<div dir="ltr"><div class="gmail_default" style="font-size:small">Hello,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><div class="gmail_default"></div><div class="gmail_default"><a href="https://lists.rtems.org/pipermail/devel/2021-January/064115.html">https://lists.rtems.org/pipermail/devel/2021-January/064115.html</a></div></div><div class="gmail_default" style="font-size:small">I have fixed defects reported in the above thread except</div><div class="gmail_default" style="font-size:small">CID <span style="color:rgb(0,0,0);white-space:pre-wrap">1472595, </span><span style="color:rgb(0,0,0);white-space:pre-wrap">1472597 (</span>ARRAY_VS_SINGLETON)</div><div class="gmail_default" style="font-size:small">Along with the buffer we also take the size of the buffer this makes</div><div class="gmail_default" style="font-size:small">sure that we don't read more than the buffer capacity.</div><div class="gmail_default" style="font-size:small">But coverity reports this as an defect how can I fix this?</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Thanks,<br>Niteesh.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 29, 2021 at 11:48 AM G S Niteesh Babu <<a href="mailto:niteesh.gs@gmail.com">niteesh.gs@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Fixed use after free and null pointer dereference defects<br>
<br>
FIXES:<br>
1) CID 1472601 (NULL_RETURNS)<br>
2) CID 1472600 (USE_AFTER_FREE)<br>
3) CID 1472599 (USE_AFTER_FREE)<br>
4) CID 1472598 (USE_AFTER_FREE)<br>
5) CID 1472596 (USE_AFTER_FREE)<br>
---<br>
bsps/shared/ofw/ofw.c | 10 +++++-----<br>
1 file changed, 5 insertions(+), 5 deletions(-)<br>
<br>
diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c<br>
index 82924b2600..fa94bfbf05 100644<br>
--- a/bsps/shared/ofw/ofw.c<br>
+++ b/bsps/shared/ofw/ofw.c<br>
@@ -313,7 +313,7 @@ ssize_t rtems_ofw_get_prop_alloc(<br>
}<br>
<br>
if (rtems_ofw_get_prop(node, propname, *buf, len) == -1) {<br>
- rtems_ofw_free(buf);<br>
+ rtems_ofw_free(*buf);<br>
*buf = NULL;<br>
return -1;<br>
}<br>
@@ -344,7 +344,7 @@ ssize_t rtems_ofw_get_prop_alloc_multi(<br>
}<br>
<br>
if (rtems_ofw_get_prop(node, propname, *buf, len) == -1) {<br>
- rtems_ofw_free(buf);<br>
+ rtems_ofw_free(*buf);<br>
*buf = NULL;<br>
return -1;<br>
}<br>
@@ -373,7 +373,7 @@ ssize_t rtems_ofw_get_enc_prop_alloc(<br>
}<br>
<br>
if (rtems_ofw_get_enc_prop(node, propname, *buf, len) == -1) {<br>
- rtems_ofw_free(buf);<br>
+ rtems_ofw_free(*buf);<br>
*buf = NULL;<br>
return -1;<br>
}<br>
@@ -404,7 +404,7 @@ ssize_t rtems_ofw_get_enc_prop_alloc_multi(<br>
}<br>
<br>
if (rtems_ofw_get_enc_prop(node, propname, *buf, len) == -1) {<br>
- rtems_ofw_free(buf);<br>
+ rtems_ofw_free(*buf);<br>
*buf = NULL;<br>
return -1;<br>
}<br>
@@ -614,7 +614,7 @@ int rtems_ofw_get_reg(<br>
offset = rtems_fdt_phandle_to_offset(parent);<br>
ptr = fdt_getprop(fdtp, offset, "ranges", &len);<br>
<br>
- if (len < 0) {<br>
+ if (ptr == NULL) {<br>
break;<br>
}<br>
<br>
-- <br>
2.17.1<br>
<br>
</blockquote></div>