[ndctl] ndctl: clamp dimm formats

Commit Message

Dan Williams June 26, 2017, 6:52 p.m. UTC

Static analysis warns about unbounded values of 'formats' being passed
to calloc. Clamp to the known allowed values.

This also updates the max() macro to avoid 'variable shadowed' warnings.

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 ccan/minmax/minmax.h |    8 ++++----
 ndctl/lib/libndctl.c |    2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

Patch

diff --git a/ccan/minmax/minmax.h b/ccan/minmax/minmax.h
index d111d1bc3809..54f246cc112d 100644
--- a/ccan/minmax/minmax.h
+++ b/ccan/minmax/minmax.h
@@ -32,10 +32,10 @@ 
 
 #define max(a, b) \
 	({ \
-		typeof(a) _a = (a); \
-		typeof(b) _b = (b); \
-		MINMAX_ASSERT_COMPATIBLE(typeof(_a), typeof(_b)); \
-		_a > _b ? _a : _b; \
+		typeof(a) __a = (a); \
+		typeof(b) __b = (b); \
+		MINMAX_ASSERT_COMPATIBLE(typeof(__a), typeof(__b)); \
+		__a > __b ? __a : __b; \
 	})
 
 #define clamp(v, f, c)	(max(min((v), (c)), (f)))
diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c
index 4acebc05d6db..3b34a10fd429 100644
--- a/ndctl/lib/libndctl.c
+++ b/ndctl/lib/libndctl.c
@@ -1170,7 +1170,7 @@  static void *add_dimm(void *parent, int id, const char *dimm_base)
 	if (sysfs_read_attr(ctx, path, buf) < 0)
 		formats = 1;
 	else
-		formats = strtoul(buf, NULL, 0);
+		formats = clamp(strtoul(buf, NULL, 0), 1UL, 2UL);
 
 	dimm = calloc(1, sizeof(*dimm) + sizeof(int) * formats);
 	if (!dimm)