From ec30a439282fd4703d302f1f98fbad3ce9f99db2 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 11 Aug 2022 18:37:26 -0400 Subject: resize2fs: use ext2fs_get_arrayzero() instead of ext2fs_get_array() + memset() The use of ext2fs_get_arrayzero() to replace using ext2fs_get_array() + memset() does not result in any functional change, but it (a) is slightly more efficient, and (b) makes it easier for Coverity to avoid signalling a false positive. Addresses-Coverity-Bug: 1500763 Signed-off-by: Theodore Ts'o --- resize/extent.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/resize/extent.c b/resize/extent.c index 4177c6f7..82f69ca8 100644 --- a/resize/extent.c +++ b/resize/extent.c @@ -50,14 +50,12 @@ errcode_t ext2fs_create_extent_table(ext2_extent *ret_extent, __u64 size) extent->num = 0; extent->sorted = 1; - retval = ext2fs_get_array(sizeof(struct ext2_extent_entry), + retval = ext2fs_get_arrayzero(sizeof(struct ext2_extent_entry), extent->size, &extent->list); if (retval) { ext2fs_free_mem(&extent); return retval; } - memset(extent->list, 0, - sizeof(struct ext2_extent_entry) * extent->size); *ret_extent = extent; return 0; } -- cgit v1.2.1 From 6b3edcd191c20b3fb108f0d7564aaa930035d0ab Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 11 Aug 2022 22:03:08 -0400 Subject: Fix Coverity unintentional integer overflow warnings Neither of these two warnings can actually happen (other limits will be hit first), but widening the integer to a 64-bit unsigned integer is an cheap and effective way to silence the Coverity warnings. Addresses-Coverity-Bug: 1500760 Addresses-Coverity-Bug: 1507886 Signed-off-by: Theodore Ts'o --- misc/e2image.c | 2 +- resize/main.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/misc/e2image.c b/misc/e2image.c index 0053b515..207c3037 100644 --- a/misc/e2image.c +++ b/misc/e2image.c @@ -943,7 +943,7 @@ static errcode_t initialize_qcow2_image(int fd, ext2_filsys fs, header->refcount_table_clusters = ext2fs_cpu_to_be32(image->refcount.refcount_table_clusters); offset += image->cluster_size; - offset += image->refcount.refcount_table_clusters << + offset += (blk64_t) image->refcount.refcount_table_clusters << image->cluster_bits; /* Make space for L2 tables */ diff --git a/resize/main.c b/resize/main.c index a1a1c79a..b745c58c 100644 --- a/resize/main.c +++ b/resize/main.c @@ -544,7 +544,7 @@ int main (int argc, char ** argv) /* If using cluster allocations, trim down to a cluster boundary */ if (ext2fs_has_feature_bigalloc(fs->super)) { - new_size &= ~((blk64_t)(1 << fs->cluster_ratio_bits) - 1); + new_size &= ~((blk64_t)(1ULL << fs->cluster_ratio_bits) - 1); } new_group_desc_count = ext2fs_div64_ceil(new_size - -- cgit v1.2.1 From 1bd16e790308f92e89a5dfbd40ab9e164fe88aa9 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 11 Aug 2022 22:16:41 -0400 Subject: e2fsck: when mutating file name make sure its length never exceeds 255 E2fsck will attempt to mutate filenames to ensure uniqueness if necessary. If there are two unique filenames that are 254 or 255 characters in length and do not contain the '~' character, the mutate_name() function would create a filename which is 256 bytes long, which is not a legal filename in Linux. Adjust the mutate_name function to avoid this possibility. Addresses-Coverity-Bug: 1500768 Signed-off-by: Theodore Ts'o --- e2fsck/rehash.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c index 8cc36f24..210cfdf2 100644 --- a/e2fsck/rehash.c +++ b/e2fsck/rehash.c @@ -414,6 +414,8 @@ static void mutate_name(char *str, unsigned int *len) l += 2; else l = (l+3) & ~3; + if (l > 255) + l = 255; str[l-2] = '~'; str[l-1] = '0'; *len = l; -- cgit v1.2.1 From 45dc484a25f234722f6b0fe4f8fc12080429a1dd Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 11 Aug 2022 23:01:42 -0400 Subject: e2fsck: streamline problem latch handling No functional changes, but streamline the logic, and avoid a coverity warning. Addresses-Coverity-Bug: 1507763 Signed-off-by: Theodore Ts'o --- e2fsck/problem.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/e2fsck/problem.c b/e2fsck/problem.c index 95f0ace8..e2572f59 100644 --- a/e2fsck/problem.c +++ b/e2fsck/problem.c @@ -2494,8 +2494,7 @@ int fix_problem(e2fsck_t ctx, problem_t code, struct problem_context *pctx) if ((ctx->options & E2F_OPT_PREEN) && (ptr->flags & PR_PREEN_OK)) suppress++; - if ((ptr->flags & PR_LATCH_MASK) && - (ldesc->flags & (PRL_YES | PRL_NO))) + if (ldesc && (ldesc->flags & (PRL_YES | PRL_NO))) suppress++; if (ptr->count == ptr->max_count + 1) { if (ctx->problem_logf) @@ -2540,8 +2539,7 @@ int fix_problem(e2fsck_t ctx, problem_t code, struct problem_context *pctx) answer = def_yn; if (!(ptr->flags & PR_PREEN_NOMSG)) print_answer = 1; - } else if ((ptr->flags & PR_LATCH_MASK) && - (ldesc->flags & (PRL_YES | PRL_NO))) { + } else if (ldesc && (ldesc->flags & (PRL_YES | PRL_NO))) { print_answer = 1; if (ldesc->flags & PRL_YES) answer = 1; -- cgit v1.2.1 From e8b05eb89c75b50876ffc9e23b17811bc429fe19 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 11 Aug 2022 23:14:33 -0400 Subject: e2fsck: mark that we don't care about the return value of e2fsck_lookup() We only print the parent directory to help provide context to the user, but it's possible that a corrupted directory doesn't have a '..' link. Addresses-Coverity-Bug: 1507762 Signed-off-by: Theodore Ts'o --- e2fsck/pass3.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/e2fsck/pass3.c b/e2fsck/pass3.c index d6b8c8b4..16d243f6 100644 --- a/e2fsck/pass3.c +++ b/e2fsck/pass3.c @@ -324,8 +324,8 @@ static int check_directory(e2fsck_t ctx, ext2_ino_t dir, if (parent) pctx->dir = parent; else - ext2fs_lookup(fs, ino, "..", 2, NULL, - &pctx->dir); + (void) ext2fs_lookup(fs, ino, "..", 2, NULL, + &pctx->dir); if (fix_problem(ctx, !parent ? PR_3_UNCONNECTED_DIR : PR_3_LOOPED_DIR, pctx)) { if (e2fsck_reconnect_file(ctx, pctx->ino)) { -- cgit v1.2.1 From 7bb8da77e890d738900da75266786ea9a55df961 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 11 Aug 2022 23:45:21 -0400 Subject: Avoid potential NULL dereference when argv[0] Addresses-Coverity-Bug: 1500772 Addresses-Coverity-Bug: 1500769 Addresses-Coverity-Bug: 1500767 Addresses-Coverity-Bug: 1500758 Addresses-Coverity-Bug: 1500756 Signed-off-by: Theodore Ts'o --- e2fsck/unix.c | 8 ++++++-- misc/badblocks.c | 2 ++ misc/dumpe2fs.c | 3 ++- misc/e2image.c | 2 ++ misc/lsattr.c | 2 ++ misc/tune2fs.c | 2 ++ resize/main.c | 4 +++- 7 files changed, 19 insertions(+), 4 deletions(-) diff --git a/e2fsck/unix.c b/e2fsck/unix.c index 3708a4d8..4b6fd099 100644 --- a/e2fsck/unix.c +++ b/e2fsck/unix.c @@ -74,11 +74,15 @@ int journal_enable_debug = -1; static void usage(e2fsck_t ctx) { + char *program_name = "e2fsck"; + + if (ctx && ctx->program_name) + program_name = ctx>program_name; fprintf(stderr, _("Usage: %s [-panyrcdfktvDFV] [-b superblock] [-B blocksize]\n" "\t\t[-l|-L bad_blocks_file] [-C fd] [-j external_journal]\n" "\t\t[-E extended-options] [-z undo_file] device\n"), - ctx->program_name); + program_name); fprintf(stderr, "%s", _("\nEmergency help:\n" " -p Automatic repair (no questions)\n" @@ -849,7 +853,7 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx) if (argc && *argv) ctx->program_name = *argv; else - ctx->program_name = "e2fsck"; + usage(NULL); phys_mem_kb = get_memory_size() / 1024; ctx->readahead_kb = ~0ULL; diff --git a/misc/badblocks.c b/misc/badblocks.c index afeb3da9..3dedf763 100644 --- a/misc/badblocks.c +++ b/misc/badblocks.c @@ -1093,6 +1093,8 @@ int main (int argc, char ** argv) if (argc && *argv) program_name = *argv; + else + usage(); while ((c = getopt (argc, argv, "b:d:e:fi:o:svwnc:p:h:t:BX")) != EOF) { switch (c) { case 'b': diff --git a/misc/dumpe2fs.c b/misc/dumpe2fs.c index ef6d1cb8..7c080ed9 100644 --- a/misc/dumpe2fs.c +++ b/misc/dumpe2fs.c @@ -619,7 +619,8 @@ int main (int argc, char ** argv) mmp_check = 1; header_only = 1; } - } + } else + usage(); if (!mmp_check) fprintf(stderr, "dumpe2fs %s (%s)\n", E2FSPROGS_VERSION, diff --git a/misc/e2image.c b/misc/e2image.c index 207c3037..f9357aa0 100644 --- a/misc/e2image.c +++ b/misc/e2image.c @@ -1517,6 +1517,8 @@ int main (int argc, char ** argv) E2FSPROGS_DATE); if (argc && *argv) program_name = *argv; + else + usage(); add_error_table(&et_ext2_error_table); while ((c = getopt(argc, argv, "b:B:nrsIQafo:O:pc")) != EOF) switch (c) { diff --git a/misc/lsattr.c b/misc/lsattr.c index 55080e92..72f4c681 100644 --- a/misc/lsattr.c +++ b/misc/lsattr.c @@ -187,6 +187,8 @@ int main (int argc, char ** argv) #endif if (argc && *argv) program_name = *argv; + else + usage(); while ((c = getopt (argc, argv, "RVadlvp")) != EOF) switch (c) { diff --git a/misc/tune2fs.c b/misc/tune2fs.c index 7f023adf..64a456af 100644 --- a/misc/tune2fs.c +++ b/misc/tune2fs.c @@ -2951,6 +2951,8 @@ int tune2fs_main(int argc, char **argv) #endif if (argc && *argv) program_name = *argv; + else + usage(); add_error_table(&et_ext2_error_table); #ifdef CONFIG_BUILD_FINDFS diff --git a/resize/main.c b/resize/main.c index b745c58c..94f5ec6d 100644 --- a/resize/main.c +++ b/resize/main.c @@ -49,7 +49,7 @@ static void usage (char *prog) fprintf (stderr, _("Usage: %s [-d debug_flags] [-f] [-F] [-M] [-P] " "[-p] device [-b|-s|new_size] [-S RAID-stride] " "[-z undo_file]\n\n"), - prog); + prog ? prog : "resize2fs"); exit (1); } @@ -287,6 +287,8 @@ int main (int argc, char ** argv) E2FSPROGS_VERSION, E2FSPROGS_DATE); if (argc && *argv) program_name = *argv; + else + usage(NULL); while ((c = getopt(argc, argv, "d:fFhMPpS:bsz:")) != EOF) { switch (c) { -- cgit v1.2.1