[PATCH] libcsupport: Fix TOCTOU in getchark()

Joel Sherrill joel at rtems.org
Wed Jul 28 15:13:15 UTC 2021


Is this a Coverity issue? Does it have a CID?

I remembered TOCTOU as an acronym analysis reports used
but had to look up the meaning. I don't know what to do so someone
else would not have to look it up beyond explaining it in the long comment.
It is missing what was checked and used that flagged the issue. That should
definitely be added in the long comment.

On Wed, Jul 28, 2021 at 9:50 AM Sebastian Huber
<sebastian.huber at embedded-brains.de> wrote:
>
> Fix format, add Doxygen comments, and reduce includes.
> ---
>  cpukit/libcsupport/src/getchark.c | 21 +++++++++++++--------
>  1 file changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/cpukit/libcsupport/src/getchark.c b/cpukit/libcsupport/src/getchark.c
> index 5a9afbda7a..cfe9c022d6 100644
> --- a/cpukit/libcsupport/src/getchark.c
> +++ b/cpukit/libcsupport/src/getchark.c
> @@ -1,8 +1,9 @@
>  /**
> - *  @file
> + * @file
>   *
> - *  @brief Get Character from Stdin
> - *  @ingroup libcsupport
> + * @ingroup BSPIO
> + *
> + * @brief This source file contains the implementation of getchark().
>   */
>
>  /*
> @@ -18,13 +19,17 @@
>  #include "config.h"
>  #endif
>
> -#include <rtems.h>
>  #include <rtems/bspIo.h>
>
> -int getchark(void)
> +int getchark( void )
>  {
> -  if ( BSP_poll_char )
> -    return (*BSP_poll_char)();
> +  BSP_polling_getchar_function_type poll_char;
> +
> +  poll_char = BSP_poll_char;
> +
> +  if ( poll_char == NULL ) {
> +    return -1;
> +  }
>
> -  return -1;
> +  return ( *poll_char )();
>  }
> --
> 2.26.2
>
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel


More information about the devel mailing list