_fsops_symlink_path(const char* to, const char* from, ltfs_file_id *id, | |||
|
|
|||
| id->uid = d->uid; | |||
| id->ino = d->ino; | |||
| // TODO: Check if the return error is needed or can be skipped. | |||
There was a problem hiding this comment.
Please avoid adding technical debt hehe, did you just forget to erase this TODO? Or you did not manage to check it?
| @@ -489,6 +489,11 @@ int ltfsmsg_internal(bool print_id, int level, char **msg_out, const char *_id, | |||
| vsprintf(msg_buf, output_buf, argp); | |||
| va_end(argp); | |||
| *msg_out = strdup(msg_buf); | |||
| // TODO: Check if the return -1 is needed, or the program can just continue | |||
There was a problem hiding this comment.
Same as before, please do not add more technical debt, I cannot approve a PR that has not been properly tested 😅
| @@ -189,6 +189,10 @@ int camtape_ioctlrc2err(void *device, int fd, struct scsi_sense_data *sense_data | |||
|
|
|||
| if (msg) { | |||
| *msg = strdup("No Sense Information"); | |||
| if (! (*msg)) { | |||
| ltfsmsg(LTFS_ERR, 10001E, "camtape_ioctlrc2err: msg assign"); | |||
| // TODO: Check if error return is needed | |||
| @@ -217,6 +221,10 @@ int camtape_ioctlrc2err(void *device, int fd, struct scsi_sense_data *sense_data | |||
| ltfsmsg(LTFS_INFO, 31212I, rc_sense); | |||
| if (msg) | |||
| *msg = strdup("Cannot get sense information"); | |||
| if (! (*msg)) { | |||
| ltfsmsg(LTFS_ERR, 10001E, "camtape_ioctlrc2err: msg assign"); | |||
| // TODO: Check if error return is needed | |||
| @@ -515,6 +515,10 @@ static inline int _sense2errcode(uint32_t sense, struct error_table *table, char | |||
| rc = table[i].err_code; | |||
| if (msg) | |||
| *msg = strdup(table[i].msg); | |||
| if (! (*msg)) { | |||
| ltfsmsg(LTFS_ERR, 10001E, "_sense2errcode: msg assign"); | |||
| // TODO: Check if error return is needed | |||
| @@ -3946,6 +4002,10 @@ int camtape_set_lbp(void *device, bool enable) | |||
| entry = mt_status_entry_find(&mtinfo, tmpname); | |||
| if (entry == NULL) { | |||
| msg = strdup("Cannot find sa(4) protection.protection_supported parameter"); | |||
| if (! (*msg)) { | |||
| ltfsmsg(LTFS_ERR, 10001E, "camtape_set_lbp: msg assign"); | |||
| // TODO: Check if error return is needed | |||
| @@ -3965,6 +4025,10 @@ int camtape_set_lbp(void *device, bool enable) | |||
| prot_entry = mt_status_entry_find(&mtinfo, MT_PROTECTION_NAME); | |||
| if (prot_entry == NULL) { | |||
| msg = strdup("Cannot find sa(4) protection node!"); | |||
| if (! (*msg)) { | |||
| ltfsmsg(LTFS_ERR, 10001E, "camtape_set_lbp: msg assign"); | |||
| // TODO: Check if error return is needed | |||
| @@ -3998,6 +4062,10 @@ int camtape_set_lbp(void *device, bool enable) | |||
| entry = mt_entry_find(prot_entry, __DECONST(char *, protect_list[i].name)); | |||
| if (entry == NULL) { | |||
| msg = strdup("Cannot find all protection information entries"); | |||
| if (! (*msg)) { | |||
| ltfsmsg(LTFS_ERR, 10001E, "camtape_set_lbp: msg assign"); | |||
| // TODO: Check if error return is needed | |||
| @@ -4020,6 +4088,10 @@ int camtape_set_lbp(void *device, bool enable) | |||
| snprintf(tmpstr, sizeof(tmpstr), "Error returned from MTIOCSETLIST ioctl to set " | |||
| "protection parameters: %s", strerror(errno)); | |||
| msg = strdup(tmpstr); | |||
| if (! (*msg)) { | |||
| ltfsmsg(LTFS_ERR, 10001E, "camtape_set_lbp: msg assign"); | |||
| // TODO: Check if error return is needed | |||
| @@ -294,10 +294,15 @@ int main(int argc, char **argv) | |||
| while (true) { | |||
| int option_index = 0; | |||
| int c = getopt_long(argc, argv, short_options, long_options, &option_index); | |||
| // TODO: Check for optarg to not be null before using it | |||
There was a problem hiding this comment.
Working on it for all of them, thanks.
|
Hi @vandelvan thanks for the reminder, I need to remove the ones checked already, only a couple where left for review, I will update it and come back with the full code checked and ready. |
There was a problem hiding this comment.
Please consider how to handle memory allocation error correctly.
The important thing is not detecting the memory allocation error, how to handle it.
- Memory allocation error might be one shot ? or permanent ?
- LTFS can keep routing the tape after memory error ?
- No data corruption after memory allocation error handling ?
- No memory leak after memory allocation error ?
- No cleaning resources after memory allocation error ?
There was a problem hiding this comment.
Did you really test this code? This code is only compiled under FreeBSD.
There was a problem hiding this comment.
Did you really test this code? This code is only compiled under FreeBSD.
There was a problem hiding this comment.
Did you really test this code? This code is only compiled under FreeBSD.
- Also removed now unused code
| } | ||
| else if (*delim == '/') { |
There was a problem hiding this comment.
Please follow the convention. You must not break a line before else.
It looks there are multiple points that is same style. Please correct all of them.
| @@ -1659,7 +1659,7 @@ int ltfs_mount(bool force_full, bool deep_recovery, bool recover_extra, bool rec | |||
| (unsigned long long)volume_change_ref); | |||
|
|
|||
| /* Index of IP could be corrupted. So set skip flag to true */ | |||
| ret = _ltfs_search_index_wp(recover_symlink, true, &seekpos, vol); | |||
| ret = _ltfs_search_index_wp(recover_symlink, false, &seekpos, vol); | |||
There was a problem hiding this comment.
Why this line is changed?
It looks you ruined the fix made before.
There was a problem hiding this comment.
It looks a change from somewhere else got into the PR, fixing it, thanks for the catch.
| /* Index of DP could be corrupted. So set skip flag to false */ | ||
| ret = _ltfs_search_index_wp(recover_symlink, false, &seekpos, vol); | ||
| } | ||
| /* Index of IP could be corrupted. So set skip flag */ |
There was a problem hiding this comment.
Why this part is changed?
It looks you ruined the fix made before.
There was a problem hiding this comment.
It looks a change from somewhere else got into the PR, fixing it, thanks for the catch.
@piste-jp Can you also respond my other comments? Thanks, appreciate it.
Summary of changes
This pull request includes following changes or fixes.
Description
This change adds checks for memory allocations done by strdup which previously could lead to unexpected Segmentation faults when the malloc failed and returned null.
Also updated the log of one of the uses of strdup to avoid repeated code and stepping up maintainability.
Type of change
Please delete items that are not relevant.
Checklist: