evas/cserve2: Fix new Coverity issues

Nothing extraordinary here.
Most potential crashes are extremely unlikely.

- Fix CID 1113444

- Fix CID 1113442

- Fix CID 1113441 (Logically dead code, can not be NULL)

- Fix CID 1113440: Explicit null dereferenced

This is actually an impossible situation.
Fixed by checking for nullity and printing out some error
messages instead of just crashing.

- Fix CID 1113439: Dereference after null check

Logically impossible code as both idxpath and datapath
must be either set or null at the same time.
Change the if logic to tell Coverity there's no bug.

- Fix CID 1113438 (Argument cannot be negative)

Fix wrong check of return value from shm_open.

- Fix CID 1113437 (Argument cannot be negative)

Fix wrong check of return value from shm_open.

- Fix CID 1113436 (Dereference null return value)

This case really shouldn't happen.
But the extra check does not hurt.

- Fix CID 1113435 (Dereference before null check)

Check for nullity after map open.

- Fix CID 1113434 (Extra sizeof expression)

Debug buggy debug tool :)

- Fix CID 1113433 (Uninitialized scalar variable)

Insignificant issue: only prints wrong debug logs :)

- Fix CID 1113431 (Uninitialized scalar value)

Check if (!found) only to print out logs. Not a big deal
if found was invalid.

- Fix CID 1039462 (Logically dead code)

diff --git a/src/bin/evas/dummy_slave.c b/src/bin/evas/dummy_slave.c
index a64ec53..9b56380 100644 (file)
--- a/src/bin/evas/dummy_slave.c
+++ b/src/bin/evas/dummy_slave.c
@@ -170,7 +170,7 @@ int main(int c, char **v)
                    Error_Type err;
                    const char *file, *key;
                    p = params;
-                   file = (const char *)(p + sizeof(*p));
+                   file = (const char *)(p + 1);
                    key = file + strlen(file) + 1;
                    if ((err = image_open(file, key, &result)) != CSERVE2_NONE)
                      error_send(wfd, err);

diff --git a/src/bin/evas/evas_cserve2_cache.c b/src/bin/evas/evas_cserve2_cache.c
index 9f92543..4c20a72 100644 (file)
--- a/src/bin/evas/evas_cserve2_cache.c
+++ b/src/bin/evas/evas_cserve2_cache.c
@@ -1588,8 +1588,8 @@ _image_entry_new(Client *client, int rid,
    ref = eina_hash_find(client->files.referencing, &client_file_id);
    if (!ref)
      {
-        ERR("Couldn't find file id: %d, for image id: %d",
-            client_file_id, image_id);
+        ERR("Couldn't find file id for client image id: %d",
+            client_file_id);
         cserve2_client_error_send(client, rid,
                                   CSERVE2_INVALID_CACHE);
         return NULL;
@@ -2373,7 +2373,7 @@ _font_entry_debug_size_cb(const Eina_Hash *hash EINA_UNUSED,
    // name
    if (fe->src->name)
      {
-        str = cserve2_shared_string_get(fe->src->file);
+        str = cserve2_shared_string_get(fe->src->name);
         di->size+= strlen(str) + 1;
      }
 
@@ -2769,8 +2769,10 @@ try_again:
                                            0, &unscaled, buf, sizeof(buf));
              if (!orig_entry) return -1;
 
-             image_id = orig_entry->base.id;
              orig_data = _image_data_find(ENTRYID(orig_entry));
+             if (!orig_data) return -1;
+
+             image_id = ENTRYID(orig_entry);
              orig_data->unused = EINA_TRUE;
              fentry = _file_entry_find(orig_data->file_id);
              fentry->images = eina_list_append(fentry->images, orig_entry);

diff --git a/src/bin/evas/evas_cserve2_index.c b/src/bin/evas/evas_cserve2_index.c
index e6b13ce..f0d6f71 100644 (file)
--- a/src/bin/evas/evas_cserve2_index.c
+++ b/src/bin/evas/evas_cserve2_index.c
@@ -581,8 +581,6 @@ _shared_index_entry_get_by_id(Shared_Index *si, unsigned int id)
    for (cur = start_high; cur < si->sa->header->count; cur++)
      {
         obj = (Index_Entry *) (base + (elemsize * cur));
-        if (!obj)
-          return NULL;
         if (!obj->id)
           return NULL;
         if (obj->id == id)

diff --git a/src/bin/evas/evas_cserve2_shm.c b/src/bin/evas/evas_cserve2_shm.c
index d95afc7..6ccfbcd 100644 (file)
--- a/src/bin/evas/evas_cserve2_shm.c
+++ b/src/bin/evas/evas_cserve2_shm.c
@@ -132,7 +132,7 @@ cserve2_shm_segment_request(Shm_Handle *shm, size_t size)
    if (!segment) return NULL;
 
    fd = shm_open(map->name, O_RDWR, S_IRUSR | S_IWUSR);
-   if (!fd)
+   if (fd == -1)
      {
         ERR("Could not reopen shm handle: %m");
         free(segment);
@@ -184,7 +184,7 @@ cserve2_shm_resize(Shm_Handle *shm, size_t newsize)
      }
 
    fd = shm_open(shm->mapping->name, O_RDWR, S_IRUSR | S_IWUSR);
-   if (!fd)
+   if (fd == -1)
      {
         ERR("Could not reopen shm handle: %m");
         return NULL;

diff --git a/src/bin/evas/evas_cserve2_shm_debug.c b/src/bin/evas/evas_cserve2_shm_debug.c
index 10bb484..73b13b3 100644 (file)
--- a/src/bin/evas/evas_cserve2_shm_debug.c
+++ b/src/bin/evas/evas_cserve2_shm_debug.c
@@ -725,8 +725,8 @@ main(int argc EINA_UNUSED, char **argv EINA_UNUSED)
 
    if (isatty(STDOUT_FILENO))
      {
-        ioctl(STDOUT_FILENO, TIOCGWINSZ, &w);
-        _termsize = w.ws_col;
+        if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &w) == 0)
+          _termsize = w.ws_col;
      }
 
    if (argc > 1)

diff --git a/src/lib/evas/cache2/evas_cache2.c b/src/lib/evas/cache2/evas_cache2.c
index e1a9d01..35cceb6 100644 (file)
--- a/src/lib/evas/cache2/evas_cache2.c
+++ b/src/lib/evas/cache2/evas_cache2.c
@@ -657,7 +657,7 @@ evas_cache2_image_open(Evas_Cache2 *cache, const char *path, const char *key,
    Image_Timestamp       tstamp;
    Evas_Image_Load_Opts  prevent;
 
-   if ((!path) || ((!path) && (!key)))
+   if (!path)
      {
         *error = EVAS_LOAD_ERROR_GENERIC;
         return NULL;

diff --git a/src/lib/evas/cserve2/evas_cs2_client.c b/src/lib/evas/cserve2/evas_cs2_client.c
index 67c597a..5410b0b 100644 (file)
--- a/src/lib/evas/cserve2/evas_cs2_client.c
+++ b/src/lib/evas/cserve2/evas_cs2_client.c
@@ -545,7 +545,7 @@ _server_dispatch(Eina_Bool *failed)
    Eina_List *l, *l_next;
    Client_Request *cr;
    Msg_Base *msg;
-   Eina_Bool found;
+   Eina_Bool found = EINA_FALSE;
 
    msg = _server_read(&size);
    if (!msg)
@@ -1691,8 +1691,9 @@ _glyph_map_remap_check(Glyph_Map *map, const char *idxpath, const char *datapath
    // Note: Since the shm name contains cserve2's PID it should most likely
    // always change in case of crash/restart
 
-   if ((datapath && strcmp(datapath, map->mempool.path))
-       || (idxpath && strcmp(idxpath, map->index.path)))
+   if (datapath && idxpath &&
+       ((strncmp(datapath, map->mempool.path, SHARED_BUFFER_PATH_MAX) != 0) ||
+        (strncmp(idxpath, map->index.path, SHARED_BUFFER_PATH_MAX) != 0)))
      {
         CS_Glyph_Out *gl, *cursor;
 
@@ -1735,7 +1736,13 @@ _glyph_map_remap_check(Glyph_Map *map, const char *idxpath, const char *datapath
              else
                {
                   gl->sb = oldbuf;
-                  EINA_REFCOUNT_REF(gl->sb);
+                  if (gl->sb)
+                    EINA_REFCOUNT_REF(gl->sb);
+                  else
+                    {
+                       ERR("Glyph pool can not be remapped! (invalid refs)");
+                       eina_clist_remove(&gl->map_entry);
+                    }
                }
           }
 
@@ -1824,11 +1831,13 @@ _font_entry_glyph_map_rebuild_check(Font_Entry *fe, Font_Hint_Flags hints)
         if (!idxpath || !datapath) return -1;
 
         fe->map =_glyph_map_open(fe, idxpath, datapath);
+        if (!fe->map) return -1;
+
         changed = EINA_TRUE;
      }
 
    changed |= _glyph_map_remap_check(fe->map, idxpath, datapath);
-   if (changed && fe->map && fe->map->index.data && fe->map->mempool.data)
+   if (changed && fe->map->index.data && fe->map->mempool.data)
      {
         CS_Glyph_Out *gl;
         const Glyph_Data *gd;