covscan: fix miscellaneaous errors (iovisor#2003)

* Coverity #def53: COPY_PASTE_ERROR

* Coverity #def18: DC.STREAM_BUFFER. Double-check max length of dev

* Coverity #def44: MISSING_BREAK. This looks like it should be here

* Coverity #def67: STRING_NULL: potential OOB read if 0 bytes read.

* Coverity #def66: FORWARD_NULL: potential null ptr deref

* Coverity #def17: RESOURCE_LEAK: missing free()

* Dont free the result of dirname

dirname() may return pointers to statically allocated memory. Don't
free the pointer it returns.

Author: jeromemarchand

src/cc/bcc_elf.c

@@ -398,6 +398,7 @@ static int verify_checksum(const char *file, unsigned int crc) {
 static char *find_debug_via_debuglink(Elf *e, const char *binpath,
                                       int check_crc) {
   char fullpath[PATH_MAX];
+  char *tmppath;
   char *bindir = NULL;
   char *res = NULL;
   unsigned int crc;
@@ -406,8 +407,8 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath,
   if (!find_debuglink(e, &name, &crc))
     return NULL;
 
-  bindir = strdup(binpath);
-  bindir = dirname(bindir);
+  tmppath = strdup(binpath);
+  bindir = dirname(tmppath);
 
   // Search for the file in 'binpath', but ignore the file we find if it
   // matches the binary itself: the binary will always be probed later on,
@@ -434,9 +435,11 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath,
   }
 
 DONE:
-  free(bindir);
-  if (res && check_crc && !verify_checksum(res, crc))
+  free(tmppath);
+  if (res && check_crc && !verify_checksum(res, crc)) {
+    free(res);
     return NULL;
+  }
   return res;
 }
 

src/cc/bcc_proc.c

@@ -92,14 +92,14 @@ int bcc_procutils_each_module(int pid, bcc_procutils_modulecb callback,
   if (!procmap)
     return -1;
 
-  char buf[PATH_MAX + 1], perm[5], dev[8];
+  char buf[PATH_MAX + 1], perm[5], dev[6];
   char *name;
   uint64_t begin, end, inode;
   unsigned long long offset;
   while (true) {
     buf[0] = '\0';
     // From fs/proc/task_mmu.c:show_map_vma
-    if (fscanf(procmap, "%lx-%lx %s %llx %s %lu%[^\n]", &begin, &end, perm,
+    if (fscanf(procmap, "%lx-%lx %4s %llx %5s %lu%[^\n]", &begin, &end, perm,
                &offset, dev, &inode, buf) != 7)
       break;
 

src/cc/frontends/b/type_check.cc

@@ -204,6 +204,7 @@ StatusTuple TypeCheck::visit_binop_expr_node(BinopExprNode *n) {
     case Tok::TCGT:
     case Tok::TCGE:
       n->bit_width_ = 1;
+      break;
     default:
       n->bit_width_ = std::max(n->lhs_->bit_width_, n->rhs_->bit_width_);
   }

src/cc/frontends/p4/compiler/ebpfTable.py

@@ -110,7 +110,7 @@ def __init__(self, match_fields, program):
                 ebpfHeader = program.getInstance(instance.name)
                 assert isinstance(ebpfHeader, ebpfInstance.SimpleInstance)
                 basetype = ebpfHeader.type
-                eInstance = program.getInstance(instance.base_name)
+                eInstance = program.getInstance(instance.name)
 
             ebpfField = basetype.getField(fieldname)
             assert isinstance(ebpfField, ebpfStructType.EbpfField)

src/cc/libbpf.c

@@ -521,14 +521,16 @@ int bpf_prog_load(enum bpf_prog_type prog_type, const char *name,
     }
   }
 
-  if (strncmp(name, "kprobe__", 8) == 0)
-    name_offset = 8;
-  else if (strncmp(name, "tracepoint__", 12) == 0)
-    name_offset = 12;
-  else if (strncmp(name, "raw_tracepoint__", 16) == 0)
-    name_offset = 16;
-  memcpy(attr.prog_name, name + name_offset,
-         min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1));
+  if (name_len) {
+    if (strncmp(name, "kprobe__", 8) == 0)
+      name_offset = 8;
+    else if (strncmp(name, "tracepoint__", 12) == 0)
+      name_offset = 12;
+    else if (strncmp(name, "raw_tracepoint__", 16) == 0)
+      name_offset = 16;
+    memcpy(attr.prog_name, name + name_offset,
+           min(name_len - name_offset, BPF_OBJ_NAME_LEN - 1));
+  }
 
   ret = syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr));
   // BPF object name is not supported on older Kernels.
@@ -698,7 +700,7 @@ static int bpf_get_retprobe_bit(const char *event_type)
   close(fd);
   if (ret < 0 || ret >= sizeof(buf))
     return -1;
-  if (strlen(buf) < strlen("config:"))
+  if (strncmp(buf, "config:", strlen("config:")))
     return -1;
   errno = 0;
   ret = (int)strtol(buf + strlen("config:"), NULL, 10);