From 84c586f1f1d8bd102928f3ae95d1d1185a59de8f Mon Sep 17 00:00:00 2001 From: Douglas Gilbert Date: Wed, 19 Jan 2022 19:12:36 +0000 Subject: round of coverity identified issue fixes (and non-issues) git-svn-id: https://svn.bingwo.ca/repos/sg3_utils/trunk@931 6180dd3e-e324-4e3e-922d-17de1ae2f315 --- testing/sg_mrq_dd.cpp | 29 ++++++++++++++++---------- testing/sgh_dd.cpp | 24 +++++++++++++--------- testing/sgs_dd.c | 56 +++++++++++++++++++++++++++++++++++++++------------ 3 files changed, 76 insertions(+), 33 deletions(-) (limited to 'testing') diff --git a/testing/sg_mrq_dd.cpp b/testing/sg_mrq_dd.cpp index a97aa9be..7b81a63a 100644 --- a/testing/sg_mrq_dd.cpp +++ b/testing/sg_mrq_dd.cpp @@ -30,7 +30,7 @@ * */ -static const char * version_str = "1.39 20220103"; +static const char * version_str = "1.40 20220118"; #define _XOPEN_SOURCE 600 #ifndef _GNU_SOURCE @@ -141,6 +141,8 @@ using namespace std; #define MAX_SCSI_CDB_SZ 16 /* could be 32 */ #define PACK_ID_TID_MULTIPLIER (0x1000000) /* 16,777,216 */ #define MAX_SLICES 16 /* number of IFILE,OFILE pairs */ +#define MAX_BPT_VALUE (1 << 24) /* used for maximum bs as well */ +#define MAX_COUNT_SKIP_SEEK (1LL << 48) /* coverity wants upper bound */ #define SENSE_BUFF_LEN 64 /* Arbitrary, could be larger */ #define READ_CAP_REPLY_LEN 8 @@ -3361,7 +3363,7 @@ skip_seek(struct global_collection *clp, const char * key, const char * buf, } } else { /* single number on command line (e.g. skip=1234) */ ll = sg_get_llnum(buf); - if (-1LL == ll) { + if ((ll < 0) || (ll > MAX_COUNT_SKIP_SEEK)) { pr2serr("bad argument to '%s='\n", key); return SG_LIB_SYNTAX_ERROR; } @@ -3544,14 +3546,14 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, keylen = strlen(key); if (0 == strcmp(key, "bpt")) { clp->bpt = sg_get_num(buf); - if (-1 == clp->bpt) { + if ((clp->bpt < 0) || (clp->bpt > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'bpt='\n", my_name); goto syn_err; } bpt_given = true; } else if (0 == strcmp(key, "bs")) { clp->bs = sg_get_num(buf); - if (-1 == clp->bs) { + if ((clp->bs < 0) || (clp->bs > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'bs='\n", my_name); goto syn_err; } @@ -3611,7 +3613,8 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, } if (0 != strcmp("-1", buf)) { clp->dd_count = sg_get_llnum(buf); - if (-1LL == clp->dd_count) { + if ((clp->dd_count < 0) || + (clp->dd_count > MAX_COUNT_SKIP_SEEK)) { pr2serr("%sbad argument to 'count='\n", my_name); goto syn_err; } @@ -3622,7 +3625,7 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, clp->out_flags.dio = clp->in_flags.dio; } else if (0 == strcmp(key, "elemsz_kb")) { n = sg_get_num(buf); - if (n < 1) { + if ((n < 1) || (n > (MAX_BPT_VALUE / 1024))) { pr2serr("elemsz_kb=EKB wants an integer > 0\n"); goto syn_err; } @@ -3646,7 +3649,7 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, clp->in_flags.fua = true; } else if (0 == strcmp(key, "ibs")) { ibs = sg_get_num(buf); - if (-1 == ibs) { + if ((ibs < 0) || (ibs > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'ibs='\n", my_name); goto syn_err; } @@ -3700,7 +3703,7 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, clp->out_flags.no_waitq = true; } else if (0 == strcmp(key, "obs")) { obs = sg_get_num(buf); - if (-1 == obs) { + if ((obs < 0) || (obs > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'obs='\n", my_name); goto syn_err; } @@ -3769,9 +3772,13 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, memcpy(skip_buf, buf, n + 1); } else if (0 == strcmp(key, "sync")) do_sync = !! sg_get_num(buf); - else if (0 == strcmp(key, "thr")) + else if (0 == strcmp(key, "thr")) { num_threads = sg_get_num(buf); - else if (0 == strcmp(key, "time")) { + if ((num_threads < 0) || (num_threads > MAX_BPT_VALUE)) { + pr2serr("%sneed argument to 'skip='\n", my_name); + goto syn_err; + } + } else if (0 == strcmp(key, "time")) { ccp = strchr(buf, ','); do_time = sg_get_num(buf); if (do_time < 0) { @@ -3780,7 +3787,7 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, } if (ccp) { n = sg_get_num(ccp + 1); - if (n < 0) { + if ((n < 0) || (n > (MAX_BPT_VALUE / 1000))) { pr2serr("%sbad argument to 'time=0|1|2,TO'\n", my_name); goto syn_err; } diff --git a/testing/sgh_dd.cpp b/testing/sgh_dd.cpp index 38ee1d55..2c1f2433 100644 --- a/testing/sgh_dd.cpp +++ b/testing/sgh_dd.cpp @@ -2,7 +2,7 @@ * A utility program for copying files. Specialised for "files" that * represent devices that understand the SCSI command set. * - * Copyright (C) 2018-2021 D. Gilbert + * Copyright (C) 2018-2022 D. Gilbert * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) @@ -36,7 +36,7 @@ * renamed [20181221] */ -static const char * version_str = "2.18 20211027"; +static const char * version_str = "2.19 20220118"; #define _XOPEN_SOURCE 600 #ifndef _GNU_SOURCE @@ -134,6 +134,8 @@ using namespace std; #define DEF_SDT_CRT_SEC 3 #define DEF_SCSI_CDBSZ 10 #define MAX_SCSI_CDBSZ 16 +#define MAX_BPT_VALUE (1 << 24) /* used for maximum bs as well */ +#define MAX_COUNT_SKIP_SEEK (1LL << 48) /* coverity wants upper bound */ #define SENSE_BUFF_LEN 64 /* Arbitrary, could be larger */ #define READ_CAP_REPLY_LEN 8 @@ -4043,19 +4045,23 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, clp->aen_given = true; } else if (0 == strcmp(key, "bpt")) { clp->bpt = sg_get_num(buf); - if (-1 == clp->bpt) { + if ((clp->bpt < 0) || (clp->bpt > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'bpt='\n", my_name); return SG_LIB_SYNTAX_ERROR; } bpt_given = true; } else if (0 == strcmp(key, "bs")) { clp->bs = sg_get_num(buf); - if (-1 == clp->bs) { + if ((clp->bs < 0) || (clp->bs > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'bs='\n", my_name); return SG_LIB_SYNTAX_ERROR; } } else if (0 == strcmp(key, "cdbsz")) { clp->cdbsz_in = sg_get_num(buf); + if ((clp->cdbsz_in < 6) || (clp->cdbsz_in > 32)) { + pr2serr("%s'cdbsz' expects 6, 10, 12, 16 or 32\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } clp->cdbsz_out = clp->cdbsz_in; clp->cdbsz_given = true; } else if (0 == strcmp(key, "coe")) { @@ -4069,7 +4075,7 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, } else if (0 == strcmp(key, "count")) { if (0 != strcmp("-1", buf)) { dd_count = sg_get_llnum(buf); - if (-1LL == dd_count) { + if ((dd_count < 0) || (dd_count > MAX_COUNT_SKIP_SEEK)) { pr2serr("%sbad argument to 'count='\n", my_name); return SG_LIB_SYNTAX_ERROR; } @@ -4103,7 +4109,7 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, clp->in_flags.fua = true; } else if (0 == strcmp(key, "ibs")) { ibs = sg_get_num(buf); - if (-1 == ibs) { + if ((ibs < 0) || (ibs > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'ibs='\n", my_name); return SG_LIB_SYNTAX_ERROR; } @@ -4148,7 +4154,7 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, clp->noshare = !! sg_get_num(buf); } else if (0 == strcmp(key, "obs")) { obs = sg_get_num(buf); - if (-1 == obs) { + if ((obs < 0) || (obs > MAX_BPT_VALUE)) { pr2serr("%sbad argument to 'obs='\n", my_name); return SG_LIB_SYNTAX_ERROR; } @@ -4206,13 +4212,13 @@ parse_cmdline_sanity(int argc, char * argv[], struct global_collection * clp, } } else if (0 == strcmp(key, "seek")) { clp->seek = sg_get_llnum(buf); - if (-1LL == clp->seek) { + if (clp->seek < 0) { pr2serr("%sbad argument to 'seek='\n", my_name); return SG_LIB_SYNTAX_ERROR; } } else if (0 == strcmp(key, "skip")) { clp->skip = sg_get_llnum(buf); - if (-1LL == clp->skip) { + if (clp->skip < 0) { pr2serr("%sbad argument to 'skip='\n", my_name); return SG_LIB_SYNTAX_ERROR; } diff --git a/testing/sgs_dd.c b/testing/sgs_dd.c index 65b2c061..60d25aa8 100644 --- a/testing/sgs_dd.c +++ b/testing/sgs_dd.c @@ -1,7 +1,7 @@ /* * Test code for the extensions to the Linux OS SCSI generic ("sg") * device driver. - * Copyright (C) 1999-2021 D. Gilbert and P. Allworth + * Copyright (C) 1999-2022 D. Gilbert and P. Allworth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -84,7 +84,7 @@ #include "sg_unaligned.h" -static const char * version_str = "4.21 20211006"; +static const char * version_str = "4.22 20220118"; static const char * my_name = "sgs_dd"; #ifndef SGV4_FLAG_HIPRI @@ -100,6 +100,8 @@ static const char * my_name = "sgs_dd"; #define SGQ_MAX_RD_AHEAD 32 #define SGQ_MAX_WR_AHEAD 32 #define SGQ_NUM_ELEMS (SGQ_MAX_RD_AHEAD + SGQ_MAX_WR_AHEAD + 1) +#define MAX_BPT_VALUE (1 << 24) /* used for maximum bs as well */ +#define MAX_COUNT_SKIP_SEEK (1LL << 48) /* coverity wants upper bound */ #define SGQ_FREE 0 #define SGQ_IO_STARTED 1 @@ -1274,17 +1276,33 @@ main(int argc, char * argv[]) buf++; if (*buf) *buf++ = '\0'; - if (0 == strcmp(key,"bpt")) + if (0 == strcmp(key,"bpt")) { clp->bpt = sg_get_num(buf); - else if (0 == strcmp(key,"bs")) + if ((clp->bpt < 0) || (clp->bpt > MAX_BPT_VALUE)) { + pr2serr("%s: bad argument to 'bpt='\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } + } else if (0 == strcmp(key,"bs")) { clp->bs = sg_get_num(buf); - else if (0 == strcmp(key,"count")) + if ((clp->bs < 0) || (clp->bs > MAX_BPT_VALUE)) { + pr2serr("%s: bad argument to 'bs='\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } + } else if (0 == strcmp(key,"count")) { count = sg_get_num(buf); - else if (0 == strcmp(key,"deb")) + if (count < 0) { + pr2serr("%s: bad argument to 'count='\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } + } else if (0 == strcmp(key,"deb")) clp->debug += sg_get_num(buf); - else if (0 == strcmp(key,"ibs")) + else if (0 == strcmp(key,"ibs")) { ibs = sg_get_num(buf); - else if (strcmp(key,"if") == 0) { + if ((ibs < 0) || (ibs > MAX_BPT_VALUE)) { + pr2serr("%s: bad argument to 'ibs='\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } + } else if (strcmp(key,"if") == 0) { memcpy(inf, buf, INOUTF_SZ); inf[INOUTF_SZ - 1] = '\0'; } else if (0 == strcmp(key, "iflag")) { @@ -1297,9 +1315,13 @@ main(int argc, char * argv[]) else if (0 == strcmp(key,"no_sig")) { /* default changes */ clp->no_sig = !!sg_get_num(buf); no_sig_given = true; - } else if (0 == strcmp(key,"obs")) + } else if (0 == strcmp(key,"obs")) { obs = sg_get_num(buf); - else if (strcmp(key,"of") == 0) { + if ((obs < 0) || (obs > MAX_BPT_VALUE)) { + pr2serr("%s: bad argument to 'obs='\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } + } else if (strcmp(key,"of") == 0) { memcpy(outf, buf, INOUTF_SZ); outf[INOUTF_SZ - 1] = '\0'; } else if (0 == strcmp(key, "oflag")) { @@ -1311,11 +1333,19 @@ main(int argc, char * argv[]) clp->poll_ms = sg_get_num(buf); else if (0 == strcmp(key,"rt_sig")) clp->use_rt_sig = !!sg_get_num(buf); - else if (0 == strcmp(key,"seek")) + else if (0 == strcmp(key,"seek")) { seek = sg_get_num(buf); - else if (0 == strcmp(key,"skip")) + if (seek < 0) { + pr2serr("%s: bad argument to 'seek='\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } + } else if (0 == strcmp(key,"skip")) { skip = sg_get_num(buf); - else if (0 == strcmp(key,"time")) + if (skip < 0) { + pr2serr("%s: bad argument to 'skip='\n", my_name); + return SG_LIB_SYNTAX_ERROR; + } + } else if (0 == strcmp(key,"time")) ; /* do nothing */ else if ((0 == strcmp(key,"-V")) || (0 == strcmp(key,"--version"))) { pr2serr("%s: version: %s\n", my_name, version_str); -- cgit v1.2.3