Bug Summary

File:miscfs/fuse/fuse_lookup.c
Warning:line 164, column 15
Assigned value is garbage or undefined

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name fuse_lookup.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -target-feature +retpoline-external-thunk -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/legacy-dpm -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu13 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/inc -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc/pmfw_if -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D SUSPEND -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /home/ben/Projects/scan/2024-01-11-110808-61670-1 -x c /usr/src/sys/miscfs/fuse/fuse_lookup.c
1/* $OpenBSD: fuse_lookup.c,v 1.21 2018/06/21 14:53:36 helg Exp $ */
2/*
3 * Copyright (c) 2012-2013 Sylvestre Gallon <ccna.syl@gmail.com>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/param.h>
19#include <sys/systm.h>
20#include <sys/mount.h>
21#include <sys/namei.h>
22#include <sys/stat.h>
23#include <sys/statvfs.h>
24#include <sys/vnode.h>
25#include <sys/lock.h>
26#include <sys/fusebuf.h>
27
28#include "fusefs_node.h"
29#include "fusefs.h"
30
31int fusefs_lookup(void *);
32
33int
34fusefs_lookup(void *v)
35{
36 struct vop_lookup_args *ap = v;
37 struct vnode *vdp; /* vnode for directory being searched */
38 struct fusefs_node *dp; /* inode for directory being searched */
39 struct fusefs_mnt *fmp; /* file system that directory is in */
40 int lockparent; /* 1 => lockparent flag is set */
41 struct vnode *tdp; /* returned by VOP_VGET */
42 struct fusebuf *fbuf;
43 struct vnode **vpp = ap->a_vpp;
44 struct componentname *cnp = ap->a_cnp;
45 struct proc *p = cnp->cn_proc;
46 struct ucred *cred = cnp->cn_cred;
47 uint64_t nid;
48 enum vtype nvtype;
1
'nvtype' declared without an initial value
49 int flags;
50 int nameiop = cnp->cn_nameiop;
51 int wantparent;
52 int error = 0;
53
54 flags = cnp->cn_flags;
55 *vpp = NULL((void *)0);
56 vdp = ap->a_dvp;
57 dp = VTOI(vdp)((struct fusefs_node *)(vdp)->v_data);
58 fmp = (struct fusefs_mnt *)dp->ufs_ino.i_ump;
59 lockparent = flags & LOCKPARENT0x0008;
60 wantparent = flags & (LOCKPARENT0x0008 | WANTPARENT0x0010);
61
62 if ((error = VOP_ACCESS(vdp, VEXEC00100, cred, cnp->cn_proc)) != 0)
2
Assuming the condition is false
63 return (error);
64
65 if ((flags & ISLASTCN0x008000) && (vdp->v_mount->mnt_flag & MNT_RDONLY0x00000001) &&
3
Assuming the condition is false
66 (cnp->cn_nameiop == DELETE2 || cnp->cn_nameiop == RENAME3))
67 return (EROFS30);
68
69 if (cnp->cn_namelen == 1 && *(cnp->cn_nameptr) == '.') {
4
Assuming field 'cn_namelen' is equal to 1
5
Assuming the condition is true
6
Taking true branch
70 nid = dp->ufs_ino.i_number;
71 } else {
72 if (!fmp->sess_init)
73 return (ENOENT2);
74
75 /* got a real entry */
76 fbuf = fb_setup(cnp->cn_namelen + 1, dp->ufs_ino.i_number,
77 FBT_LOOKUP0, p);
78
79 memcpy(fbuf->fb_dat, cnp->cn_nameptr, cnp->cn_namelen)__builtin_memcpy((fbuf->fb_dat), (cnp->cn_nameptr), (cnp
->cn_namelen));
80 fbuf->fb_dat[cnp->cn_namelen] = '\0';
81
82 error = fb_queue(fmp->dev, fbuf);
83
84 if (error) {
85 fb_delete(fbuf);
86
87 /* file system is dead */
88 if (error == ENXIO6)
89 return (error);
90
91 if ((nameiop == CREATE1 || nameiop == RENAME3) &&
92 (flags & ISLASTCN0x008000)) {
93 /*
94 * Access for write is interpreted as allowing
95 * creation of files in the directory.
96 */
97 if ((error = VOP_ACCESS(vdp, VWRITE00200, cred,
98 cnp->cn_proc)) != 0)
99 return (error);
100
101 cnp->cn_flags |= SAVENAME0x000800;
102
103 if (!lockparent) {
104 VOP_UNLOCK(vdp);
105 cnp->cn_flags |= PDIRUNLOCK0x200000;
106 }
107
108 return (EJUSTRETURN-2);
109 }
110
111 return (ENOENT2);
112 }
113
114 nid = fbuf->fb_inofb_hdr.fh_ino;
115 nvtype = IFTOVT(fbuf->fb_attr.st_mode)(iftovt_tab[((fbuf->FD.FD_attr.st_mode) & 0170000) >>
12]);
116 fb_delete(fbuf);
117 }
118
119 if (nameiop == DELETE2 && (flags & ISLASTCN0x008000)) {
7
Assuming 'nameiop' is not equal to DELETE
120 /*
121 * Write access to directory required to delete files.
122 */
123 error = VOP_ACCESS(vdp, VWRITE00200, cred, cnp->cn_proc);
124 if (error)
125 goto reclaim;
126
127 cnp->cn_flags |= SAVENAME0x000800;
128 }
129
130 if (nameiop == RENAME3 && wantparent && (flags & ISLASTCN0x008000)) {
8
Assuming 'nameiop' is not equal to RENAME
131 /*
132 * Write access to directory required to delete files.
133 */
134 if ((error = VOP_ACCESS(vdp, VWRITE00200, cred, cnp->cn_proc)) != 0)
135 goto reclaim;
136
137 if (nid == dp->ufs_ino.i_number)
138 return (EISDIR21);
139
140 error = VFS_VGET(fmp->mp, nid, &tdp)(*(fmp->mp)->mnt_op->vfs_vget)(fmp->mp, nid, &
tdp);
141 if (error)
142 goto reclaim;
143
144 tdp->v_type = nvtype;
145 *vpp = tdp;
146 cnp->cn_flags |= SAVENAME0x000800;
147
148 return (0);
149 }
150
151 if (flags & ISDOTDOT0x002000) {
9
Assuming the condition is true
10
Taking true branch
152 VOP_UNLOCK(vdp); /* race to get the inode */
153 cnp->cn_flags |= PDIRUNLOCK0x200000;
154
155 error = VFS_VGET(fmp->mp, nid, &tdp)(*(fmp->mp)->mnt_op->vfs_vget)(fmp->mp, nid, &
tdp);
156
157 if (error) {
11
Assuming 'error' is 0
12
Taking false branch
158 if (vn_lock(vdp, LK_EXCLUSIVE0x0001UL | LK_RETRY0x2000UL) == 0)
159 cnp->cn_flags &= ~PDIRUNLOCK0x200000;
160
161 goto reclaim;
162 }
163
164 tdp->v_type = nvtype;
13
Assigned value is garbage or undefined
165
166 if (lockparent && (flags & ISLASTCN0x008000)) {
167 if ((error = vn_lock(vdp, LK_EXCLUSIVE0x0001UL))) {
168 vput(tdp);
169 return (error);
170 }
171 cnp->cn_flags &= ~PDIRUNLOCK0x200000;
172 }
173 *vpp = tdp;
174
175 } else if (nid == dp->ufs_ino.i_number) {
176 vref(vdp);
177 *vpp = vdp;
178 error = 0;
179 } else {
180 error = VFS_VGET(fmp->mp, nid, &tdp)(*(fmp->mp)->mnt_op->vfs_vget)(fmp->mp, nid, &
tdp);
181 if (error)
182 goto reclaim;
183
184 tdp->v_type = nvtype;
185
186 if (!lockparent || !(flags & ISLASTCN0x008000)) {
187 VOP_UNLOCK(vdp);
188 cnp->cn_flags |= PDIRUNLOCK0x200000;
189 }
190
191 *vpp = tdp;
192 }
193
194 return (error);
195
196reclaim:
197 if (nid != dp->ufs_ino.i_number && nid != FUSE_ROOTINO((ino_t)1)) {
198 fbuf = fb_setup(0, nid, FBT_RECLAIM27, p);
199 if (fb_queue(fmp->dev, fbuf))
200 printf("fusefs: libfuse vnode reclaim failed\n");
201 fb_delete(fbuf);
202 }
203 return (error);
204}