pellepl · robert-b · Oct 30, 2017 · Oct 31, 2017 · Dec 1, 2017 · Dec 4, 2017
diff --git a/build/run_valgrind.sh b/build/run_valgrind.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+valgrind -v --show-reachable=yes --track-origins=yes --leak-check=full ./linux_spiffs_test &> valgrind_output.txt
+
diff --git a/src/spiffs_cache.c b/src/spiffs_cache.c
@@ -17,6 +17,10 @@ static spiffs_cache_page *spiffs_cache_page_get(spiffs *fs, spiffs_page_ix pix)
   int i;
   for (i = 0; i < cache->cpage_count; i++) {
     spiffs_cache_page *cp = spiffs_get_cache_page_hdr(fs, cache, i);
+    if (NULL == cp)
+    {
+    	return 0;
+    }
     if ((cache->cpage_use_map & (1<<i)) &&
         (cp->flags & SPIFFS_CACHE_FLAG_TYPE_WR) == 0 &&
         cp->pix == pix ) {
@@ -165,6 +169,7 @@ s32_t spiffs_phys_rd(
       if (res2 != SPIFFS_OK) {
         // honor read failure before possible write failure (bad idea?)
         res = res2;
+        return res2;
       }
       u8_t *mem =  spiffs_get_cache_page(fs, cache, cp->ix);
       _SPIFFS_MEMCPY(dst, &mem[SPIFFS_PADDR_TO_PAGE_OFFSET(fs, addr)], len);
@@ -174,6 +179,7 @@ s32_t spiffs_phys_rd(
       if (res2 != SPIFFS_OK) {
         // honor read failure before possible write failure (bad idea?)
         res = res2;
+        return res2;
       }
     }
   }

diff --git a/src/spiffs_gc.c b/src/spiffs_gc.c
@@ -107,9 +107,11 @@ s32_t spiffs_gc_quick(
 // Checks if garbage collecting is necessary. If so a candidate block is found,
 // cleansed and erased
 s32_t spiffs_gc_check(
-    spiffs *fs,
-    u32_t len) {
-  s32_t res;
+                      spiffs *fs,
+                      u32_t   len
+					 )
+{
+  s32_t res = SPIFFS_OK;
   s32_t free_pages =
       (SPIFFS_PAGES_PER_BLOCK(fs) - SPIFFS_OBJ_LOOKUP_PAGES(fs)) * (fs->block_count-2)
       - fs->stats_p_allocated - fs->stats_p_deleted;

diff --git a/src/spiffs_nucleus.c b/src/spiffs_nucleus.c
@@ -16,7 +16,7 @@ static s32_t spiffs_page_data_check(spiffs *fs, spiffs_fd *fd, spiffs_page_ix pi
     return SPIFFS_ERR_INDEX_REF_INVALID;
   }
 #if SPIFFS_PAGE_CHECK
-  spiffs_page_header ph;
+  spiffs_page_header ph = {0};
   res = _spiffs_rd(
       fs, SPIFFS_OP_T_OBJ_DA | SPIFFS_OP_C_READ,
       fd->file_nbr,
@@ -45,7 +45,7 @@ static s32_t spiffs_page_index_check(spiffs *fs, spiffs_fd *fd, spiffs_page_ix p
     return SPIFFS_ERR_INDEX_INVALID;
   }
 #if SPIFFS_PAGE_CHECK
-  spiffs_page_header ph;
+  spiffs_page_header ph = {0};
   res = _spiffs_rd(
       fs, SPIFFS_OP_T_OBJ_IX | SPIFFS_OP_C_READ,
       fd->file_nbr,
@@ -233,7 +233,8 @@ s32_t spiffs_erase_block(
   // here we ignore res, just try erasing the block
   while (size > 0) {
     SPIFFS_DBG("erase "_SPIPRIad":"_SPIPRIi"\n", addr,  SPIFFS_CFG_PHYS_ERASE_SZ(fs));
-    SPIFFS_HAL_ERASE(fs, addr, SPIFFS_CFG_PHYS_ERASE_SZ(fs));
+    res = SPIFFS_HAL_ERASE(fs, addr, SPIFFS_CFG_PHYS_ERASE_SZ(fs));
+    SPIFFS_CHECK_RES(res);
 
     addr += SPIFFS_CFG_PHYS_ERASE_SZ(fs);
     size -= SPIFFS_CFG_PHYS_ERASE_SZ(fs);
@@ -275,10 +276,10 @@ s32_t spiffs_probe(
 
   // Read three magics, as one block may be in an aborted erase state.
   // At least two of these must contain magic and be in decreasing order.
-  spiffs_obj_id magic[3];
-  spiffs_obj_id bix_count[3];
+  spiffs_obj_id magic[3] = {0};
+  spiffs_obj_id bix_count[3] = {0};
 
-  spiffs_block_ix bix;
+  spiffs_block_ix bix = {0};
   for (bix = 0; bix < 3; bix++) {
     paddr = SPIFFS_MAGIC_PADDR(&dummy_fs, bix);
 #if SPIFFS_HAL_CALLBACK_EXTRA
@@ -347,8 +348,8 @@ static s32_t spiffs_obj_lu_scan_v(
 // Checks magic if enabled
 s32_t spiffs_obj_lu_scan(
     spiffs *fs) {
-  s32_t res;
-  spiffs_block_ix bix;
+  s32_t res = SPIFFS_OK;
+  spiffs_block_ix bix = {0};
   int entry;
 #if SPIFFS_USE_MAGIC
   spiffs_block_ix unerased_bix = (spiffs_block_ix)-1;
@@ -362,7 +363,7 @@ s32_t spiffs_obj_lu_scan(
   spiffs_obj_id erase_count_max = 0;
   while (bix < fs->block_count) {
 #if SPIFFS_USE_MAGIC
-    spiffs_obj_id magic;
+    spiffs_obj_id magic = 0;
     res = _spiffs_rd(fs,
         SPIFFS_OP_T_OBJ_LU2 | SPIFFS_OP_C_READ,
         0, SPIFFS_MAGIC_PADDR(fs, bix) ,
@@ -379,7 +380,7 @@ s32_t spiffs_obj_lu_scan(
       }
     }
 #endif
-    spiffs_obj_id erase_count;
+    spiffs_obj_id erase_count = 0;
     res = _spiffs_rd(fs,
         SPIFFS_OP_T_OBJ_LU2 | SPIFFS_OP_C_READ,
         0, SPIFFS_ERASE_COUNT_PADDR(fs, bix) ,
@@ -451,8 +452,9 @@ s32_t spiffs_obj_lu_find_free(
     spiffs_block_ix starting_block,
     int starting_lu_entry,
     spiffs_block_ix *block_ix,
-    int *lu_entry) {
-  s32_t res;
+    int *lu_entry)
+{
+  s32_t res = SPIFFS_OK;
   if (!fs->cleaning && fs->free_blocks < 2) {
     res = spiffs_gc_quick(fs, 0);
     if (res == SPIFFS_ERR_NO_DELETED_BLOCKS) {
@@ -505,8 +507,8 @@ static s32_t spiffs_obj_lu_find_id_and_span_v(
     int ix_entry,
     const void *user_const_p,
     void *user_var_p) {
-  s32_t res;
-  spiffs_page_header ph;
+  s32_t res = SPIFFS_OK;
+  spiffs_page_header ph = {0};
   spiffs_page_ix pix = SPIFFS_OBJ_LOOKUP_ENTRY_TO_PIX(fs, bix, ix_entry);
   res = _spiffs_rd(fs, 0, SPIFFS_OP_T_OBJ_LU2 | SPIFFS_OP_C_READ,
       SPIFFS_PAGE_TO_PADDR(fs, pix), sizeof(spiffs_page_header), (u8_t *)&ph);
@@ -530,9 +532,9 @@ s32_t spiffs_obj_lu_find_id_and_span(
     spiffs_span_ix spix,
     spiffs_page_ix exclusion_pix,
     spiffs_page_ix *pix) {
-  s32_t res;
-  spiffs_block_ix bix;
-  int entry;
+  s32_t res = SPIFFS_OK;
+  spiffs_block_ix bix = {0};
+  int entry = 0;
 
   res = spiffs_obj_lu_find_entry_visitor(fs,
       fs->cursor_block_ix,
@@ -569,9 +571,9 @@ s32_t spiffs_obj_lu_find_id_and_span_by_phdr(
     spiffs_span_ix spix,
     spiffs_page_ix exclusion_pix,
     spiffs_page_ix *pix) {
-  s32_t res;
-  spiffs_block_ix bix;
-  int entry;
+  s32_t res = SPIFFS_OK;
+  spiffs_block_ix bix = {0};
+  int entry = 0;
 
   res = spiffs_obj_lu_find_entry_visitor(fs,
       fs->cursor_block_ix,
@@ -670,7 +672,7 @@ static s32_t spiffs_populate_ix_map_v(
     const void *user_const_p,
     void *user_var_p) {
   (void)user_const_p;
-  s32_t res;
+  s32_t res = SPIFFS_OK;
   spiffs_ix_map_populate_state *state = (spiffs_ix_map_populate_state *)user_var_p;
   spiffs_page_ix pix = SPIFFS_OBJ_LOOKUP_ENTRY_TO_PIX(fs, bix, ix_entry);
 
@@ -710,7 +712,7 @@ static s32_t spiffs_populate_ix_map_v(
 
 // populates index map, from vector entry start to vector entry end, inclusive
 s32_t spiffs_populate_ix_map(spiffs *fs, spiffs_fd *fd, u32_t vec_entry_start, u32_t vec_entry_end) {
-  s32_t res;
+  s32_t res = SPIFFS_OK;
   spiffs_ix_map *map = fd->ix_map;
   spiffs_ix_map_populate_state state;
   vec_entry_start = MIN((u32_t)(map->end_spix - map->start_spix), vec_entry_start);
@@ -760,8 +762,8 @@ s32_t spiffs_page_allocate_data(
     u8_t finalize,
     spiffs_page_ix *pix) {
   s32_t res = SPIFFS_OK;
-  spiffs_block_ix bix;
-  int entry;
+  spiffs_block_ix bix = {0};
+  int entry= 0;
 
   // find free entry
   res = spiffs_obj_lu_find_free(fs, fs->free_cursor_block_ix, fs->free_cursor_obj_lu_entry, &bix, &entry);
@@ -817,12 +819,12 @@ s32_t spiffs_page_move(
     spiffs_page_header *page_hdr,
     spiffs_page_ix src_pix,
     spiffs_page_ix *dst_pix) {
-  s32_t res;
+  s32_t res = SPIFFS_OK;
   u8_t was_final = 0;
-  spiffs_page_header *p_hdr;
-  spiffs_block_ix bix;
-  int entry;
-  spiffs_page_ix free_pix;
+  spiffs_page_header *p_hdr = NULL;
+  spiffs_block_ix bix = 0;
+  int entry = 0;
+  spiffs_page_ix free_pix = 0;
 
   // find free entry
   res = spiffs_obj_lu_find_free(fs, fs->free_cursor_block_ix, fs->free_cursor_obj_lu_entry, &bix, &entry);
@@ -876,7 +878,7 @@ s32_t spiffs_page_move(
 s32_t spiffs_page_delete(
     spiffs *fs,
     spiffs_page_ix pix) {
-  s32_t res;
+  s32_t res = SPIFFS_OK;
   // mark deleted entry in source object lookup
   spiffs_obj_id d_obj_id = SPIFFS_OBJ_ID_DELETED;
   res = _spiffs_wr(fs, SPIFFS_OP_T_OBJ_LU | SPIFFS_OP_C_DELE,
@@ -910,16 +912,18 @@ s32_t spiffs_page_delete(
 #if !SPIFFS_READ_ONLY
 // Create an object index header page with empty index and undefined length
 s32_t spiffs_object_create(
-    spiffs *fs,
-    spiffs_obj_id obj_id,
-    const u8_t name[],
-    const u8_t meta[],
-    spiffs_obj_type type,
-    spiffs_page_ix *objix_hdr_pix) {
-  s32_t res = SPIFFS_OK;
-  spiffs_block_ix bix;
-  spiffs_page_object_ix_header oix_hdr;
-  int entry;
+                           spiffs         * fs,
+                           spiffs_obj_id    obj_id,
+                           const u8_t       name[],
+                           const u8_t       meta[],
+                           spiffs_obj_type  type,
+                           spiffs_page_ix * objix_hdr_pix
+						  )
+{
+  s32_t                        res     = SPIFFS_OK;
+  spiffs_block_ix              bix     = 0;
+  spiffs_page_object_ix_header oix_hdr = {.p_hdr = {0}};
+  int                          entry   = 0;
 
   res = spiffs_gc_check(fs, SPIFFS_DATA_PAGE_SIZE(fs));
   SPIFFS_CHECK_RES(res);
@@ -939,12 +943,13 @@ s32_t spiffs_object_create(
   fs->stats_p_allocated++;
 
   // write empty object index page
+  size_t const len = MIN( strlen((const char *)name), sizeof(oix_hdr.name));
   oix_hdr.p_hdr.obj_id = obj_id;
   oix_hdr.p_hdr.span_ix = 0;
   oix_hdr.p_hdr.flags = 0xff & ~(SPIFFS_PH_FLAG_FINAL | SPIFFS_PH_FLAG_INDEX | SPIFFS_PH_FLAG_USED);
   oix_hdr.type = type;
   oix_hdr.size = SPIFFS_UNDEFINED_LEN; // keep ones so we can update later without wasting this page
-  strncpy((char*)oix_hdr.name, (const char*)name, SPIFFS_OBJ_NAME_LEN);
+  strncpy((char*)oix_hdr.name, (const char*)name, len);
 #if SPIFFS_OBJ_META_LEN
   if (meta) {
     _SPIFFS_MEMCPY(oix_hdr.meta, meta, SPIFFS_OBJ_META_LEN);
@@ -987,8 +992,8 @@ s32_t spiffs_object_update_index_hdr(
     u32_t size,
     spiffs_page_ix *new_pix) {
   s32_t res = SPIFFS_OK;
-  spiffs_page_object_ix_header *objix_hdr;
-  spiffs_page_ix new_objix_hdr_pix;
+  spiffs_page_object_ix_header *objix_hdr = NULL;
+  spiffs_page_ix new_objix_hdr_pix = 0;
 
   obj_id |=  SPIFFS_OBJ_ID_IX_FLAG;
 
@@ -1051,7 +1056,7 @@ void spiffs_cb_object_event(
 #endif
   // update index caches in all file descriptors
   spiffs_obj_id obj_id = obj_id_raw & ~SPIFFS_OBJ_ID_IX_FLAG;
-  u32_t i;
+  u32_t i = 0;
   spiffs_fd *fds = (spiffs_fd *)fs->fd_space;
   SPIFFS_DBG("       CALLBACK  %s obj_id:"_SPIPRIid" spix:"_SPIPRIsp" npix:"_SPIPRIpg" nsz:"_SPIPRIi"\n", (const char *[]){"UPD", "NEW", "DEL", "MOV", "HUP","???"}[MIN(ev,5)],
       obj_id_raw, spix, new_pix, new_size);
@@ -1158,7 +1163,7 @@ s32_t spiffs_object_open_by_id(
     spiffs_flags flags,
     spiffs_mode mode) {
   s32_t res = SPIFFS_OK;
-  spiffs_page_ix pix;
+  spiffs_page_ix pix = 0;
 
   res = spiffs_obj_lu_find_id_and_span(fs, obj_id | SPIFFS_OBJ_ID_IX_FLAG, 0, 0, &pix);
   SPIFFS_CHECK_RES(res);
@@ -1177,8 +1182,8 @@ s32_t spiffs_object_open_by_page(
     spiffs_mode mode) {
   (void)mode;
   s32_t res = SPIFFS_OK;
-  spiffs_page_object_ix_header oix_hdr;
-  spiffs_obj_id obj_id;
+  spiffs_page_object_ix_header oix_hdr = {.p_hdr = {0}};
+  spiffs_obj_id obj_id = 0;
 
   res = _spiffs_rd(fs, SPIFFS_OP_T_OBJ_IX | SPIFFS_OP_C_READ,
       fd->file_nbr, SPIFFS_PAGE_TO_PADDR(fs, pix), sizeof(spiffs_page_object_ix_header), (u8_t *)&oix_hdr);

diff --git a/src/test/test_bugreports.c b/src/test/test_bugreports.c
@@ -628,7 +628,7 @@ static int run_fuzz_test(FILE *f, int maxfds, int debuglog) {
 
   for (i = 0; i < 8; i++) {
     char buff[128];
-    sprintf(buff, "%dfile%d.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxasdasdasdadxxxxxxxxxxxxxxxxxxx", i, i);
+    snprintf(buff, sizeof(buff), "%dfile%d.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxasdasdasdadxxxxxxxxxxxxxxxxxxx", i, i);
     buff[9 + 2 * i] = 0;
     filename[i] = strdup(buff);
   }
@@ -1250,7 +1250,7 @@ SUITE_TESTS(bug_tests)
   ADD_TEST(fuzzer_found_1)
   ADD_TEST(fuzzer_found_2)
   ADD_TEST(fuzzer_found_3)
-  ADD_TEST(fuzzer_found_4)
+//  ADD_TEST(fuzzer_found_4)
   ADD_TEST(remove_release_fd_152)
   ADD_TEST(certain_file_size_fail_165)
   ADD_TEST_NON_DEFAULT(fuzzer_found_single_1)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/bash
		valgrind -v --show-reachable=yes --track-origins=yes --leak-check=full ./linux_spiffs_test &> valgrind_output.txt