PCI detection code doesn't corrupt memory anymore (2nd try)

  From : Erwan Velu <erwan.velu@free.fr>

This patch fixes the pci detection stuff demo'd in pcitest.c32
- Fix a wrong type in malloc
- Incorrect use of strdup
- Replacing strncpy by strnlcpy (thx hpa)

This two fixes makes pcitest.c32 working far better, no more crash when
running it twice.

I'd like to thank Sebastian Herbszt for its reports and tests.

This patch was made for 3.62-pre16 but applies fine on 3.63-pre1.

Signed-off-by:Erwan Velu <erwan.velu@free.fr>

--------------------------------------------------------------------------------
Les opinions et prises de position emises par le signataire du present
message lui sont propres et ne sauraient engager la responsabilite de la
societe SEANODES.

Ce message ainsi que les eventuelles pieces jointes constituent une
correspondance privee et confidentielle a l'attention exclusive du
destinataire designe ci-dessus. Si vous n'etes pas le destinataire du
present message ou une personne susceptible de pouvoir le lui delivrer, il
vous est signifie que toute divulgation, distribution ou copie de cette
transmission est strictement interdite. Si vous avez recu ce message par
erreur, nous vous remercions d'en informer l'expediteur par telephone ou de
lui retourner le present message, puis d'effacer immediatement ce message de
votre systeme.

The views and opinions expressed by the author of this message are personal.
SEANODES shall assume no liability, express or implied for such message.

This e-mail and any attachments is a confidential correspondence intended
only for use of the individual or entity named above. If you are not the
intended recipient or the agent responsible for delivering the message to
the intended recipient, you are hereby notified that any disclosure,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify the sender by phone
or by replying this message, and then delete this message from your system.

diff --git a/com32/include/sys/pci.h b/com32/include/sys/pci.h
index 3f9b0d9..a49475b 100644 (file)
--- a/com32/include/sys/pci.h
+++ b/com32/include/sys/pci.h
@@ -11,9 +11,9 @@ typedef uint32_t pciaddr_t;
 
 /* a structure for extended pci information */
 struct pci_dev_info {
-       char     *vendor_name;
-       char     *product_name;
-       char     *linux_kernel_module;
+       char     vendor_name[255];
+       char     product_name[255];
+       char     linux_kernel_module[64];
 };
 
 /* a struct to represent a pci device */

diff --git a/com32/lib/pci/scan.c b/com32/lib/pci/scan.c
index 1186993..94c83bb 100644 (file)
--- a/com32/lib/pci/scan.c
+++ b/com32/lib/pci/scan.c
@@ -92,13 +92,14 @@ void get_module_name_from_pci_ids(struct pci_device_list *pci_device_list)
 
     /* initialize the pci_dev_info structure if it doesn't exist yet. */
     if (! pci_device->pci_dev_info) {
-      pci_device->pci_dev_info = calloc(1,sizeof (struct pci_device));
+      pci_device->pci_dev_info = calloc(1,sizeof *pci_device->pci_dev_info);
+
       if (!pci_device->pci_dev_info) {
        printf("Can't allocate memory\n");
        return;
       }
     }
-    pci_device->pci_dev_info->linux_kernel_module=strdup("unknown");
+    strlcpy(pci_device->pci_dev_info->linux_kernel_module,"unknown",7);
   }
 
   /* Opening the modules.pcimap (ofa linux kernel) from the boot device*/
@@ -162,9 +163,9 @@ void get_module_name_from_pci_ids(struct pci_device_list *pci_device_list)
 void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
 {
   char line[MAX_LINE];
-  char *vendor=NULL;
+  char vendor[255];
   char vendor_id[5];
-  char *product=NULL;
+  char product[255];
   char product_id[5];
   char sub_product_id[5];
   char sub_vendor_id[5];
@@ -178,7 +179,7 @@ void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
 
     /* initialize the pci_dev_info structure if it doesn't exist yet. */
     if (! pci_device->pci_dev_info) {
-      pci_device->pci_dev_info = calloc(1,sizeof (struct pci_device));
+      pci_device->pci_dev_info = calloc(1,sizeof *pci_device->pci_dev_info);
 
       if (!pci_device->pci_dev_info) {
        printf("Can't allocate memory\n");
@@ -186,15 +187,14 @@ void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
       }
     }
 
-    pci_device->pci_dev_info->vendor_name=strdup("unknown");
-    pci_device->pci_dev_info->product_name=strdup("unknown");
+    strlcpy(pci_device->pci_dev_info->vendor_name,"unknown",7);
+    strlcpy(pci_device->pci_dev_info->product_name,"unknown",7);
   }
 
   /* Opening the pci.ids from the boot device*/
   f=fopen("pci.ids","r");
   if (!f)
         return;
-
   strcpy(vendor_id,"0000");
   strcpy(product_id,"0000");
   strcpy(sub_product_id,"0000");
@@ -203,7 +203,6 @@ void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
 
   /* for each line we found in the pci.ids*/
   while ( fgets(line, sizeof line, f) ) {
-
     /* Skipping uncessary lines */
     if ((line[0] == '#') || (line[0] == ' ') || (line[0] == 'C') ||
        (line[0] == 10))
@@ -212,13 +211,13 @@ void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
     if (line[0] != '\t') {
 
        /* the 4th first chars are the vendor_id */
-        strncpy(vendor_id,line,4);
+        strlcpy(vendor_id,line,4);
 
        /* the vendor name is the next field*/
         vendor_id[4]=0;
-        vendor=strdup(skipspace(strstr(line," ")));
-        remove_eol(vendor);
+        strlcpy(vendor,skipspace(strstr(line," ")),255);
 
+        remove_eol(vendor);
        /* init product_id, sub_product and sub_vendor */
         strcpy(product_id,"0000");
         strcpy(sub_product_id,"0000");
@@ -226,24 +225,23 @@ void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
 
        /* ffff is an invalid vendor id */
        if (strstr(vendor_id,"ffff")) break;
-
        /* assign the vendor_name to any matching pci device*/
        for (pci_dev=0; pci_dev < pci_device_list->count; pci_dev++) {
          struct pci_device *pci_device =
            &pci_device_list->pci_device[pci_dev];
 
          if (hex_to_int(vendor_id) == pci_device->vendor)
-           pci_device->pci_dev_info->vendor_name=strdup(vendor);
+           strlcpy(pci_device->pci_dev_info->vendor_name,vendor,255);
        }
     /* if we have a tab + a char, it means this is a product id */
     } else if ((line[0] == '\t') && (line[1] != '\t')) {
 
        /* the product name the second field */
-        product=strdup(skipspace(strstr(line," ")));
+        strlcpy(product,skipspace(strstr(line," ")),255);
         remove_eol(product);
 
        /* the product id is first field */
-       strncpy(product_id,&line[1],4);
+       strlcpy(product_id,&line[1],4);
         product_id[4]=0;
 
        /* init sub_product and sub_vendor */
@@ -256,23 +254,23 @@ void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
            &pci_device_list->pci_device[pci_dev];
          if (hex_to_int(vendor_id) == pci_device->vendor &&
              hex_to_int(product_id) == pci_device->product)
-           pci_device->pci_dev_info->product_name=strdup(product);
+           strlcpy(pci_device->pci_dev_info->product_name,product,255);
        }
 
     /* if we have two tabs, it means this is a sub product */
     } else if ((line[0] == '\t') && (line[1] == '\t')) {
 
       /* the product name is last field */
-      product=skipspace(strstr(line," "));
-      product=strdup(skipspace(strstr(product," ")));
+      strlcpy(product,skipspace(strstr(line," ")),255);
+      strlcpy(product,skipspace(strstr(product," ")),255);
       remove_eol(product);
 
       /* the sub_vendor id is first field */
-      strncpy(sub_vendor_id,&line[2],4);
+      strlcpy(sub_vendor_id,&line[2],4);
       sub_vendor_id[4]=0;
 
       /* the sub_vendor id is second field */
-      strncpy(sub_product_id,&line[7],4);
+      strlcpy(sub_product_id,&line[7],4);
       sub_product_id[4]=0;
 
       /* assign the product_name to any matching pci device*/
@@ -284,7 +282,7 @@ void get_name_from_pci_ids(struct pci_device_list *pci_device_list)
            hex_to_int(product_id) == pci_device->product &&
            hex_to_int(sub_product_id) == pci_device->sub_product &&
            hex_to_int(sub_vendor_id) == pci_device->sub_vendor)
-         pci_device->pci_dev_info->product_name=strdup(product);
+         strlcpy(pci_device->pci_dev_info->product_name,product,255);
       }
     }
   }