strcmp does return the difference between two strings not only -1,0,1
consequently
if (strcmp (a,b) == -1)
might lead to taking the wrong branch
-> compare with <= instead.
This also makes the code/behavior compliant with its comments.
(e.g. if PPI Version is 1.0)
Fixes Coverity complaints:
CID: 741083 Misuse of memcmp-style function
CID: 741084 Misuse of memcmp-style function
CID: 741085 Misuse of memcmp-style function
Cc: [email protected]
Signed-off-by: Peter Huewe <[email protected]>
---
drivers/char/tpm/tpm_ppi.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 8e562dc..8b2e05a 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -169,7 +169,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
* is updated with function index from SUBREQ to SUBREQ2 since PPI
* version 1.1
*/
- if (strcmp(version, "1.1") == -1)
+ if (strcmp(version, "1.1") <= -1)
params[2].integer.value = TPM_PPI_FN_SUBREQ;
else
params[2].integer.value = TPM_PPI_FN_SUBREQ2;
@@ -179,7 +179,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
* string/package type. For PPI version 1.0 and 1.1, use buffer type
* for compatibility, and use package type since 1.2 according to spec.
*/
- if (strcmp(version, "1.2") == -1) {
+ if (strcmp(version, "1.2") <= -1) {
params[3].type = ACPI_TYPE_BUFFER;
params[3].buffer.length = sizeof(req);
sscanf(buf, "%d", &req);
@@ -245,7 +245,7 @@ static ssize_t tpm_show_ppi_transition_action(struct device *dev,
* (e.g. Capella with PPI 1.0) need integer/string/buffer type, so for
* compatibility, define params[3].type as buffer, if PPI version < 1.2
*/
- if (strcmp(version, "1.2") == -1) {
+ if (strcmp(version, "1.2") <= -1) {
params[3].type = ACPI_TYPE_BUFFER;
params[3].buffer.length = 0;
params[3].buffer.pointer = NULL;
@@ -387,7 +387,7 @@ static ssize_t show_ppi_operations(char *buf, u32 start, u32 end)
kfree(output.pointer);
output.length = ACPI_ALLOCATE_BUFFER;
output.pointer = NULL;
- if (strcmp(version, "1.2") == -1)
+ if (strcmp(version, "1.2") <= -1)
return -EPERM;
params[2].integer.value = TPM_PPI_FN_GETOPR;
--
1.7.8.6
If
status = acpi_get_name(handle, ACPI_FULL_PATHNAME, &buffer);
fails for whatever reason and does not return AE_OK
if (strstr(buffer.pointer, context) != NULL) {
does dereference a null pointer.
-> Check the return value and return the status to the caller
Found by coverity
CID: 728462 Explicit null dereferenced
Cc: [email protected]
Signed-off-by: Peter Huewe <[email protected]>
---
drivers/char/tpm/tpm_ppi.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 8b2e05a..2242917 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -30,6 +30,9 @@ static acpi_status ppi_callback(acpi_handle handle, u32 level, void *context,
acpi_status status;
struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
status = acpi_get_name(handle, ACPI_FULL_PATHNAME, &buffer);
+ if (ACPI_FAILURE(status))
+ return status;
+
if (strstr(buffer.pointer, context) != NULL) {
*return_value = handle;
kfree(buffer.pointer);
--
1.7.8.6
On Wed, 2013-10-30 at 01:40 +0100, Peter Huewe wrote:
> strcmp does return the difference between two strings not only -1,0,1
> consequently
> if (strcmp (a,b) == -1)
> might lead to taking the wrong branch
>
> -> compare with <= instead.
lib/string.c:strcmp returns only -1,0,1
so that's what the arch versions should do too.
However, arch implementations do vary...
fyi: using
if (strcmp(foo, bar) < 0)
is canonical.
There are no existing <= -1 uses.
On Wed, Oct 30, 2013 at 01:40:27AM +0100, Peter Huewe wrote:
> strcmp does return the difference between two strings not only -1,0,1
> consequently
> if (strcmp (a,b) == -1)
> might lead to taking the wrong branch
>
> -> compare with <= instead.
I've always thought this was the preferred idiom:
cmp(a,b) == 0
cmp(a,b) < 0
cmp(a,b) > 0
As the operator matches what is actually happening in all cases.
'>= -1' doesn't mean a >= b.
Regards,
Jason
Hi Joe, Jason
> fyi: using
> if (strcmp(foo, bar) < 0)
> is canonical.
Yeah of course you're both right -
if (strcmp(foo, bar) < 0)
is the correct version.
Sorry about the rubbish patch.
> lib/string.c:strcmp returns only -1,0,1
> so that's what the arch versions should do too.
> However, arch implementations do vary...
Joe, You are right on this one as well.
I did not pay attention to where cscope did send me
- it was arch/x86/boot/string.c which implements it as
while (*s1 || *s2) {
delta = *s2 - *s1;
if (delta)
return delta;
s1++;
s2++;
}
Although I know that this is not used here,
it differs from the version in lib. (Maybe worth changing?)
In anycase
if (strcmp(foo, bar) < 0)
is better than
if (strcmp(foo, bar) == -1)
so I'll resend the patch.
Thanks for reviewing!
Peter
On Wed, 2013-10-30 at 20:35 +0100, Peter H?we wrote:
> Hi Joe, Jason
Hi Peter.
> > lib/string.c:strcmp returns only -1,0,1
> > so that's what the arch versions should do too.
> > However, arch implementations do vary...
[]
> I did not pay attention to where cscope did send me
> - it was arch/x86/boot/string.c which implements it as
>
> while (*s1 || *s2) {
> delta = *s2 - *s1;
> if (delta)
> return delta;
> s1++;
> s2++;
> }
>
> Although I know that this is not used here,
> it differs from the version in lib. (Maybe worth changing?)
The arch/... assembly versions don't always
return -1, 0, 1 so I don't think it's worth
it to change all of those.
Depending on the implementation strcmp might return the difference between
two strings not only -1,0,1 consequently
if (strcmp (a,b) == -1)
might lead to taking the wrong branch
-> compare with < 0 instead,
which in any case is more canonical.
Cc: [email protected]
Signed-off-by: Peter Huewe <[email protected]>
---
sorry for the rubbish first patch,
should get more sleep, but coding is too much fun;)
drivers/char/tpm/tpm_ppi.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 8e562dc..18c5810 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -169,7 +169,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
* is updated with function index from SUBREQ to SUBREQ2 since PPI
* version 1.1
*/
- if (strcmp(version, "1.1") == -1)
+ if (strcmp(version, "1.1") < 0)
params[2].integer.value = TPM_PPI_FN_SUBREQ;
else
params[2].integer.value = TPM_PPI_FN_SUBREQ2;
@@ -179,7 +179,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
* string/package type. For PPI version 1.0 and 1.1, use buffer type
* for compatibility, and use package type since 1.2 according to spec.
*/
- if (strcmp(version, "1.2") == -1) {
+ if (strcmp(version, "1.2") < 0) {
params[3].type = ACPI_TYPE_BUFFER;
params[3].buffer.length = sizeof(req);
sscanf(buf, "%d", &req);
@@ -245,7 +245,7 @@ static ssize_t tpm_show_ppi_transition_action(struct device *dev,
* (e.g. Capella with PPI 1.0) need integer/string/buffer type, so for
* compatibility, define params[3].type as buffer, if PPI version < 1.2
*/
- if (strcmp(version, "1.2") == -1) {
+ if (strcmp(version, "1.2") < 0) {
params[3].type = ACPI_TYPE_BUFFER;
params[3].buffer.length = 0;
params[3].buffer.pointer = NULL;
@@ -387,7 +387,7 @@ static ssize_t show_ppi_operations(char *buf, u32 start, u32 end)
kfree(output.pointer);
output.length = ACPI_ALLOCATE_BUFFER;
output.pointer = NULL;
- if (strcmp(version, "1.2") == -1)
+ if (strcmp(version, "1.2") < 0)
return -EPERM;
params[2].integer.value = TPM_PPI_FN_GETOPR;
--
1.7.8.6
Hi all!
On Mit, 2013-10-30 at 12:41 -0700, Joe Perches wrote:
[...]
> The arch/... assembly versions don't always
> return -1, 0, 1 so I don't think it's worth
> it to change all of those.
FWIW user-space strcmp() - e.g. as in
http://pubs.opengroup.org/onlinepubs/009695399/functions/strcmp.html but
also (glibcs) manual page- doesn't guarantee -1 or +1 either,
MfG,
Bernd
--
Bernd Petrovitsch Email : [email protected]
LUGA : http://www.luga.at