Part of my original reasoning as far as converting the snprintf
calls was to permit switching over from char[] to wchar_t[] in the
future, as well as futureproof in case cam_errbuf's size was ever
changed.
Unfortunately, my approach was bugged because it conflated the
number of items with the size of the buffer, instead of the number of
elements being a fixed size != 1 byte.
Use nitems(..) instead which counts the quantity of items of a specific
type, as opposed to an unqualified sizeof(..) (which assumes that the
number of characters is equal to the buffer size).
MFC after: 2 months
Noted by: cem
Sponsored by: Dell EMC Isilon
This is being done to avoid potential double frees with the values.
Differential Revision: D9970
MFC after: 1 week
Reviewed by: imp
Sponsored by: Dell EMC Isilon
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
Reported by: Coverity
CID: 1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID: 1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID: 1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID: 1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID: 1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID: 1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID: 1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID: 1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID: 1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID: 1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID: 1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID: 1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID: 1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by: scottl, ken, delphij, imp
MFH: 1 month
Differential Revision: https://reviews.freebsd.org/D6496
descriptor to avoid trashing valid file descriptors that access dev->fd at a
later point in time
PR: 192671
Submitted by: Scott Ferris <scott.ferris@isilon.com>
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.
This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
Remove or re-work support for the several features from the past:
- remove incomplete support for trimming slice/partition names
- remove mapping from old device names "sd" and "st"
- remove whitespace trimming
- remove unconditional skipping of leading 'r' in a device name
- skip leading 'n' or 'e' only if the following device name matches
a list of known devices that support no-rewind and eject-on-close
features; currently this is only sa(4)
- reflect the above changes in comments in code and in cam(3)
- remove a note cautioning against use of cam_get_device and
cam_open_device in cam(3)
Reviewed by: mjacob
according to my reading of the CAM draft is mandatory for
all CCB function calls and enforced by xptioctl() since at
least r168752. Previously we happened to use 0 as the Path
ID, causing the XPT_DEV_MATCH call to fail if there's no
SCSI bus 0. Basically the same bug was also fixed the same
way for camcontrol(8) as part of r126514.
PR: 127605
Submitted by: Eygene Ryabinkin
Approved by: silence from ken and scottl
MFC after: 1 week
- It is acceptable to call free(3) when the given pointer itself
is NULL, so we do not need to determine NULL before passing
a pointer to free(3)
- Handle failure of malloc(3)
MT6/5 Candidate
Submitted by: Dan Lukes <dan at obluda cz>
PR: bin/83352
- fix a potential overrun made worse by rev 1.5 of camlib.h
- change strncpy() and strcpy() calls to strlcpy()
- use sizeof(string[]) instead of STRING_LEN to avoid future problems
- get rid of an unused variable
Thanks to BDE for pointing out some of the problems.
MFC after: 2 weeks
underlying CAM device. This needs to be checked not only in
the open routine, but the device->fd has to be initialized
as well.
PR: 28688
Submitted (partially) by: T. William Wells <bill@twwells.com>
MFC after: 2 weeks
camcontrol(8) and the documentation in camlib.c and cam(3) all expect
-1 on failure and 0 on success. Updated camlib.c to return the values
specified by the documentation.
PR: 12023
have the passthrough device configured in their kernel.
This will hopefully reduce the number of people complaining that they can't
get {camcontrol, xmcd, tosha, cdrecord, etc.} to work.
Reviewed by: gibbs