packages/irqbalance
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
irqbalance/prevent-NULL-pointer-dereference-when-memory-allocat.patch
root 322199ddcd rebase to v1.6.0
2020-07-03 17:09:39 +08:00

115 lines
4.0 KiB
Diff
Raw Blame History

From 0e741b26246bf7bd5630812c551221d3f87f43d7 Mon Sep 17 00:00:00 2001
From: Yunfeng Ye <yeyunfeng@huawei.com>
Date: Mon, 7 Oct 2019 11:52:08 +0800
Subject: [PATCH 21/53] prevent NULL pointer dereference when memory allocation
failure
There are several places where memory allocation does not check return
values, adding null pointer checks.
Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
---
cputree.c | 2 ++
irqbalance.c | 24 ++++++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/cputree.c b/cputree.c
index a90cbbe..8b9413b 100644
--- a/cputree.c
+++ b/cputree.c
@@ -432,6 +432,8 @@ static void dump_irq(struct irq_info *info, void *data)
int i;
char * indent = malloc (sizeof(char) * (spaces + 1));
+ if (!indent)
+ return;
for ( i = 0; i < spaces; i++ )
indent[i] = log_indent[0];
diff --git a/irqbalance.c b/irqbalance.c
index 8199c06..a06809c 100644
--- a/irqbalance.c
+++ b/irqbalance.c
@@ -313,6 +313,9 @@ void get_irq_data(struct irq_info *irq, void *data)
else
*irqdata = realloc(*irqdata, strlen(*irqdata) + 24 + 1 + 11 + 20 + 20 + 11);
+ if (!*irqdata)
+ return;
+
sprintf(*irqdata + strlen(*irqdata),
"IRQ %d LOAD %lu DIFF %lu CLASS %d ", irq->irq, irq->load,
(irq->irq_count - irq->last_irq_count), irq->class);
@@ -344,6 +347,9 @@ void get_object_stat(struct topo_obj *object, void *data)
*stats = realloc(*stats, strlen(*stats) + irqdlen + 31 + 11 + 20 + 11 + 1);
}
+ if (!*stats)
+ return;
+
sprintf(*stats + strlen(*stats), "TYPE %d NUMBER %d LOAD %lu SAVE_MODE %d %s",
object->obj_type, object->number, object->load,
object->powersave_mode, irq_data ? irq_data : "");
@@ -380,6 +386,10 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
goto out_close;
}
cmsg = CMSG_FIRSTHDR(&msg);
+ if (!cmsg) {
+ log(TO_ALL, LOG_WARNING, "Connection no memory.\n");
+ goto out_close;
+ }
if ((cmsg->cmsg_level == SOL_SOCKET) &&
(cmsg->cmsg_type == SCM_CREDENTIALS)) {
struct ucred *credentials = (struct ucred *) CMSG_DATA(cmsg);
@@ -403,6 +413,9 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
strlen("sleep ")))) {
char *sleep_string = malloc(
sizeof(char) * (recv_size - strlen("settings sleep ")));
+
+ if (!sleep_string)
+ goto out_close;
strncpy(sleep_string, buff + strlen("settings sleep "),
recv_size - strlen("settings sleep "));
int new_iterval = strtoul(sleep_string, NULL, 10);
@@ -415,6 +428,9 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
char *end;
char *irq_string = malloc(
sizeof(char) * (recv_size - strlen("settings ban irqs ")));
+
+ if (!irq_string)
+ goto out_close;
strncpy(irq_string, buff + strlen("settings ban irqs "),
recv_size - strlen("settings ban irqs "));
g_list_free_full(cl_banned_irqs, free);
@@ -433,6 +449,9 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
strlen("cpus")))) {
char *cpu_ban_string = malloc(
sizeof(char) * (recv_size - strlen("settings cpus ")));
+
+ if (!cpu_ban_string)
+ goto out_close;
strncpy(cpu_ban_string, buff + strlen("settings cpus "),
recv_size - strlen("settings cpus "));
banned_cpumask_from_ui = strtok(cpu_ban_string, " ");
@@ -446,12 +465,17 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
if (!strncmp(buff, "setup", strlen("setup"))) {
char banned[512];
char *setup = calloc(strlen("SLEEP ") + 11 + 1, 1);
+
+ if (!setup)
+ goto out_close;
snprintf(setup, strlen("SLEEP ") + 11 + 1, "SLEEP %d ", sleep_interval);
if(g_list_length(cl_banned_irqs) > 0) {
for_each_irq(cl_banned_irqs, get_irq_data, setup);
}
cpumask_scnprintf(banned, 512, banned_cpus);
setup = realloc(setup, strlen(setup) + strlen(banned) + 7 + 1);
+ if (!setup)
+ goto out_close;
snprintf(setup + strlen(setup), strlen(banned) + 7 + 1,
"BANNED %s", banned);
send(sock, setup, strlen(setup), 0);
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink