[PATCH v2] param: add error check to __dev_add_param()

[PATCH v2] param: add error check to __dev_add_param()

[Masahiro Yamada]

If the argument, name is given with NULL, it would be probably
unexpected behavior.  It should fail rather than register the
NULL-named parameter.

If strdup() fails with out-of-memory, it should also fail
with -ENOMEM.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
---

Changes in v2:
  - Fix the condition of returning -ENOMEM

 lib/parameter.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/parameter.c b/lib/parameter.c
index 71262c4..02a89bb 100644
--- a/lib/parameter.c
+++ b/lib/parameter.c
@@ -130,6 +130,13 @@ static int __dev_add_param(struct param_d *param, struct device_d *dev, const ch
 	if (get_param_by_name(dev, name))
 		return -EEXIST;
 
+	if (!name)
+		return -EINVAL;
+
+	param->name = strdup(name);
+	if (!param->name)
+		return -ENOMEM;
+
 	if (set)
 		param->set = set;
 	else
@@ -139,7 +146,6 @@ static int __dev_add_param(struct param_d *param, struct device_d *dev, const ch
 	else
 		param->get = param_get_generic;
 
-	param->name = strdup(name);
 	param->flags = flags;
 	param->dev = dev;
 	list_add_tail(&param->list, &dev->parameters);
-- 
1.9.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2] param: add error check to __dev_add_param()

[Sascha Hauer]

On Thu, Jan 29, 2015 at 11:46:53AM +0900, Masahiro Yamada wrote:
> If the argument, name is given with NULL, it would be probably
> unexpected behavior.  It should fail rather than register the
> NULL-named parameter.
> 
> If strdup() fails with out-of-memory, it should also fail
> with -ENOMEM.
> 
> Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
> ---
> 
> Changes in v2:
>   - Fix the condition of returning -ENOMEM
> 
>  lib/parameter.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/parameter.c b/lib/parameter.c
> index 71262c4..02a89bb 100644
> --- a/lib/parameter.c
> +++ b/lib/parameter.c
> @@ -130,6 +130,13 @@ static int __dev_add_param(struct param_d *param, struct device_d *dev, const ch
>  	if (get_param_by_name(dev, name))
>  		return -EEXIST;
>  
> +	if (!name)
> +		return -EINVAL;

Name is used already two lines above so barebox will already be crashed
before this triggers.

Besides, I normally don't like these checks. dereferencing NULL pointers
means you get a backtrace showing you what went wrong. Returning an error
means adding code which in this case makes dev_add_param just fail
silently because the return value often is not checked.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2] param: add error check to __dev_add_param()

[Masahiro Yamada]

Hi Sascha,

On Thu, 29 Jan 2015 10:06:22 +0100
Sascha Hauer <s.hauer@pengutronix.de> wrote:

> On Thu, Jan 29, 2015 at 11:46:53AM +0900, Masahiro Yamada wrote:
> > If the argument, name is given with NULL, it would be probably
> > unexpected behavior.  It should fail rather than register the
> > NULL-named parameter.
> > 
> > If strdup() fails with out-of-memory, it should also fail
> > with -ENOMEM.
> > 
> > Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
> > ---
> > 
> > Changes in v2:
> >   - Fix the condition of returning -ENOMEM
> > 
> >  lib/parameter.c | 8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> > 
> > diff --git a/lib/parameter.c b/lib/parameter.c
> > index 71262c4..02a89bb 100644
> > --- a/lib/parameter.c
> > +++ b/lib/parameter.c
> > @@ -130,6 +130,13 @@ static int __dev_add_param(struct param_d *param, struct device_d *dev, const ch
> >  	if (get_param_by_name(dev, name))
> >  		return -EEXIST;
> >  
> > +	if (!name)
> > +		return -EINVAL;
> 
> Name is used already two lines above so barebox will already be crashed
> before this triggers.
> 
> Besides, I normally don't like these checks. dereferencing NULL pointers
> means you get a backtrace showing you what went wrong. Returning an error
> means adding code which in this case makes dev_add_param just fail
> silently because the return value often is not checked.
> 

OK, then how about dropping this -EINVAL check?

I think the -ENOMEM check below is still useful.
( strdup() returns NULL also when NULL is passed,
but in that case this line cannot be reached.
The problem is that is not apparent at a glance..)


Best Regards
Masahiro Yamada


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2] param: add error check to __dev_add_param()

[Sascha Hauer]

On Thu, Jan 29, 2015 at 06:21:39PM +0900, Masahiro Yamada wrote:
> Hi Sascha,
> 
> On Thu, 29 Jan 2015 10:06:22 +0100
> Sascha Hauer <s.hauer@pengutronix.de> wrote:
> 
> > On Thu, Jan 29, 2015 at 11:46:53AM +0900, Masahiro Yamada wrote:
> > > If the argument, name is given with NULL, it would be probably
> > > unexpected behavior.  It should fail rather than register the
> > > NULL-named parameter.
> > > 
> > > If strdup() fails with out-of-memory, it should also fail
> > > with -ENOMEM.
> > > 
> > > Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
> > > ---
> > > 
> > > Changes in v2:
> > >   - Fix the condition of returning -ENOMEM
> > > 
> > >  lib/parameter.c | 8 +++++++-
> > >  1 file changed, 7 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/lib/parameter.c b/lib/parameter.c
> > > index 71262c4..02a89bb 100644
> > > --- a/lib/parameter.c
> > > +++ b/lib/parameter.c
> > > @@ -130,6 +130,13 @@ static int __dev_add_param(struct param_d *param, struct device_d *dev, const ch
> > >  	if (get_param_by_name(dev, name))
> > >  		return -EEXIST;
> > >  
> > > +	if (!name)
> > > +		return -EINVAL;
> > 
> > Name is used already two lines above so barebox will already be crashed
> > before this triggers.
> > 
> > Besides, I normally don't like these checks. dereferencing NULL pointers
> > means you get a backtrace showing you what went wrong. Returning an error
> > means adding code which in this case makes dev_add_param just fail
> > silently because the return value often is not checked.
> > 
> 
> OK, then how about dropping this -EINVAL check?

Yes, please.

> 
> I think the -ENOMEM check below is still useful.
> ( strdup() returns NULL also when NULL is passed,
> but in that case this line cannot be reached.
> The problem is that is not apparent at a glance..)

Note we also have xstrdup which crashes barebox on out of memory. This
is usually the right thing to do when it's known that the allocation is
small.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2] param: add error check to __dev_add_param()

[Masahiro Yamada]

Hi Sascha,

On Thu, 29 Jan 2015 10:32:12 +0100
Sascha Hauer <s.hauer@pengutronix.de> wrote:

> On Thu, Jan 29, 2015 at 06:21:39PM +0900, Masahiro Yamada wrote:
> > Hi Sascha,
> > 
> > On Thu, 29 Jan 2015 10:06:22 +0100
> > Sascha Hauer <s.hauer@pengutronix.de> wrote:
> > 
> > > On Thu, Jan 29, 2015 at 11:46:53AM +0900, Masahiro Yamada wrote:
> > > > If the argument, name is given with NULL, it would be probably
> > > > unexpected behavior.  It should fail rather than register the
> > > > NULL-named parameter.
> > > > 
> > > > If strdup() fails with out-of-memory, it should also fail
> > > > with -ENOMEM.
> > > > 
> > > > Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
> > > > ---
> > > > 
> > > > Changes in v2:
> > > >   - Fix the condition of returning -ENOMEM
> > > > 
> > > >  lib/parameter.c | 8 +++++++-
> > > >  1 file changed, 7 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/lib/parameter.c b/lib/parameter.c
> > > > index 71262c4..02a89bb 100644
> > > > --- a/lib/parameter.c
> > > > +++ b/lib/parameter.c
> > > > @@ -130,6 +130,13 @@ static int __dev_add_param(struct param_d *param, struct device_d *dev, const ch
> > > >  	if (get_param_by_name(dev, name))
> > > >  		return -EEXIST;
> > > >  
> > > > +	if (!name)
> > > > +		return -EINVAL;
> > > 
> > > Name is used already two lines above so barebox will already be crashed
> > > before this triggers.
> > > 
> > > Besides, I normally don't like these checks. dereferencing NULL pointers
> > > means you get a backtrace showing you what went wrong. Returning an error
> > > means adding code which in this case makes dev_add_param just fail
> > > silently because the return value often is not checked.
> > > 
> > 
> > OK, then how about dropping this -EINVAL check?
> 
> Yes, please.


I did that in v3.


> > 
> > I think the -ENOMEM check below is still useful.
> > ( strdup() returns NULL also when NULL is passed,
> > but in that case this line cannot be reached.
> > The problem is that is not apparent at a glance..)
> 
> Note we also have xstrdup which crashes barebox on out of memory. This
> is usually the right thing to do when it's known that the allocation is
> small.
> 

I stopped and I have been thinking about it.
I hesitate a bit to replace it with xstrdup().  I feel like being lazy.

So, I did not do this in v3.



Best Regards
Masahiro Yamada


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2] param: add error check to __dev_add_param()

[Masahiro Yamada]

Hi Sascha,



On Thu, 29 Jan 2015 10:06:22 +0100
Sascha Hauer <s.hauer@pengutronix.de> wrote:

> Besides, I normally don't like these checks. dereferencing NULL pointers
> means you get a backtrace showing you what went wrong. Returning an error
> means adding code which in this case makes dev_add_param just fail
> silently because the return value often is not checked.
> 

What a coincidence!
Actually, I was writing the following patch yesterday:




> Author: Masahiro Yamada <yamada.m@jp.panasonic.com>
> Date:   Wed Jan 28 22:07:59 2015 +0900
> 
>     param: do not search NULL-named parameter
>     
>     If the argument name is given with NULL, it is passed to strcmp()
>     resulting in NULL-pointer access.  It would be safer to return NULL
>     (which means "Not found") in such a case.
>     
>     Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
> 
> diff --git a/lib/parameter.c b/lib/parameter.c
> index 865ad9f..c37d877 100644
> --- a/lib/parameter.c
> +++ b/lib/parameter.c
> @@ -33,6 +33,9 @@ struct param_d *get_param_by_name(struct device_d *dev, const char *name)
>  {
>         struct param_d *p;
>  
> +       if (!name)
> +               return NULL;
> +
>         list_for_each_entry(p, &dev->parameters, list) {
>                 if (!strcmp(p->name, name))
>                         return p;


Do you mean, you do not like such a patch?



Best Regards
Masahiro Yamada


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2] param: add error check to __dev_add_param()

[Sascha Hauer]

On Thu, Jan 29, 2015 at 07:47:31PM +0900, Masahiro Yamada wrote:
> Hi Sascha,
> 
> On Thu, 29 Jan 2015 10:32:12 +0100
> > > > > @@ -130,6 +130,13 @@ static int __dev_add_param(struct param_d *param, struct device_d *dev, const ch
> > > > >  	if (get_param_by_name(dev, name))
> > > > >  		return -EEXIST;
> > > > >  
> > > > > +	if (!name)
> > > > > +		return -EINVAL;
> > > > 
> > > > Name is used already two lines above so barebox will already be crashed
> > > > before this triggers.
> > > > 
> > > > Besides, I normally don't like these checks. dereferencing NULL pointers
> > > > means you get a backtrace showing you what went wrong. Returning an error
> > > > means adding code which in this case makes dev_add_param just fail
> > > > silently because the return value often is not checked.
> > > > 
> > > 
> > > OK, then how about dropping this -EINVAL check?
> > 
> > Yes, please.
> 
> 
> I did that in v3.
> 
> 
> > > 
> > > I think the -ENOMEM check below is still useful.
> > > ( strdup() returns NULL also when NULL is passed,
> > > but in that case this line cannot be reached.
> > > The problem is that is not apparent at a glance..)
> > 
> > Note we also have xstrdup which crashes barebox on out of memory. This
> > is usually the right thing to do when it's known that the allocation is
> > small.
> > 
> 
> I stopped and I have been thinking about it.
> I hesitate a bit to replace it with xstrdup().  I feel like being lazy.
> 
> So, I did not do this in v3.

The name of the parameter can be passed in by the user via the 'global'
command, so using strdup instead seems like a good idea here.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox