Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
elbing/harvey | 91265 | UNINIT | Memory - illegal accesses | in this case, we're using a pointer to memory which is not guaranteed to be zero, and potentially corrupting the malloc arena in the process. Fixed by setting name to nil. Our now cleaner malloc arena thanks you. |
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
* distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No * part of the UCB release of Plan 9, including this file, may be copied, * modified, propagated, or distributed except according to the terms contained * in the LICENSE file. */ #include "u.h" #include "../port/lib.h" #include "mem.h" #include "dat.h" #include "fns.h" #include "io.h" extern PhysUart i8250physuart; extern PhysUart pciphysuart; extern void* i8250alloc(int, int, int); static Uart* uartpci(int ctlrno, Pcidev* p, int barno, int n, int freq, char* name) { int i, io; void *ctlr; char buf[64]; |
<< 1. Declaring variable "uart" without initializer.
28 29 30 31 |
Uart *head, *uart; io = p->mem[barno].bar & ~0x01; snprint(buf, sizeof(buf), "%s%d", pciphysuart.name, ctlrno); |
< 2. Condition "ioalloc(io, p->mem[barno].size, 0, buf) < 0", taking false branch
32 33 34 35 |
if(ioalloc(io, p->mem[barno].size, 0, buf) < 0){ print("uartpci: I/O 0x%uX in use\n", io); return nil; } |
<< 3. Calling allocator "malloc". [Note: The source code implementation of the function has been overridden by a builtin model.]
<< 4. Assigning: "uart" = "malloc(4432UL * n)", which is allocated but not initialized.
37 |
head = uart = malloc(sizeof(Uart)*n);
|
< 5. Condition "i < n", taking true branch
39 40 41 |
for(i = 0; i < n; i++){ ctlr = i8250alloc(io, p->intl, p->tbdf); io += 8; |
< 6. Condition "ctlr == NULL", taking false branch
42 43 44 45 46 |
if(ctlr == nil) continue; uart->regs = ctlr; snprint(buf, sizeof(buf), "%s.%8.8uX", name, p->tbdf); |
<<< CID 91265: Memory - illegal accesses UNINIT <<< 7. Using uninitialized value "uart->name" when calling "kstrdup".
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
kstrdup(&uart->name, buf); uart->freq = freq; uart->phys = &i8250physuart; if(uart != head) (uart-1)->next = uart; uart++; } return head; } static Uart* uartpcipnp(void) { Pcidev *p; char *name; int ctlrno, n, subid; Uart *head, *tail, *uart; /* * Loop through all PCI devices looking for simple serial * controllers (ccrb == 0x07) and configure the ones which * are familiar. All suitable devices are configured to * simply point to the generic i8250 driver. */ head = tail = nil; ctlrno = 0; |
1. var_decl | uartpci.c:28 | |
3. alloc_fn | uartpci.c:37 | |
4. assign | uartpci.c:37 | |
7. uninit_use_in_call | uartpci.c:47 |