[perftest,11/23] raw_ethernet_resources: fix possible NULL math

Commit Message

Jarod Wilson Aug. 18, 2016, 5:32 p.m. UTC

While unlikely to happen in reality, there are code paths that could be
taken, where we have the case of X = NULL, then X = X + 1;. Fix 'em.

Error: FORWARD_NULL (CWE-476): [#def39]
perftest-3.0/src/raw_ethernet_resources.c:404: assign_zero: Assigning: "header_buff" = "NULL".
perftest-3.0/src/raw_ethernet_resources.c:419: alias_transfer: Assigning: "header_buff" = "header_buff + 20UL".
perftest-3.0/src/raw_ethernet_resources.c:421: var_deref_model: Passing null pointer "header_buff" to "gen_tcp_header", which dereferences it.
perftest-3.0/src/raw_ethernet_resources.c:173:2: deref_parm_in_call: Function "memcpy" dereferences "TCP_header_buffer". [Note: The source code implementation of the function has been overridden by a builtin model.]
 #  419|   		header_buff = header_buff + sizeof(struct IP_V4_header);
 #  420|   		if (user_param->tcp)
 #  421|-> 			gen_tcp_header(header_buff, my_dest_info->port + flows_offset,
 #  422|   				       rem_dest_info->port + flows_offset);
 #  423|   		else

Error: FORWARD_NULL (CWE-476): [#def40]
perftest-3.0/src/raw_ethernet_resources.c:404: assign_zero: Assigning: "header_buff" = "NULL".
perftest-3.0/src/raw_ethernet_resources.c:419: alias_transfer: Assigning: "header_buff" = "header_buff + 20UL".
perftest-3.0/src/raw_ethernet_resources.c:424: var_deref_model: Passing null pointer "header_buff" to "gen_udp_header", which dereferences it.
perftest-3.0/src/raw_ethernet_resources.c:156:2: deref_parm_in_call: Function "memcpy" dereferences "UDP_header_buffer". [Note: The source code implementation of the function has been overridden by a builtin model.]
 #  422|   				       rem_dest_info->port + flows_offset);
 #  423|   		else
 #  424|-> 			gen_udp_header(header_buff, my_dest_info->port + flows_offset,
 #  425|   				       rem_dest_info->port+ flows_offset, pkt_size);
 #  426|

CC: Gil Rockah <gilr@mellanox.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
---
 src/raw_ethernet_resources.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/src/raw_ethernet_resources.c b/src/raw_ethernet_resources.c
index 3b1516e..d087cab 100755
--- a/src/raw_ethernet_resources.c
+++ b/src/raw_ethernet_resources.c
@@ -406,11 +406,11 @@  void build_pkt_on_buffer(struct ETH_header* eth_header,
 	int is_udp_or_tcp = user_param->is_client_port && user_param->is_server_port;
 
 	gen_eth_header(eth_header, my_dest_info->mac, rem_dest_info->mac, eth_type);
+	header_buff = (void*)eth_header + sizeof(struct ETH_header);
 
 	if(have_ip_header) {
 		int offset = is_udp_or_tcp ? 0 : flows_offset;
 
-		header_buff = (void*)eth_header + sizeof(struct ETH_header);
 		gen_ip_header(header_buff, &my_dest_info->ip, &rem_dest_info->ip,
 			      ip_next_protocol, pkt_size, user_param->tos, offset);
 	}