svn commit: r295362 - head/sys/fs/cd9660

Pedro Giffuni pfg at FreeBSD.org
Sun Feb 7 16:03:06 UTC 2016 


On 02/07/16 02:13, Bruce Evans wrote:
> On Sun, 7 Feb 2016, Pedro F. Giffuni wrote:
>
>> Log:
>>  cd9660: Drop an unnecessary check for NULL.
>>
>>  This was unnecessary and also confused Coverity.
>>
>>  Confirmed on:    NetBSD
>>  CID:        978558
>
> This leaves many similar bugs unfixed nearby.  One is a null pointer
> panic, not just an unnecessary check.
>

I admittedly oversimplified the commit log here.

Not only the value can't be null, our brelse() also ignores NULL values.

 From sys/kern/vfs_bio.c:
____
	/*
	 * Many function erroneously call brelse with a NULL bp under rare
	 * error conditions. Simply return when called with a NULL bp.
	 */
	if (bp == NULL)
		return;
...
____

And yes, NULL was being misspelled 0 here.

I will look at doing more cleanups later.

Thanks,

Pedro.

>> Modified: head/sys/fs/cd9660/cd9660_vfsops.c
>> ==============================================================================
>>
>> --- head/sys/fs/cd9660/cd9660_vfsops.c    Sun Feb  7 01:45:24 2016
>> (r295361)
>> +++ head/sys/fs/cd9660/cd9660_vfsops.c    Sun Feb  7 03:48:40 2016
>> (r295362)
>> @@ -741,8 +741,7 @@ cd9660_vget_internal(mp, ino, flags, vpp
>>         if (off + isonum_711(isodir->length) >
>>             imp->logical_block_size) {
>>             vput(vp);
>> -            if (bp != 0)
>> -                brelse(bp);
>> +            brelse(bp);
>>             printf("fhtovp: directory crosses block boundary
>> %d[off=%d/len=%d]\n",
>>                    off +isonum_711(isodir->length), off,
>>                    isonum_711(isodir->length));
>>
>
> - 11 lines later, there is the same bug in an #if 0 block.
> - 9 lines earlier, bp was brelse()ed without a similar check.  bp is always
>    null at that point, so checking for this would be just a style bug.  Not
>    checking, but doing the wrong cleanup of calling brelse() after bread()
>    fails, gives a null pointer panic in brelse() whenever bread() fails.
>
> That seems to be all the similar bugs.  bp is correctly abused as a flag
> later.  Other functions depend more critically on bread() setting bp to
> NULL when it fails.  Typical code is to "goto out" when bread() fails,
> and brelse() bp there if it is not null.
>
> Not-so-similar bugs include spelling NULL as 0 or (empty).
>
> bread(9) is undocumented.  Someone broke its KPI by changing it to a
> macro.  This annoys me when I try to set a breakpoint at it in kernels
> with the broken KPI.  The unimportant badly designed bread(3) is
> documented.
>
> Bruce

More information about the svn-src-head mailing list