From 3afb93ee309db7327138f647c6ba5d3688f1ccc3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Sun, 17 Sep 2017 14:44:22 -0400 Subject: [PATCH] Fix: NULL dereference on sampling and restoration of graph's 'can_consume' MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity Scan. A graph's 'can_consume' state must only be sampled after the graph argument's validation. The error paths must also repeat that check on restoration of the state. Signed-off-by: Jérémie Galarneau --- lib/graph/graph.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/lib/graph/graph.c b/lib/graph/graph.c index 4c78ea19..7b43a101 100644 --- a/lib/graph/graph.c +++ b/lib/graph/graph.c @@ -233,13 +233,14 @@ enum bt_graph_status bt_graph_connect_ports(struct bt_graph *graph, struct bt_component *upstream_component = NULL; struct bt_component *downstream_component = NULL; enum bt_component_status component_status; - const bt_bool init_can_consume = graph->can_consume; + bt_bool init_can_consume; if (!graph) { BT_LOGW_STR("Invalid parameter: graph is NULL."); status = BT_GRAPH_STATUS_INVALID; goto end; } + init_can_consume = graph->can_consume; if (!upstream_port) { BT_LOGW_STR("Invalid parameter: upstream port is NULL."); @@ -410,7 +411,9 @@ end: bt_put(upstream_component); bt_put(downstream_component); bt_put(connection); - graph->can_consume = init_can_consume; + if (graph) { + graph->can_consume = init_can_consume; + } return status; } @@ -643,7 +646,9 @@ enum bt_graph_status bt_graph_run(struct bt_graph *graph) end: BT_LOGV("Graph ran: status=%s", bt_graph_status_string(status)); - graph->can_consume = BT_TRUE; + if (graph) { + graph->can_consume = BT_TRUE; + } return status; } @@ -951,7 +956,7 @@ enum bt_graph_status bt_graph_add_component_with_init_method_data( struct bt_component *component = NULL; enum bt_component_class_type type; size_t i; - const bt_bool init_can_consume = graph->can_consume; + bt_bool init_can_consume; bt_get(params); @@ -960,6 +965,7 @@ enum bt_graph_status bt_graph_add_component_with_init_method_data( graph_status = BT_GRAPH_STATUS_INVALID; goto end; } + init_can_consume = graph->can_consume; if (!component_class) { BT_LOGW_STR("Invalid parameter: component class is NULL."); @@ -1101,7 +1107,9 @@ enum bt_graph_status bt_graph_add_component_with_init_method_data( end: bt_put(component); bt_put(params); - graph->can_consume = init_can_consume; + if (graph) { + graph->can_consume = init_can_consume; + } return graph_status; } @@ -1119,7 +1127,7 @@ BT_HIDDEN int bt_graph_remove_unconnected_component(struct bt_graph *graph, struct bt_component *component) { - const bt_bool init_can_consume = graph->can_consume; + bt_bool init_can_consume; int64_t count; uint64_t i; int ret = 0; @@ -1129,6 +1137,7 @@ int bt_graph_remove_unconnected_component(struct bt_graph *graph, assert(component->base.ref_count.count == 0); assert(bt_component_borrow_graph(component) == graph); + init_can_consume = graph->can_consume; count = bt_component_get_input_port_count(component); for (i = 0; i < count; i++) { -- 2.34.1