From patchwork Fri Sep 11 10:21:06 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Jo=C3=A3o_Marcos_Costa?=
 <jmcosta944@gmail.com>
X-Patchwork-Id: 1362392
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=bZ95cXqA;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BntHb1Z8Gz9sRf
	for <incoming@patchwork.ozlabs.org>; Fri, 11 Sep 2020 21:06:48 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 733B3822CD;
	Fri, 11 Sep 2020 13:06:37 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.b="bZ95cXqA";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 0C45182314; Fri, 11 Sep 2020 12:21:11 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham
 autolearn_force=no version=3.4.2
Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com
 [IPv6:2a00:1450:4864:20::443])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 62F31822D7
 for <u-boot@lists.denx.de>; Fri, 11 Sep 2020 12:21:08 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=jmcosta944@gmail.com
Received: by mail-wr1-x443.google.com with SMTP id m6so10971707wrn.0
 for <u-boot@lists.denx.de>; Fri, 11 Sep 2020 03:21:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id;
 bh=J5hY8A1qith+rrJn46RJ/0jVG1Z0+KKqNFj2/p64XGE=;
 b=bZ95cXqAqUa8twoxmvXCJiOzLXupMwii4s401LUvNc+EdY6482nxN/mn13SxibLb6m
 3JG8QkJNB9MMLCCeHEcs3Rgkutu59TG0pZgkULRl8kBqFKye0GrIuuJK6u0ypZtvAOBs
 5DBPrV4ZJFEddmUr1kT8EurjhlU0pAh+z4DjT/1KoTe4QatKAQM21vaOup+W28FCCe6L
 I8vAKB5H0Fxy6GVFybDEASRV+qDf1FTAQB+GQE942QvKt1SGq/FgO7dPfXmtoEgjtk3a
 rz/R9p1slpKYF1rGrtT3FOTMIvXyvJJmquhp3qbUZd48WPFfBB/cY9muwYmBTlD4WjQd
 U2fQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=J5hY8A1qith+rrJn46RJ/0jVG1Z0+KKqNFj2/p64XGE=;
 b=dyviD6wGSHvFpv4+4s5s5bmY9sGr5ifj5+I5DuplVaXa0wtneugFkpd60MQv5nb/8O
 uDKatV8jFjF2KZaI/ni9ssPkQl1zbmuQ7RoRl8b9iQf4Y3uu/6KCLC27k+VAfunqRqsH
 tY7f9Q/b1gbonATTfq0ye3MQmyFEc7IWEeFbrdwG3lrXAyxT7jpJ4xUix5ghF25szR/T
 dElejEEcKDVPP0JgGMkGUFLbILzvytpvy21ivqMyyR/E24AiBjT6bNxFTGKOgJ5d9lXR
 GpMUrtTmHH3B3/w30GiWGXO6Sw5C2g2wgLn03EsmUHtNeA+ZY0qUb1ZSB7ucowQp6wT1
 Wa+w==
X-Gm-Message-State: AOAM533nwc2d+AzERBMSao4BCbU/MFDYTeQ2rE0kuBu7PWtpom5jr8pv
 WMPgHHZrHenGdyTlzreHMnjFgb7wzoPllg==
X-Google-Smtp-Source: 
 ABdhPJxTytuYsR7joKwI5ijXcPvkpU7GXR91g2t8wr5vW3uFXD8PQ899mVlGSZkLnirIQbefvP9wAw==
X-Received: by 2002:a5d:68d1:: with SMTP id p17mr1300377wrw.378.1599819667801;
 Fri, 11 Sep 2020 03:21:07 -0700 (PDT)
Received: from joaomcosta-Latitude-E7470.lan
 ([2a03:7220:8080:6701:9dc4:32d0:4010:a205])
 by smtp.googlemail.com with ESMTPSA id v9sm3959301wrv.35.2020.09.11.03.21.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 11 Sep 2020 03:21:07 -0700 (PDT)
From: Joao Marcos Costa <jmcosta944@gmail.com>
To: u-boot@lists.denx.de
Cc: jmcosta944@gmail.com
Subject: [PATCH] fs/squashfs: Fix Coverity Scan defects
Date: Fri, 11 Sep 2020 12:21:06 +0200
Message-Id: <20200911102106.2610-1-jmcosta944@gmail.com>
X-Mailer: git-send-email 2.17.1
X-Mailman-Approved-At: Fri, 11 Sep 2020 13:06:36 +0200
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

Fix control flow issues and null pointer dereferences.

Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
---
 fs/squashfs/sqfs.c       | 20 +++++++++++++-------
 fs/squashfs/sqfs_dir.c   |  3 +--
 fs/squashfs/sqfs_inode.c |  5 ++++-
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index f67f7c4a40..15208b4dab 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -154,7 +154,7 @@ static int sqfs_frag_lookup(u32 inode_fragment_index,
 	header = get_unaligned_le16(metadata_buffer + table_offset);
 	metadata = metadata_buffer + table_offset + SQFS_HEADER_SIZE;
 
-	if (!metadata) {
+	if (!metadata || !header) {
 		ret = -ENOMEM;
 		goto free_buffer;
 	}
@@ -434,9 +434,9 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
 {
 	struct squashfs_super_block *sblk = ctxt.sblk;
 	char *path, *target, **sym_tokens, *res, *rem;
-	struct squashfs_ldir_inode *ldir = NULL;
 	int j, ret, new_inode_number, offset;
 	struct squashfs_symlink_inode *sym;
+	struct squashfs_ldir_inode *ldir;
 	struct squashfs_dir_inode *dir;
 	struct fs_dir_stream *dirsp;
 	struct fs_dirent *dent;
@@ -448,8 +448,8 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
 	table = sqfs_find_inode(dirs->inode_table, le32_to_cpu(sblk->inodes),
 				sblk->inodes, sblk->block_size);
 
-	/* root is a regular directory, not an extended one */
 	dir = (struct squashfs_dir_inode *)table;
+	ldir = (struct squashfs_ldir_inode *)table;
 
 	/* get directory offset in directory table */
 	offset = sqfs_dir_offset(table, m_list, m_count);
@@ -1146,7 +1146,10 @@ static int sqfs_get_regfile_info(struct squashfs_reg_inode *reg,
 	finfo->start = get_unaligned_le32(&reg->start_block);
 	finfo->frag = SQFS_IS_FRAGMENTED(get_unaligned_le32(&reg->fragment));
 
-	if (finfo->size < 1 || finfo->offset < 0 || finfo->start < 0)
+	if (finfo->frag && finfo->offset == 0xFFFFFFFF)
+		return -EINVAL;
+
+	if (finfo->size < 1 || finfo->start == 0xFFFFFFFF)
 		return -EINVAL;
 
 	if (finfo->frag) {
@@ -1156,7 +1159,7 @@ static int sqfs_get_regfile_info(struct squashfs_reg_inode *reg,
 		if (ret < 0)
 			return -EINVAL;
 		finfo->comp = true;
-		if (fentry->size < 1 || fentry->start < 0)
+		if (fentry->size < 1 || fentry->start == 0x7FFFFFFF)
 			return -EINVAL;
 	} else {
 		datablk_count = DIV_ROUND_UP(finfo->size, le32_to_cpu(blksz));
@@ -1181,7 +1184,10 @@ static int sqfs_get_lregfile_info(struct squashfs_lreg_inode *lreg,
 	finfo->start = get_unaligned_le64(&lreg->start_block);
 	finfo->frag = SQFS_IS_FRAGMENTED(get_unaligned_le32(&lreg->fragment));
 
-	if (finfo->size < 1 || finfo->offset < 0 || finfo->start < 0)
+	if (finfo->frag && finfo->offset == 0xFFFFFFFF)
+		return -EINVAL;
+
+	if (finfo->size < 1 || finfo->start == 0x7FFFFFFF)
 		return -EINVAL;
 
 	if (finfo->frag) {
@@ -1191,7 +1197,7 @@ static int sqfs_get_lregfile_info(struct squashfs_lreg_inode *lreg,
 		if (ret < 0)
 			return -EINVAL;
 		finfo->comp = true;
-		if (fentry->size < 1 || fentry->start < 0)
+		if (fentry->size < 1 || fentry->start == 0x7FFFFFFF)
 			return -EINVAL;
 	} else {
 		datablk_count = DIV_ROUND_UP(finfo->size, le32_to_cpu(blksz));
diff --git a/fs/squashfs/sqfs_dir.c b/fs/squashfs/sqfs_dir.c
index 00d2891e7d..a265b98fe6 100644
--- a/fs/squashfs/sqfs_dir.c
+++ b/fs/squashfs/sqfs_dir.c
@@ -34,8 +34,7 @@ int sqfs_dir_offset(void *dir_i, u32 *m_list, int m_count)
 	struct squashfs_ldir_inode *ldir;
 	struct squashfs_dir_inode *dir;
 	u32 start_block;
-	u16 offset;
-	int j;
+	int j, offset;
 
 	switch (get_unaligned_le16(&base->inode_type)) {
 	case SQFS_DIR_TYPE:
diff --git a/fs/squashfs/sqfs_inode.c b/fs/squashfs/sqfs_inode.c
index 1387779a85..1368f3063c 100644
--- a/fs/squashfs/sqfs_inode.c
+++ b/fs/squashfs/sqfs_inode.c
@@ -142,8 +142,11 @@ int sqfs_read_metablock(unsigned char *file_mapping, int offset,
 	u16 header;
 
 	data = file_mapping + offset;
+	if (!data)
+		return -EFAULT;
+
 	header = get_unaligned((u16 *)data);
-	if (!header || !data)
+	if (!header)
 		return -EINVAL;
 
 	*compressed = SQFS_COMPRESSED_METADATA(header);