From 477b6eee6d7d2881945eb5acfc23d3930bb506b1 Mon Sep 17 00:00:00 2001 From: Philippe Troin Date: Mon, 16 Jun 2008 11:12:00 -0400 Subject: [PATCH] Plug dir leak and initialize data structs While trying to track down some crashes in kino, I found the following problems with libraw1394: * There is a DIR* leak in raw1394_set_port(). * Lots of data structures are not fully initialized when calling IEEE1394 ioctl()s. These cause valgrind errors (benign, as valgrind does not know how to interpret all ioctls. However these also cause kino to crash in libraw1394. I've added a bunch of memset()s to prevent this problem from happening. Forward-ported to libraw1394 git tree by Jarod Wilson. --- src/fw-iso.c | 2 ++ src/fw.c | 15 ++++++++++++++- tools/testlibraw.c | 1 + 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/fw-iso.c b/src/fw-iso.c index 471d981..a1794c3 100644 --- a/src/fw-iso.c +++ b/src/fw-iso.c @@ -401,6 +401,7 @@ iso_init(fw_handle_t handle, int type, } handle->iso.closure.func = handle_iso_event; + memset(&ep, 0, sizeof(ep)); ep.events = EPOLLIN; ep.data.ptr = &handle->iso.closure; if (epoll_ctl(handle->epoll_fd, EPOLL_CTL_ADD, @@ -411,6 +412,7 @@ iso_init(fw_handle_t handle, int type, return -1; } + memset(&create, 0, sizeof(create)); create.type = type; create.channel = channel; create.speed = speed; diff --git a/src/fw.c b/src/fw.c index 1322fe2..3c61385 100644 --- a/src/fw.c +++ b/src/fw.c @@ -149,6 +149,8 @@ scan_devices(fw_handle_t handle) fd = open(filename, O_RDWR); if (fd < 0) continue; + memset(&get_info, 0, sizeof(get_info)); + memset(&reset, 0, sizeof(reset)); get_info.version = FW_CDEV_VERSION; get_info.rom = 0; get_info.rom_length = 0; @@ -404,7 +406,10 @@ fw_handle_t fw_new_handle(void) struct epoll_event ep; int i; + memset(&ep, 0, sizeof(ep)); + handle = malloc(sizeof *handle); + memset(handle, 0, sizeof(*handle)); handle->tag_handler = default_tag_handler; handle->arm_tag_handler = default_arm_tag_handler; @@ -580,6 +585,8 @@ int fw_set_port(fw_handle_t handle, int port) if (fd < 0) continue; + memset(&get_info, 0, sizeof(get_info)); + memset(&reset, 0, sizeof(reset)); get_info.version = FW_CDEV_VERSION; get_info.rom = 0; get_info.rom_length = 0; @@ -603,10 +610,12 @@ int fw_set_port(fw_handle_t handle, int port) sizeof handle->devices[i].filename); handle->devices[i].closure.func = handle_device_event; + memset(&ep, 0, sizeof(ep)); ep.events = EPOLLIN; ep.data.ptr = &handle->devices[i].closure; if (epoll_ctl(handle->epoll_fd, EPOLL_CTL_ADD, fd, &ep) < 0) { close(fd); + closedir(dir); return -1; } @@ -621,6 +630,8 @@ int fw_set_port(fw_handle_t handle, int port) i++; } + closedir(dir); + return 0; } @@ -1220,6 +1231,7 @@ fw_start_fcp_listen(fw_handle_t handle) closure->callback = handle_fcp_request; + memset(&request, 0, sizeof(request)); request.offset = CSR_REGISTER_BASE + CSR_FCP_COMMAND; request.length = CSR_FCP_END - CSR_FCP_COMMAND; request.closure = ptr_to_u64(closure); @@ -1256,6 +1268,7 @@ fw_get_config_rom(fw_handle_t handle, quadlet_t *buffer, struct fw_cdev_get_info get_info; int err; + memset(&get_info, 0, sizeof(get_info)); get_info.version = FW_CDEV_VERSION; get_info.rom = ptr_to_u64(buffer); get_info.rom_length = buffersize; @@ -1284,7 +1297,7 @@ fw_bandwidth_modify (raw1394handle_t handle, if (bandwidth == 0) return 0; - + addr = CSR_REGISTER_BASE + CSR_BANDWIDTH_AVAILABLE; /* Read current bandwidth usage from IRM. */ result = raw1394_read (handle, raw1394_get_irm_id (handle), addr, diff --git a/tools/testlibraw.c b/tools/testlibraw.c index 2f02a6d..efd87ad 100644 --- a/tools/testlibraw.c +++ b/tools/testlibraw.c @@ -202,6 +202,7 @@ int main(int argc, char **argv) read_topology_map(handle); printf("testing config rom stuff\n"); + memset(rom, 0, sizeof(rom)); retval=raw1394_get_config_rom(handle, rom, 0x100, &rom_size, &rom_version); printf("get_config_rom returned %d, romsize %d, rom_version %d\n",retval,rom_size,rom_version); printf("here are the first 10 quadlets:\n");