Fix FORWARD_NULL errors found by Coverity
Error: FORWARD_NULL (CWE-476): [#def50] These errors could lead to crashes in the code. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
parent
8dfdbe91bf
commit
8bcc55a5ee
|
|
@ -656,7 +656,7 @@ func runUsingChrootExecMain() {
|
|||
// Set the hostname. We're already in a distinct UTS namespace and are admins in the user
|
||||
// namespace which created it, so we shouldn't get a permissions error, but seccomp policy
|
||||
// might deny our attempt to call sethostname() anyway, so log a debug message for that.
|
||||
if options.Spec.Hostname != "" {
|
||||
if options.Spec != nil && options.Spec.Hostname != "" {
|
||||
if err := unix.Sethostname([]byte(options.Spec.Hostname)); err != nil {
|
||||
logrus.Debugf("failed to set hostname %q for process: %v", options.Spec.Hostname, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -174,12 +174,14 @@ func deleteImages(ctx context.Context, systemContext *types.SystemContext, store
|
|||
|
||||
// Need to fetch the image state again after making changes to it i.e untag
|
||||
// because only a copy of the image state is returned
|
||||
image, err = getImage(ctx, systemContext, store, image.ID)
|
||||
if err != nil || image == nil {
|
||||
image1, err := getImage(ctx, systemContext, store, image.ID)
|
||||
if err != nil || image1 == nil {
|
||||
if lastError != nil {
|
||||
fmt.Fprintln(os.Stderr, lastError)
|
||||
}
|
||||
lastError = errors.Wrapf(err, "error getting image after untag %q", image.ID)
|
||||
} else {
|
||||
image = image1
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
2
image.go
2
image.go
|
|
@ -627,7 +627,7 @@ func (i *containerImageSource) GetBlob(ctx context.Context, blob types.BlobInfo,
|
|||
logrus.Debugf("error checking for layer %q in %q: %v", blob.Digest.String(), path, err)
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
if err != nil || layerFile == nil {
|
||||
logrus.Debugf("error reading layer %q: %v", blob.Digest.String(), err)
|
||||
return nil, -1, errors.Wrapf(err, "error opening file %q to buffer layer blob", filepath.Join(i.path, blob.Digest.String()))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -296,6 +296,9 @@ func (s *supplementedImageSource) Close() error {
|
|||
}
|
||||
closed[sourceInstance] = struct{}{}
|
||||
}
|
||||
if returnErr == nil {
|
||||
return nil
|
||||
}
|
||||
return returnErr.ErrorOrNil()
|
||||
}
|
||||
|
||||
|
|
@ -340,13 +343,17 @@ func (s *supplementedImageSource) HasThreadSafeGetBlob() bool {
|
|||
}
|
||||
|
||||
func (s *supplementedImageSource) GetSignatures(ctx context.Context, instanceDigest *digest.Digest) ([][]byte, error) {
|
||||
var src types.ImageSource
|
||||
var (
|
||||
src types.ImageSource
|
||||
digest digest.Digest
|
||||
)
|
||||
requestInstanceDigest := instanceDigest
|
||||
if instanceDigest == nil {
|
||||
if sourceInstance, ok := s.sourceInstancesByInstance[""]; ok {
|
||||
src = sourceInstance
|
||||
}
|
||||
} else {
|
||||
digest = *instanceDigest
|
||||
if sourceInstance, ok := s.sourceInstancesByInstance[*instanceDigest]; ok {
|
||||
src = sourceInstance
|
||||
}
|
||||
|
|
@ -357,7 +364,7 @@ func (s *supplementedImageSource) GetSignatures(ctx context.Context, instanceDig
|
|||
if src != nil {
|
||||
return src.GetSignatures(ctx, requestInstanceDigest)
|
||||
}
|
||||
return nil, errors.Wrapf(ErrDigestNotFound, "error finding instance for instance digest %q to read signatures", *instanceDigest)
|
||||
return nil, errors.Wrapf(ErrDigestNotFound, "error finding instance for instance digest %q to read signatures", digest)
|
||||
}
|
||||
|
||||
func (s *supplementedImageSource) LayerInfosForCopy(ctx context.Context, instanceDigest *digest.Digest) ([]types.BlobInfo, error) {
|
||||
|
|
|
|||
7
pull.go
7
pull.go
|
|
@ -216,8 +216,13 @@ func Pull(ctx context.Context, imageName string, options PullOptions) (imageID s
|
|||
} else {
|
||||
imageID = img.ID
|
||||
}
|
||||
if errs == nil {
|
||||
err = nil
|
||||
} else {
|
||||
err = errs.ErrorOrNil()
|
||||
}
|
||||
|
||||
return imageID, errs.ErrorOrNil()
|
||||
return imageID, err
|
||||
}
|
||||
|
||||
func pullImage(ctx context.Context, store storage.Store, srcRef types.ImageReference, options PullOptions, sc *types.SystemContext) (types.ImageReference, error) {
|
||||
|
|
|
|||
16
run_linux.go
16
run_linux.go
|
|
@ -702,7 +702,9 @@ func runUsingRuntime(isolation Isolation, options RunOptions, configureNetwork b
|
|||
return 1, errors.Wrapf(err, "error creating pipe for notifying to stop stdio")
|
||||
}
|
||||
finishedCopy := make(chan struct{})
|
||||
var pargs []string
|
||||
if spec.Process != nil {
|
||||
pargs = spec.Process.Args
|
||||
if spec.Process.Terminal {
|
||||
copyConsole = true
|
||||
// Create a listening socket for accepting the container's terminal's PTY master.
|
||||
|
|
@ -773,7 +775,7 @@ func runUsingRuntime(isolation Isolation, options RunOptions, configureNetwork b
|
|||
logrus.Debugf("Running %q", create.Args)
|
||||
err = create.Run()
|
||||
if err != nil {
|
||||
return 1, errors.Wrapf(err, "error creating container for %v: %s", spec.Process.Args, runCollectOutput(errorFds, closeBeforeReadingErrorFds))
|
||||
return 1, errors.Wrapf(err, "error creating container for %v: %s", pargs, runCollectOutput(errorFds, closeBeforeReadingErrorFds))
|
||||
}
|
||||
defer func() {
|
||||
err2 := del.Run()
|
||||
|
|
@ -808,7 +810,7 @@ func runUsingRuntime(isolation Isolation, options RunOptions, configureNetwork b
|
|||
}()
|
||||
|
||||
if configureNetwork {
|
||||
teardown, err := runConfigureNetwork(isolation, options, configureNetworks, pid, containerName, spec.Process.Args)
|
||||
teardown, err := runConfigureNetwork(isolation, options, configureNetworks, pid, containerName, pargs)
|
||||
if teardown != nil {
|
||||
defer teardown()
|
||||
}
|
||||
|
|
@ -1044,6 +1046,9 @@ func runConfigureNetwork(isolation Isolation, options RunOptions, configureNetwo
|
|||
}
|
||||
continue
|
||||
}
|
||||
if nc.Network == nil {
|
||||
continue
|
||||
}
|
||||
cl, err := libcni.ConfListFromConf(nc)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "error converting networking configuration from file %q for %v", file, command)
|
||||
|
|
@ -1450,8 +1455,13 @@ func runUsingRuntimeMain() {
|
|||
if err := setChildProcess(); err != nil {
|
||||
os.Exit(1)
|
||||
}
|
||||
var ospec *specs.Spec
|
||||
if options.Spec != nil {
|
||||
ospec = options.Spec
|
||||
}
|
||||
|
||||
// Run the container, start to finish.
|
||||
status, err := runUsingRuntime(options.Isolation, options.Options, options.ConfigureNetwork, options.ConfigureNetworks, options.MoreCreateArgs, options.Spec, options.BundlePath, options.ContainerName)
|
||||
status, err := runUsingRuntime(options.Isolation, options.Options, options.ConfigureNetwork, options.ConfigureNetworks, options.MoreCreateArgs, ospec, options.BundlePath, options.ContainerName)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "error running container: %v\n", err)
|
||||
os.Exit(1)
|
||||
|
|
|
|||
|
|
@ -365,7 +365,7 @@ func GetHostIDs(uidmap, gidmap []specs.LinuxIDMapping, uid, gid uint32) (uint32,
|
|||
// GetHostRootIDs uses ID mappings in spec to compute the host-level IDs that will
|
||||
// correspond to UID/GID 0/0 in the container.
|
||||
func GetHostRootIDs(spec *specs.Spec) (uint32, uint32, error) {
|
||||
if spec.Linux == nil {
|
||||
if spec == nil || spec.Linux == nil {
|
||||
return 0, 0, nil
|
||||
}
|
||||
return GetHostIDs(spec.Linux.UIDMappings, spec.Linux.GIDMappings, 0, 0)
|
||||
|
|
|
|||
Loading…
Reference in New Issue