All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
To: Steve French <sfrench@samba.org>
Cc: linux-cifs@vger.kernel.org, samba-technical@lists.samba.org,
	linux-kernel@vger.kernel.org,
	"Gustavo A. R. Silva" <gustavo@embeddedor.com>
Subject: [smb3] unreachable code and memory leaks
Date: Mon, 18 Jun 2018 08:07:37 -0500	[thread overview]
Message-ID: <20180618130737.GA13880@embeddedor.com> (raw)

Hi Steve,

While doing some static analysis I came across the following piece of code at fs/cifs/smb2pdu.c:2017:

2017                if (n_iov > 2) {
2018                        struct create_context *ccontext =
2019                            (struct create_context *)iov[n_iov-1].iov_base;
2020                        ccontext->Next =
2021                                cpu_to_le32(iov[n_iov-1].iov_len);
2022                }

The code above is unreachable because n_iov is initialized to 2 and, its value is never updated.
I'm not sure how to fix this.

Also, it seems there are multiple places in which memory allocated for *path* is leaking:

1946        else
1947                return -EIO;

1951        if (rc)
1952                return rc;

1987                if (rc) {
1988                        cifs_small_buf_release(req);
1989                        return rc;
1990                }

and more...

Thanks
--
Gustavo

             reply	other threads:[~2018-06-18 13:07 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-18 13:07 Gustavo A. R. Silva [this message]
2018-06-18 16:55 ` [smb3] unreachable code and memory leaks Steve French
2018-06-18 17:18   ` Steve French
2018-06-18 17:34     ` Gustavo A. R. Silva
2018-06-19  1:20       ` Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180618130737.GA13880@embeddedor.com \
    --to=gustavo@embeddedor.com \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=samba-technical@lists.samba.org \
    --cc=sfrench@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.