/usr/src/bin/pax/tables.c

Bug Summary

File:	src/bin/pax/tables.c
Warning:	line 1766, column 7 Assigned value is garbage or undefined
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name tables.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/bin/pax/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/bin/pax/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/bin/pax/tables.c
1/*	$OpenBSD: tables.c,v 1.54 2019/06/28 05:35:34 deraadt Exp $	*/
2/*	$NetBSD: tables.c,v 1.4 1995/03/21 09:07:45 cgd Exp $	*/

4/*-
* Copyright (c) 1992 Keith Muller.
* Copyright (c) 1992, 1993
*	The Regents of the University of California.  All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Keith Muller of the University of California, San Diego.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
*    may be used to endorse or promote products derived from this software
*    without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

37#include <sys/types.h>
38#include <sys/stat.h>
39#include <errno(*__errno()).h>
40#include <fcntl.h>
41#include <limits.h>
42#include <signal.h>
43#include <stdio.h>
44#include <stdlib.h>
45#include <string.h>
46#include <unistd.h>

48#include "pax.h"
49#include "extern.h"

51/*
* Routines for controlling the contents of all the different databases pax
* keeps. Tables are dynamically created only when they are needed. The
* goal was speed and the ability to work with HUGE archives. The databases
* were kept simple, but do have complex rules for when the contents change.
* As of this writing, the posix library functions were more complex than
* needed for this application (pax databases have very short lifetimes and
* do not survive after pax is finished). Pax is required to handle very
* large archives. These database routines carefully combine memory usage and
* temporary file storage in ways which will not significantly impact runtime
* performance while allowing the largest possible archives to be handled.
* Trying to force the fit to the posix database routines was not considered
* time well spent.
*/

66/*
* data structures and constants used by the different databases kept by pax
*/

70/*
* Hash Table Sizes MUST BE PRIME, if set too small performance suffers.
* Probably safe to expect 500000 inodes per tape. Assuming good key
* distribution (inodes) chains of under 50 long (worst case) is ok.
*/
75#define L_TAB_SZ2503	2503		/* hard link hash table size */
76#define F_TAB_SZ50503	50503		/* file time hash table size */
77#define N_TAB_SZ541	541		/* interactive rename hash table */
78#define D_TAB_SZ317	317		/* unique device mapping table */
79#define A_TAB_SZ317	317		/* ftree dir access time reset table */
80#define SL_TAB_SZ317	317		/* escape symlink tables */
81#define MAXKEYLEN64	64		/* max number of chars for hash */
82#define DIRP_SIZE64	64		/* initial size of created dir table */

84/*
* file hard link structure (hashed by dev/ino and chained) used to find the
* hard links in a file system or with some archive formats (cpio)
*/
88typedef struct hrdlnk {
ino_t		ino;	/* files inode number */
char		*name;	/* name of first file seen with this ino/dev */
dev_t		dev;	/* files device number */
u_long		nlink;	/* expected link count */
struct hrdlnk	*fow;
94} HRDLNK;

96/*
* Archive write update file time table (the -u, -C flag), hashed by filename.
* Filenames are stored in a scratch file at seek offset into the file. The
* file time (mod time) and the file name length (for a quick check) are
* stored in a hash table node. We were forced to use a scratch file because
* with -u, the mtime for every node in the archive must always be available
* to compare against (and this data can get REALLY large with big archives).
* By being careful to read only when we have a good chance of a match, the
* performance loss is not measurable (and the size of the archive we can
* handle is greatly increased).
*/
107typedef struct ftm {
off_t		seek;		/* location in scratch file */
struct timespec	mtim;		/* files last modification time */
struct ftm	*fow;
int		namelen;	/* file name length */
112} FTM;

114/*
* Interactive rename table (-i flag), hashed by orig filename.
* We assume this will not be a large table as this mapping data can only be
* obtained through interactive input by the user. Nobody is going to type in
* changes for 500000 files? We use chaining to resolve collisions.
*/

121typedef struct namt {
char		*oname;		/* old name */
char		*nname;		/* new name typed in by the user */
struct namt	*fow;
125} NAMT;

127/*
* Unique device mapping tables. Some protocols (e.g. cpio) require that the
* <c_dev,c_ino> pair will uniquely identify a file in an archive unless they
* are links to the same file. Appending to archives can break this. For those
* protocols that have this requirement we map c_dev to a unique value not seen
* in the archive when we append. We also try to handle inode truncation with
* this table. (When the inode field in the archive header are too small, we
* remap the dev on writes to remove accidental collisions).
*
* The list is hashed by device number using chain collision resolution. Off of
* each DEVT are linked the various remaps for this device based on those bits
* in the inode which were truncated. For example if we are just remapping to
* avoid a device number during an update append, off the DEVT we would have
* only a single DLIST that has a truncation id of 0 (no inode bits were
* stripped for this device so far). When we spot inode truncation we create
* a new mapping based on the set of bits in the inode which were stripped off.
* so if the top four bits of the inode are stripped and they have a pattern of
* 0110...... (where . are those bits not truncated) we would have a mapping
* assigned for all inodes that has the same 0110.... pattern (with this dev
* number of course). This keeps the mapping sparse and should be able to store
* close to the limit of files which can be represented by the optimal
* combination of dev and inode bits, and without creating a fouled up archive.
* Note we also remap truncated devs in the same way (an exercise for the
* dedicated reader; always wanted to say that...:)
*/

153typedef struct devt {
dev_t		dev;	/* the orig device number we now have to map */
struct devt	*fow;	/* new device map list */
struct dlist	*list;	/* map list based on inode truncation bits */
157} DEVT;

159typedef struct dlist {
ino_t trunc_bits;	/* truncation pattern for a specific map */
dev_t dev;		/* the new device id we use */
struct dlist *fow;
163} DLIST;

165/*
* ftree directory access time reset table. When we are done with a
* subtree we reset the access and mod time of the directory when the tflag is
* set. Not really explicitly specified in the pax spec, but easy and fast to
* do (and this may have even been intended in the spec, it is not clear).
* table is hashed by inode with chaining.
*/

173typedef struct atdir {
struct file_times ft;
struct atdir *fow;
176} ATDIR;

178/*
* created directory time and mode storage entry. After pax is finished during
* extraction or copy, we must reset directory access modes and times that
* may have been modified after creation (they no longer have the specified
* times and/or modes). We must reset time in the reverse order of creation,
* because entries are added  from the top of the file tree to the bottom.
* We MUST reset times from leaf to root (it will not work the other
* direction).
*/

188typedef struct dirdata {
struct file_times ft;
u_int16_t mode;		/* file mode to restore */
u_int16_t frc_mode;	/* do we force mode settings? */
192} DIRDATA;

194static HRDLNK **ltab = NULL((void *)0);	/* hard link table for detecting hard links */
195static FTM **ftab = NULL((void *)0);	/* file time table for updating arch */
196static NAMT **ntab = NULL((void *)0);	/* interactive rename storage table */
197#ifndef NOCPIO
198static DEVT **dtab = NULL((void *)0);	/* device/inode mapping tables */
199#endif
200static ATDIR **atab = NULL((void *)0);	/* file tree directory time reset table */
201static DIRDATA *dirp = NULL((void *)0);	/* storage for setting created dir time/mode */
202static size_t dirsize;		/* size of dirp table */
203static size_t dircnt = 0;	/* entries in dir time/mode storage */
204static int ffd = -1;		/* tmp file for file time table name storage */

206/*
* hard link table routines
*
* The hard link table tries to detect hard links to files using the device and
* inode values. We do this when writing an archive, so we can tell the format
* write routine that this file is a hard link to another file. The format
* write routine then can store this file in whatever way it wants (as a hard
* link if the format supports that like tar, or ignore this info like cpio).
* (Actually a field in the format driver table tells us if the format wants
* hard link info. if not, we do not waste time looking for them). We also use
* the same table when reading an archive. In that situation, this table is
* used by the format read routine to detect hard links from stored dev and
* inode numbers (like cpio). This will allow pax to create a link when one
* can be detected by the archive format.
*/

222/*
* lnk_start
*	Creates the hard link table.
* Return:
*	0 if created, -1 if failure
*/

229int
230lnk_start(void)
231{
if (ltab != NULL((void *)0))
return(0);
if ((ltab = calloc(L_TAB_SZ2503, sizeof(HRDLNK *))) == NULL((void *)0)) {
paxwarn(1, "Cannot allocate memory for hard link table");
return(-1);
}
return(0);
239}

241/*
* chk_lnk()
*	Looks up entry in hard link hash table. If found, it copies the name
*	of the file it is linked to (we already saw that file) into ln_name.
*	lnkcnt is decremented and if goes to 1 the node is deleted from the
*	database. (We have seen all the links to this file). If not found,
*	we add the file to the database if it has the potential for having
*	hard links to other files we may process (it has a link count > 1)
* Return:
*	if found returns 1; if not found returns 0; -1 on error
*/

253int
254chk_lnk(ARCHD *arcn)
255{
HRDLNK *pt;
HRDLNK **ppt;
u_int indx;

if (ltab == NULL((void *)0))
return(-1);
/*
* ignore those nodes that cannot have hard links
*/
if ((arcn->type == PAX_DIR1) || (arcn->sb.st_nlink <= 1))
return(0);

/*
* hash inode number and look for this file
*/
indx = ((unsigned)arcn->sb.st_ino) % L_TAB_SZ2503;
if ((pt = ltab[indx]) != NULL((void *)0)) {
/*
 * its hash chain in not empty, walk down looking for it
 */
ppt = &(ltab[indx]);
while (pt != NULL((void *)0)) {
	if ((pt->ino == arcn->sb.st_ino) &&
	    (pt->dev == arcn->sb.st_dev))
		break;
	ppt = &(pt->fow);
	pt = pt->fow;
}

if (pt != NULL((void *)0)) {
	/*
	 * found a link. set the node type and copy in the
	 * name of the file it is to link to. we need to
	 * handle hardlinks to regular files differently than
	 * other links.
	 */
	arcn->ln_nlen = strlcpy(arcn->ln_name, pt->name,
		sizeof(arcn->ln_name));
	/* XXX truncate? */
	if ((size_t)arcn->nlen >= sizeof(arcn->name))
		arcn->nlen = sizeof(arcn->name) - 1;
	if (arcn->type == PAX_REG4)
		arcn->type = PAX_HRG9;
	else
		arcn->type = PAX_HLK8;

	/*
	 * if we have found all the links to this file, remove
	 * it from the database
	 */
	if (--pt->nlink <= 1) {
		*ppt = pt->fow;
		free(pt->name);
		free(pt);
	}
	return(1);
}
}

/*
* we never saw this file before. It has links so we add it to the
* front of this hash chain
*/
if ((pt = malloc(sizeof(HRDLNK))) != NULL((void *)0)) {
if ((pt->name = strdup(arcn->name)) != NULL((void *)0)) {
	pt->dev = arcn->sb.st_dev;
	pt->ino = arcn->sb.st_ino;
	pt->nlink = arcn->sb.st_nlink;
	pt->fow = ltab[indx];
	ltab[indx] = pt;
	return(0);
}
free(pt);
}

paxwarn(1, "Hard link table out of memory");
return(-1);
333}

335/*
* purg_lnk
*	remove reference for a file that we may have added to the data base as
*	a potential source for hard links. We ended up not using the file, so
*	we do not want to accidently point another file at it later on.
*/

342void
343purg_lnk(ARCHD *arcn)
344{
HRDLNK *pt;
HRDLNK **ppt;
u_int indx;

if (ltab == NULL((void *)0))
return;
/*
* do not bother to look if it could not be in the database
*/
if ((arcn->sb.st_nlink <= 1) || (arcn->type == PAX_DIR1) ||
   PAX_IS_HARDLINK(arcn->type)((arcn->type) == 8 || (arcn->type) == 9))
return;

/*
* find the hash chain for this inode value, if empty return
*/
indx = ((unsigned)arcn->sb.st_ino) % L_TAB_SZ2503;
if ((pt = ltab[indx]) == NULL((void *)0))
return;

/*
* walk down the list looking for the inode/dev pair, unlink and
* free if found
*/
ppt = &(ltab[indx]);
while (pt != NULL((void *)0)) {
if ((pt->ino == arcn->sb.st_ino) &&
    (pt->dev == arcn->sb.st_dev))
	break;
ppt = &(pt->fow);
pt = pt->fow;
}
if (pt == NULL((void *)0))
return;

/*
* remove and free it
*/
*ppt = pt->fow;
free(pt->name);
free(pt);
386}

388/*
* lnk_end()
*	pull apart a existing link table so we can reuse it. We do this between
*	read and write phases of append with update. (The format may have
*	used the link table, and we need to start with a fresh table for the
*	write phase
*/

396void
397lnk_end(void)
398{
int i;
HRDLNK *pt;
HRDLNK *ppt;

if (ltab == NULL((void *)0))
return;

for (i = 0; i < L_TAB_SZ2503; ++i) {
if (ltab[i] == NULL((void *)0))
	continue;
pt = ltab[i];
ltab[i] = NULL((void *)0);

/*
 * free up each entry on this chain
 */
while (pt != NULL((void *)0)) {
	ppt = pt;
	pt = ppt->fow;
	free(ppt->name);
	free(ppt);
}
}
422}

424/*
* modification time table routines
*
* The modification time table keeps track of last modification times for all
* files stored in an archive during a write phase when -u is set. We only
* add a file to the archive if it is newer than a file with the same name
* already stored on the archive (if there is no other file with the same
* name on the archive it is added). This applies to writes and appends.
* An append with an -u must read the archive and store the modification time
* for every file on that archive before starting the write phase. It is clear
* that this is one HUGE database. To save memory space, the actual file names
* are stored in a scratch file and indexed by an in-memory hash table. The
* hash table is indexed by hashing the file path. The nodes in the table store
* the length of the filename and the lseek offset within the scratch file
* where the actual name is stored. Since there are never any deletions from
* this table, fragmentation of the scratch file is never a issue. Lookups
* seem to not exhibit any locality at all (files in the database are rarely
* looked up more than once...), so caching is just a waste of memory. The
* only limitation is the amount of scratch file space available to store the
* path names.
*/

446/*
* ftime_start()
*	create the file time hash table and open for read/write the scratch
*	file. (after created it is unlinked, so when we exit we leave
*	no witnesses).
* Return:
*	0 if the table and file was created ok, -1 otherwise
*/

455int
456ftime_start(void)
457{

if (ftab != NULL((void *)0))
return(0);
if ((ftab = calloc(F_TAB_SZ50503, sizeof(FTM *))) == NULL((void *)0)) {
paxwarn(1, "Cannot allocate memory for file time table");
return(-1);
}

/*
* get random name and create temporary scratch file, unlink name
* so it will get removed on exit
*/
memcpy(tempbase, _TFILE_BASE"paxXXXXXXXXXX", sizeof(_TFILE_BASE"paxXXXXXXXXXX"));
if ((ffd = mkstemp(tempfile)) == -1) {
syswarn(1, errno(*__errno()), "Unable to create temporary file: %s",
    tempfile);
return(-1);
}
(void)unlink(tempfile);

return(0);
479}

481/*
* chk_ftime()
*	looks up entry in file time hash table. If not found, the file is
*	added to the hash table and the file named stored in the scratch file.
*	If a file with the same name is found, the file times are compared and
*	the most recent file time is retained. If the new file was younger (or
*	was not in the database) the new file is selected for storage.
* Return:
*	0 if file should be added to the archive, 1 if it should be skipped,
*	-1 on error
*/

493int
494chk_ftime(ARCHD *arcn)
495{
FTM *pt;
int namelen;
u_int indx;
char ckname[PAXPATHLEN3072+1];

/*
* no info, go ahead and add to archive
*/
if (ftab == NULL((void *)0))
return(0);

/*
* hash the pathname and look up in table
*/
namelen = arcn->nlen;
indx = st_hash(arcn->name, namelen, F_TAB_SZ50503);
if ((pt = ftab[indx]) != NULL((void *)0)) {
/*
 * the hash chain is not empty, walk down looking for match
 * only read up the path names if the lengths match, speeds
 * up the search a lot
 */
while (pt != NULL((void *)0)) {
	if (pt->namelen == namelen) {
		/*
		 * potential match, have to read the name
		 * from the scratch file.
		 */
		if (lseek(ffd,pt->seek,SEEK_SET0) != pt->seek) {
			syswarn(1, errno(*__errno()),
			    "Failed ftime table seek");
			return(-1);
		}
		if (read(ffd, ckname, namelen) != namelen) {
			syswarn(1, errno(*__errno()),
			    "Failed ftime table read");
			return(-1);
		}

		/*
		 * if the names match, we are done
		 */
		if (!strncmp(ckname, arcn->name, namelen))
			break;
	}

	/*
	 * try the next entry on the chain
	 */
	pt = pt->fow;
}

if (pt != NULL((void *)0)) {
	/*
	 * found the file, compare the times, save the newer
	 */
	if (timespeccmp(&arcn->sb.st_mtim, &pt->mtim, >)(((&arcn->sb.st_mtim)->tv_sec == (&pt->mtim)
->tv_sec) ? ((&arcn->sb.st_mtim)->tv_nsec > (
&pt->mtim)->tv_nsec) : ((&arcn->sb.st_mtim)->
tv_sec > (&pt->mtim)->tv_sec))) {
		/*
		 * file is newer
		 */
		pt->mtim = arcn->sb.st_mtim;
		return(0);
	}
	/*
	 * file is older
	 */
	return(1);
}
}

/*
* not in table, add it
*/
if ((pt = malloc(sizeof(FTM))) != NULL((void *)0)) {
/*
 * add the name at the end of the scratch file, saving the
 * offset. add the file to the head of the hash chain
 */
if ((pt->seek = lseek(ffd, 0, SEEK_END2)) >= 0) {
	if (write(ffd, arcn->name, namelen) == namelen) {
		pt->mtim = arcn->sb.st_mtim;
		pt->namelen = namelen;
		pt->fow = ftab[indx];
		ftab[indx] = pt;
		return(0);
	}
	syswarn(1, errno(*__errno()), "Failed write to file time table");
} else
	syswarn(1, errno(*__errno()), "Failed seek on file time table");
} else
paxwarn(1, "File time table ran out of memory");

if (pt != NULL((void *)0))
free(pt);
return(-1);
591}

593/*
* escaping (absolute or w/"..") symlink table routines
*
* By default, an archive shouldn't be able extract to outside of the
* current directory.  What should we do if the archive contains a symlink
* whose value is either absolute or contains ".." components?  What we'll
* do is initially create the path as an empty file (to block attempts to
* reference _through_ it) and instead record its path and desired
* final value and mode.  Then once all the other archive
* members are created (but before the pass to set timestamps on
* directories) we'll process those records, replacing the placeholder with
* the correct symlink and setting them to the correct mode, owner, group,
* and timestamps.
*
* Note: we also need to handle hardlinks to symlinks (barf) as well as
* hardlinks whose target is replaced by a later entry in the archive (barf^2).
*
* So we track things by dev+ino of the placeholder file, associating with
* that the value and mode of the final symlink and a list of paths that
* should all be hardlinks of that.  We'll 'store' the symlink's desired
* timestamps, owner, and group by setting them on the placeholder file.
*
* The operations are:
* a) create an escaping symlink: create the placeholder file and add an entry
*    for the new link
* b) create a hardlink: do the link.  If the target turns out to be a
*    zero-length file whose dev+ino are in the symlink table, then add this
*    path to the list of names for that link
* c) perform deferred processing: for each entry, check each associated path:
*    if it's a zero-length file with the correct dev+ino then recreate it as
*    the specified symlink or hardlink to the first such
*/

626struct slpath {
char	*sp_path;
struct	slpath *sp_next;
629};
630struct slinode {
ino_t	sli_ino;
char	*sli_value;
struct	slpath sli_paths;
struct	slinode *sli_fow;		/* hash table chain */
dev_t	sli_dev;
mode_t	sli_mode;
637};

639static struct slinode **slitab = NULL((void *)0);

641/*
* sltab_start()
*	create the hash table
* Return:
*	0 if the table and file was created ok, -1 otherwise
*/

648int
649sltab_start(void)
650{

if ((slitab = calloc(SL_TAB_SZ317, sizeof *slitab)) == NULL((void *)0)) {
syswarn(1, errno(*__errno()), "symlink table");
return(-1);
}

return(0);
658}

660/*
* sltab_add_sym()
*	Create the placeholder and tracking info for an escaping symlink.
* Return:
*	0 on success, -1 otherwise
*/

667int
668sltab_add_sym(const char *path0, const char *value0, mode_t mode)
669{
struct stat sb;
struct slinode *s;
struct slpath *p;
char *path, *value;
u_int indx;
int fd;

/* create the placeholder */
fd = open(path0, O_WRONLY0x0001 | O_CREAT0x0200 | O_EXCL0x0800 | O_CLOEXEC0x10000, 0600);
if (fd == -1)
return (-1);
if (fstat(fd, &sb) == -1) {
unlink(path0);
close(fd);
return (-1);
}
close(fd);

if (havechd && *path0 != '/') {
if ((path = realpath(path0, NULL((void *)0))) == NULL((void *)0)) {
	syswarn(1, errno(*__errno()), "Cannot canonicalize %s", path0);
	unlink(path0);
	return (-1);
}
} else if ((path = strdup(path0)) == NULL((void *)0)) {
syswarn(1, errno(*__errno()), "defered symlink path");
unlink(path0);
return (-1);
}
if ((value = strdup(value0)) == NULL((void *)0)) {
syswarn(1, errno(*__errno()), "defered symlink value");
unlink(path);
free(path);
return (-1);
}

/* now check the hash table for conflicting entry */
indx = (sb.st_ino ^ sb.st_dev) % SL_TAB_SZ317;
for (s = slitab[indx]; s != NULL((void *)0); s = s->sli_fow) {
if (s->sli_ino != sb.st_ino || s->sli_dev != sb.st_dev)
	continue;

/*
 * One of our placeholders got removed behind our back and
 * we've reused the inode.  Weird, but clean up the mess.
 */
free(s->sli_value);
free(s->sli_paths.sp_path);
p = s->sli_paths.sp_next;
while (p != NULL((void *)0)) {
	struct slpath *next_p = p->sp_next;

	free(p->sp_path);
	free(p);
	p = next_p;
}
goto set_value;
}

/* Normal case: create a new node */
if ((s = malloc(sizeof *s)) == NULL((void *)0)) {
syswarn(1, errno(*__errno()), "defered symlink");
unlink(path);
free(path);
free(value);
return (-1);
}
s->sli_ino = sb.st_ino;
s->sli_dev = sb.st_dev;
s->sli_fow = slitab[indx];
slitab[indx] = s;

742set_value:
s->sli_paths.sp_path = path;
s->sli_paths.sp_next = NULL((void *)0);
s->sli_value = value;
s->sli_mode = mode;
return (0);
748}

750/*
* sltab_add_link()
*	A hardlink was created; if it looks like a placeholder, handle the
*	tracking.
* Return:
*	0 if things are ok, -1 if something went wrong
*/

758int
759sltab_add_link(const char *path, const struct stat *sb)
760{
struct slinode *s;
struct slpath *p;
u_int indx;

if (!S_ISREG(sb->st_mode)((sb->st_mode & 0170000) == 0100000) || sb->st_size != 0)
return (1);

/* find the hash table entry for this hardlink */
indx = (sb->st_ino ^ sb->st_dev) % SL_TAB_SZ317;
for (s = slitab[indx]; s != NULL((void *)0); s = s->sli_fow) {
if (s->sli_ino != sb->st_ino || s->sli_dev != sb->st_dev)
	continue;

if ((p = malloc(sizeof *p)) == NULL((void *)0)) {
	syswarn(1, errno(*__errno()), "deferred symlink hardlink");
	return (-1);
}
if (havechd && *path != '/') {
	if ((p->sp_path = realpath(path, NULL((void *)0))) == NULL((void *)0)) {
		syswarn(1, errno(*__errno()), "Cannot canonicalize %s",
		    path);
		free(p);
		return (-1);
	}
} else if ((p->sp_path = strdup(path)) == NULL((void *)0)) {
	syswarn(1, errno(*__errno()), "defered symlink hardlink path");
	free(p);
	return (-1);
}

/* link it in */
p->sp_next = s->sli_paths.sp_next;
s->sli_paths.sp_next = p;
return (0);
}

/* not found */
return (1);
799}


802static int
803sltab_process_one(struct slinode *s, struct slpath *p, const char *first,
  int in_sig)
805{
struct stat sb;
char *path = p->sp_path;
mode_t mode;
int err;

/*
* is it the expected placeholder?  This can fail legimately
* if the archive overwrote the link with another, later entry,
* so don't warn.
*/
if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)((sb.st_mode & 0170000) == 0100000) || sb.st_size != 0 ||
   sb.st_ino != s->sli_ino || sb.st_dev != s->sli_dev)
return (0);

if (unlink(path) && errno(*__errno()) != ENOENT2) {
if (!in_sig)
	syswarn(1, errno(*__errno()), "deferred symlink removal");
return (0);
}

err = 0;
if (first != NULL((void *)0)) {
/* add another hardlink to the existing symlink */
if (linkat(AT_FDCWD-100, first, AT_FDCWD-100, path, 0) == 0)
	return (0);

/*
 * Couldn't hardlink the symlink for some reason, so we'll
 * try creating it as its own symlink, but save the error
 * for reporting if that fails.
 */
err = errno(*__errno());
}

if (symlink(s->sli_value, path)) {
if (!in_sig) {
	const char *qualifier = "";
	if (err)
		qualifier = " hardlink";
	else
		err = errno(*__errno());

	syswarn(1, err, "deferred symlink%s: %s",
	    qualifier, path);
}
return (0);
}

/* success, so set the id, mode, and times */
mode = s->sli_mode;
if (pids) {
/* if can't set the ids, force the set[ug]id bits off */
if (set_ids(path, sb.st_uid, sb.st_gid))
	mode &= ~(SETBITS(0004000 | 0002000));
}

if (pmode)
set_pmode(path, mode);

if (patime || pmtime)
set_ftime(path, &sb.st_mtim, &sb.st_atim, 0);

/*
* If we tried to link to first but failed, then this new symlink
* might be a better one to try in the future.  Guess from the errno.
*/
if (err == 0 || err == ENOENT2 || err == EMLINK31 || err == EOPNOTSUPP45)
return (1);
return (0);
875}

877/*
* sltab_process()
*	Do all the delayed process for escape symlinks
*/

882void
883sltab_process(int in_sig)
884{
struct slinode *s;
struct slpath *p;
char *first;
u_int indx;

if (slitab == NULL((void *)0))
return;

/* walk across the entire hash table */
for (indx = 0; indx < SL_TAB_SZ317; indx++) {
while ((s = slitab[indx]) != NULL((void *)0)) {
	/* pop this entry */
	slitab[indx] = s->sli_fow;

	first = NULL((void *)0);
	p = &s->sli_paths;
	while (1) {
		struct slpath *next_p;

		if (sltab_process_one(s, p, first, in_sig)) {
			if (!in_sig)
				free(first);
			first = p->sp_path;
		} else if (!in_sig)
			free(p->sp_path);

		if ((next_p = p->sp_next) == NULL((void *)0))
			break;
		*p = *next_p;
		if (!in_sig)
			free(next_p);
	}
	if (!in_sig) {
		free(first);
		free(s->sli_value);
		free(s);
	}
}
}
if (!in_sig)
free(slitab);
slitab = NULL((void *)0);
927}


930/*
* Interactive rename table routines
*
* The interactive rename table keeps track of the new names that the user
* assigns to files from tty input. Since this map is unique for each file
* we must store it in case there is a reference to the file later in archive
* (a link). Otherwise we will be unable to find the file we know was
* extracted. The remapping of these files is stored in a memory based hash
* table (it is assumed since input must come from /dev/tty, it is unlikely to
* be a very large table).
*/

942/*
* name_start()
*	create the interactive rename table
* Return:
*	0 if successful, -1 otherwise
*/

949int
950name_start(void)
951{
if (ntab != NULL((void *)0))
return(0);
if ((ntab = calloc(N_TAB_SZ541, sizeof(NAMT *))) == NULL((void *)0)) {
paxwarn(1, "Cannot allocate memory for interactive rename table");
return(-1);
}
return(0);
959}

961/*
* add_name()
*	add the new name to old name mapping just created by the user.
*	If an old name mapping is found (there may be duplicate names on an
*	archive) only the most recent is kept.
* Return:
*	0 if added, -1 otherwise
*/

970int
971add_name(char *oname, int onamelen, char *nname)
972{
NAMT *pt;
u_int indx;

if (ntab == NULL((void *)0)) {
/*
 * should never happen
 */
paxwarn(0, "No interactive rename table, links may fail");
return(0);
}

/*
* look to see if we have already mapped this file, if so we
* will update it
*/
indx = st_hash(oname, onamelen, N_TAB_SZ541);
if ((pt = ntab[indx]) != NULL((void *)0)) {
/*
 * look down the has chain for the file
 */
while ((pt != NULL((void *)0)) && (strcmp(oname, pt->oname) != 0))
	pt = pt->fow;

if (pt != NULL((void *)0)) {
	/*
	 * found an old mapping, replace it with the new one
	 * the user just input (if it is different)
	 */
	if (strcmp(nname, pt->nname) == 0)
		return(0);

	free(pt->nname);
	if ((pt->nname = strdup(nname)) == NULL((void *)0)) {
		paxwarn(1, "Cannot update rename table");
		return(-1);
	}
	return(0);
}
}

/*
* this is a new mapping, add it to the table
*/
if ((pt = malloc(sizeof(NAMT))) != NULL((void *)0)) {
if ((pt->oname = strdup(oname)) != NULL((void *)0)) {
	if ((pt->nname = strdup(nname)) != NULL((void *)0)) {
		pt->fow = ntab[indx];
		ntab[indx] = pt;
		return(0);
	}
	free(pt->oname);
}
free(pt);
}
paxwarn(1, "Interactive rename table out of memory");
return(-1);
1029}

1031/*
* sub_name()
*	look up a link name to see if it points at a file that has been
*	remapped by the user. If found, the link is adjusted to contain the
*	new name (oname is the link to name)
*/

1038void
1039sub_name(char *oname, int *onamelen, int onamesize)
1040{
NAMT *pt;
u_int indx;

if (ntab == NULL((void *)0))
1
Assuming 'ntab' is not equal to NULL→
2
←
Taking false branch→
return;
/*
* look the name up in the hash table
*/
indx = st_hash(oname, *onamelen, N_TAB_SZ541);
3
←
Calling 'st_hash'→
if ((pt = ntab[indx]) == NULL((void *)0))
return;

while (pt != NULL((void *)0)) {
/*
 * walk down the hash chain looking for a match
 */
if (strcmp(oname, pt->oname) == 0) {
	/*
	 * found it, replace it with the new name
	 * and return (we know that oname has enough space)
	 */
	*onamelen = strlcpy(oname, pt->nname, onamesize);
	if (*onamelen >= onamesize)
		*onamelen = onamesize - 1; /* XXX truncate? */
	return;
}
pt = pt->fow;
}

/*
* no match, just return
*/
1073}

1075#ifndef NOCPIO
1076/*
* device/inode mapping table routines
* (used with formats that store device and inodes fields)
*
* device/inode mapping tables remap the device field in a archive header. The
* device/inode fields are used to determine when files are hard links to each
* other. However these values have very little meaning outside of that. This
* database is used to solve one of two different problems.
*
* 1) when files are appended to an archive, while the new files may have hard
* links to each other, you cannot determine if they have hard links to any
* file already stored on the archive from a prior run of pax. We must assume
* that these inode/device pairs are unique only within a SINGLE run of pax
* (which adds a set of files to an archive). So we have to make sure the
* inode/dev pairs we add each time are always unique. We do this by observing
* while the inode field is very dense, the use of the dev field is fairly
* sparse. Within each run of pax, we remap any device number of a new archive
* member that has a device number used in a prior run and already stored in a
* file on the archive. During the read phase of the append, we store the
* device numbers used and mark them to not be used by any file during the
* write phase. If during write we go to use one of those old device numbers,
* we remap it to a new value.
*
* 2) Often the fields in the archive header used to store these values are
* too small to store the entire value. The result is an inode or device value
* which can be truncated. This really can foul up an archive. With truncation
* we end up creating links between files that are really not links (after
* truncation the inodes are the same value). We address that by detecting
* truncation and forcing a remap of the device field to split truncated
* inodes away from each other. Each truncation creates a pattern of bits that
* are removed. We use this pattern of truncated bits to partition the inodes
* on a single device to many different devices (each one represented by the
* truncated bit pattern). All inodes on the same device that have the same
* truncation pattern are mapped to the same new device. Two inodes that
* truncate to the same value clearly will always have different truncation
* bit patterns, so they will be split from away each other. When we spot
* device truncation we remap the device number to a non truncated value.
* (for more info see table.h for the data structures involved).
*/

1116static DEVT *chk_dev(dev_t, int);

1118/*
* dev_start()
*	create the device mapping table
* Return:
*	0 if successful, -1 otherwise
*/

1125int
1126dev_start(void)
1127{
if (dtab != NULL((void *)0))
return(0);
if ((dtab = calloc(D_TAB_SZ317, sizeof(DEVT *))) == NULL((void *)0)) {
paxwarn(1, "Cannot allocate memory for device mapping table");
return(-1);
}
return(0);
1135}

1137/*
* add_dev()
*	add a device number to the table. this will force the device to be
*	remapped to a new value if it be used during a write phase. This
*	function is called during the read phase of an append to prohibit the
*	use of any device number already in the archive.
* Return:
*	0 if added ok, -1 otherwise
*/

1147int
1148add_dev(ARCHD *arcn)
1149{
if (chk_dev(arcn->sb.st_dev, 1) == NULL((void *)0))
return(-1);
return(0);
1153}

1155/*
* chk_dev()
*	check for a device value in the device table. If not found and the add
*	flag is set, it is added. This does NOT assign any mapping values, just
*	adds the device number as one that need to be remapped. If this device
*	is already mapped, just return with a pointer to that entry.
* Return:
*	pointer to the entry for this device in the device map table. Null
*	if the add flag is not set and the device is not in the table (it is
*	not been seen yet). If add is set and the device cannot be added, null
*	is returned (indicates an error).
*/

1168static DEVT *
1169chk_dev(dev_t dev, int add)
1170{
DEVT *pt;
u_int indx;

if (dtab == NULL((void *)0))
return(NULL((void *)0));
/*
* look to see if this device is already in the table
*/
indx = ((unsigned)dev) % D_TAB_SZ317;
if ((pt = dtab[indx]) != NULL((void *)0)) {
while ((pt != NULL((void *)0)) && (pt->dev != dev))
	pt = pt->fow;

/*
 * found it, return a pointer to it
 */
if (pt != NULL((void *)0))
	return(pt);
}

/*
* not in table, we add it only if told to as this may just be a check
* to see if a device number is being used.
*/
if (add == 0)
return(NULL((void *)0));

/*
* allocate a node for this device and add it to the front of the hash
* chain. Note we do not assign remaps values here, so the pt->list
* list must be NULL.
*/
if ((pt = malloc(sizeof(DEVT))) == NULL((void *)0)) {
paxwarn(1, "Device map table out of memory");
return(NULL((void *)0));
}
pt->dev = dev;
pt->list = NULL((void *)0);
pt->fow = dtab[indx];
dtab[indx] = pt;
return(pt);
1212}
1213/*
* map_dev()
*	given an inode and device storage mask (the mask has a 1 for each bit
*	the archive format is able to store in a header), we check for inode
*	and device truncation and remap the device as required. Device mapping
*	can also occur when during the read phase of append a device number was
*	seen (and was marked as do not use during the write phase). WE ASSUME
*	that unsigned longs are the same size or bigger than the fields used
*	for ino_t and dev_t. If not the types will have to be changed.
* Return:
*	0 if all ok, -1 otherwise.
*/

1226int
1227map_dev(ARCHD *arcn, u_long dev_mask, u_long ino_mask)
1228{
DEVT *pt;
DLIST *dpt;
static dev_t lastdev = 0;	/* next device number to try */
int trc_ino = 0;
int trc_dev = 0;
ino_t trunc_bits = 0;
ino_t nino;

if (dtab == NULL((void *)0))
return(0);
/*
* check for device and inode truncation, and extract the truncated
* bit pattern.
*/
if ((arcn->sb.st_dev & (dev_t)dev_mask) != arcn->sb.st_dev)
++trc_dev;
if ((nino = arcn->sb.st_ino & (ino_t)ino_mask) != arcn->sb.st_ino) {
++trc_ino;
trunc_bits = arcn->sb.st_ino & (ino_t)(~ino_mask);
}

/*
* see if this device is already being mapped, look up the device
* then find the truncation bit pattern which applies
*/
if ((pt = chk_dev(arcn->sb.st_dev, 0)) != NULL((void *)0)) {
/*
 * this device is already marked to be remapped
 */
for (dpt = pt->list; dpt != NULL((void *)0); dpt = dpt->fow)
	if (dpt->trunc_bits == trunc_bits)
		break;

if (dpt != NULL((void *)0)) {
	/*
	 * we are being remapped for this device and pattern
	 * change the device number to be stored and return
	 */
	arcn->sb.st_dev = dpt->dev;
	arcn->sb.st_ino = nino;
	return(0);
}
} else {
/*
 * this device is not being remapped YET. if we do not have any
 * form of truncation, we do not need a remap
 */
if (!trc_ino && !trc_dev)
	return(0);

/*
 * we have truncation, have to add this as a device to remap
 */
if ((pt = chk_dev(arcn->sb.st_dev, 1)) == NULL((void *)0))
	goto bad;

/*
 * if we just have a truncated inode, we have to make sure that
 * all future inodes that do not truncate (they have the
 * truncation pattern of all 0's) continue to map to the same
 * device number. We probably have already written inodes with
 * this device number to the archive with the truncation
 * pattern of all 0's. So we add the mapping for all 0's to the
 * same device number.
 */
if (!trc_dev && (trunc_bits != 0)) {
	if ((dpt = malloc(sizeof(DLIST))) == NULL((void *)0))
		goto bad;
	dpt->trunc_bits = 0;
	dpt->dev = arcn->sb.st_dev;
	dpt->fow = pt->list;
	pt->list = dpt;
}
}

/*
* look for a device number not being used. We must watch for wrap
* around on lastdev (so we do not get stuck looking forever!)
*/
while (++lastdev > 0) {
if (chk_dev(lastdev, 0) != NULL((void *)0))
	continue;
/*
 * found an unused value. If we have reached truncation point
 * for this format we are hosed, so we give up. Otherwise we
 * mark it as being used.
 */
if (((lastdev & ((dev_t)dev_mask)) != lastdev) ||
    (chk_dev(lastdev, 1) == NULL((void *)0)))
	goto bad;
break;
}

if ((lastdev <= 0) || ((dpt = malloc(sizeof(DLIST))) == NULL((void *)0)))
goto bad;

/*
* got a new device number, store it under this truncation pattern.
* change the device number this file is being stored with.
*/
dpt->trunc_bits = trunc_bits;
dpt->dev = lastdev;
dpt->fow = pt->list;
pt->list = dpt;
arcn->sb.st_dev = lastdev;
arcn->sb.st_ino = nino;
return(0);

  bad:
paxwarn(1, "Unable to fix truncated inode/device field when storing %s",
   arcn->name);
paxwarn(0, "Archive may create improper hard links when extracted");
return(0);
1342}
1343#endif /* NOCPIO */

1345/*
* directory access/mod time reset table routines (for directories READ by pax)
*
* The pax -t flag requires that access times of archive files be the same
* before being read by pax. For regular files, access time is restored after
* the file has been copied. This database provides the same functionality for
* directories read during file tree traversal. Restoring directory access time
* is more complex than files since directories may be read several times until
* all the descendants in their subtree are visited by fts. Directory access
* and modification times are stored during the fts pre-order visit (done
* before any descendants in the subtree are visited) and restored after the
* fts post-order visit (after all the descendants have been visited). In the
* case of premature exit from a subtree (like from the effects of -n), any
* directory entries left in this database are reset during final cleanup
* operations of pax. Entries are hashed by inode number for fast lookup.
*/

1362/*
* atdir_start()
*	create the directory access time database for directories READ by pax.
* Return:
*	0 is created ok, -1 otherwise.
*/

1369int
1370atdir_start(void)
1371{
if (atab != NULL((void *)0))
return(0);
if ((atab = calloc(A_TAB_SZ317, sizeof(ATDIR *))) == NULL((void *)0)) {
paxwarn(1,"Cannot allocate space for directory access time table");
return(-1);
}
return(0);
1379}


1382/*
* atdir_end()
*	walk through the directory access time table and reset the access time
*	of any directory who still has an entry left in the database. These
*	entries are for directories READ by pax
*/

1389void
1390atdir_end(void)
1391{
ATDIR *pt;
int i;

if (atab == NULL((void *)0))
return;
/*
* for each non-empty hash table entry reset all the directories
* chained there.
*/
for (i = 0; i < A_TAB_SZ317; ++i) {
if ((pt = atab[i]) == NULL((void *)0))
	continue;
/*
 * remember to force the times, set_ftime() looks at pmtime
 * and patime, which only applies to things CREATED by pax,
 * not read by pax. Read time reset is controlled by -t.
 */
for (; pt != NULL((void *)0); pt = pt->fow)
	set_attr(&pt->ft, 1, 0, 0, 0);
}
1412}

1414/*
* add_atdir()
*	add a directory to the directory access time table. Table is hashed
*	and chained by inode number. This is for directories READ by pax
*/

1420void
1421add_atdir(char *fname, dev_t dev, ino_t ino, const struct timespec *mtimp,
  const struct timespec *atimp)
1423{
ATDIR *pt;
sigset_t allsigs, savedsigs;
u_int indx;

if (atab == NULL((void *)0))
return;

/*
* make sure this directory is not already in the table, if so just
* return (the older entry always has the correct time). The only
* way this will happen is when the same subtree can be traversed by
* different args to pax and the -n option is aborting fts out of a
* subtree before all the post-order visits have been made.
*/
indx = ((unsigned)ino) % A_TAB_SZ317;
if ((pt = atab[indx]) != NULL((void *)0)) {
while (pt != NULL((void *)0)) {
	if ((pt->ft.ft_ino == ino) && (pt->ft.ft_dev == dev))
		break;
	pt = pt->fow;
}

/*
 * oops, already there. Leave it alone.
 */
if (pt != NULL((void *)0))
	return;
}

/*
* add it to the front of the hash chain
*/
sigfillset(&allsigs);
sigprocmask(SIG_BLOCK1, &allsigs, &savedsigs);
if ((pt = malloc(sizeof *pt)) != NULL((void *)0)) {
if ((pt->ft.ft_name = strdup(fname)) != NULL((void *)0)) {
	pt->ft.ft_dev = dev;
	pt->ft.ft_ino = ino;
	pt->ft.ft_mtim = *mtimp;
	pt->ft.ft_atim = *atimp;
	pt->fow = atab[indx];
	atab[indx] = pt;
	sigprocmask(SIG_SETMASK3, &savedsigs, NULL((void *)0));
	return;
}
free(pt);
}

sigprocmask(SIG_SETMASK3, &savedsigs, NULL((void *)0));
paxwarn(1, "Directory access time reset table ran out of memory");
1474}

1476/*
* get_atdir()
*	look up a directory by inode and device number to obtain the access
*	and modification time you want to set to. If found, the modification
*	and access time parameters are set and the entry is removed from the
*	table (as it is no longer needed). These are for directories READ by
*	pax
* Return:
*	0 if found, -1 if not found.
*/

1487int
1488do_atdir(const char *name, dev_t dev, ino_t ino)
1489{
ATDIR *pt;
ATDIR **ppt;
sigset_t allsigs, savedsigs;
u_int indx;

if (atab == NULL((void *)0))
return(-1);
/*
* hash by inode and search the chain for an inode and device match
*/
indx = ((unsigned)ino) % A_TAB_SZ317;
if ((pt = atab[indx]) == NULL((void *)0))
return(-1);

ppt = &(atab[indx]);
while (pt != NULL((void *)0)) {
if ((pt->ft.ft_ino == ino) && (pt->ft.ft_dev == dev))
	break;
/*
 * no match, go to next one
 */
ppt = &(pt->fow);
pt = pt->fow;
}

/*
* return if we did not find it.
*/
if (pt == NULL((void *)0) || pt->ft.ft_name == NULL((void *)0) ||
   strcmp(name, pt->ft.ft_name) == 0)
return(-1);

/*
* found it. set the times and remove the entry from the table.
*/
set_attr(&pt->ft, 1, 0, 0, 0);
sigfillset(&allsigs);
sigprocmask(SIG_BLOCK1, &allsigs, &savedsigs);
*ppt = pt->fow;
sigprocmask(SIG_SETMASK3, &savedsigs, NULL((void *)0));
free(pt->ft.ft_name);
free(pt);
return(0);
1533}

1535/*
* directory access mode and time storage routines (for directories CREATED
* by pax).
*
* Pax requires that extracted directories, by default, have their access/mod
* times and permissions set to the values specified in the archive. During the
* actions of extracting (and creating the destination subtree during -rw copy)
* directories extracted may be modified after being created. Even worse is
* that these directories may have been created with file permissions which
* prohibits any descendants of these directories from being extracted. When
* directories are created by pax, access rights may be added to permit the
* creation of files in their subtree. Every time pax creates a directory, the
* times and file permissions specified by the archive are stored. After all
* files have been extracted (or copied), these directories have their times
* and file modes reset to the stored values. The directory info is restored in
* reverse order as entries were added from root to leaf: to restore atime
* properly, we must go backwards.
*/

1554/*
* dir_start()
*	set up the directory time and file mode storage for directories CREATED
*	by pax.
* Return:
*	0 if ok, -1 otherwise
*/

1562int
1563dir_start(void)
1564{
if (dirp != NULL((void *)0))
return(0);

dirsize = DIRP_SIZE64;
if ((dirp = reallocarray(NULL((void *)0), dirsize, sizeof(DIRDATA))) == NULL((void *)0)) {
paxwarn(1, "Unable to allocate memory for directory times");
return(-1);
}
return(0);
1574}

1576/*
* add_dir()
*	add the mode and times for a newly CREATED directory
*	name is name of the directory, psb the stat buffer with the data in it,
*	frc_mode is a flag that says whether to force the setting of the mode
*	(ignoring the user set values for preserving file mode). Frc_mode is
*	for the case where we created a file and found that the resulting
*	directory was not writeable and the user asked for file modes to NOT
*	be preserved. (we have to preserve what was created by default, so we
*	have to force the setting at the end. this is stated explicitly in the
*	pax spec)
*/

1589void
1590add_dir(char *name, struct stat *psb, int frc_mode)
1591{
DIRDATA *dblk;
sigset_t allsigs, savedsigs;
char realname[PATH_MAX1024], *rp;

if (dirp == NULL((void *)0))
return;

if (havechd && *name != '/') {
if ((rp = realpath(name, realname)) == NULL((void *)0)) {
	paxwarn(1, "Cannot canonicalize %s", name);
	return;
}
name = rp;
}
if (dircnt == dirsize) {
dblk = reallocarray(dirp, dirsize * 2, sizeof(DIRDATA));
if (dblk == NULL((void *)0)) {
	paxwarn(1, "Unable to store mode and times for created"
	    " directory: %s", name);
	return;
}
sigprocmask(SIG_BLOCK1, &allsigs, &savedsigs);
dirp = dblk;
dirsize *= 2;
sigprocmask(SIG_SETMASK3, &savedsigs, NULL((void *)0));
}
dblk = &dirp[dircnt];
if ((dblk->ft.ft_name = strdup(name)) == NULL((void *)0)) {
paxwarn(1, "Unable to store mode and times for created"
    " directory: %s", name);
return;
}
dblk->ft.ft_mtim = psb->st_mtim;
dblk->ft.ft_atim = psb->st_atim;
dblk->ft.ft_ino = psb->st_ino;
dblk->ft.ft_dev = psb->st_dev;
dblk->mode = psb->st_mode & ABITS((0001000 | 0000700 | 0000070 | 0000007) | (0004000 | 0002000
));
dblk->frc_mode = frc_mode;
sigprocmask(SIG_BLOCK1, &allsigs, &savedsigs);
++dircnt;
sigprocmask(SIG_SETMASK3, &savedsigs, NULL((void *)0));
1633}

1635/*
* delete_dir()
*	When we rmdir a directory, we may want to make sure we don't
*	later warn about being unable to set its mode and times.
*/

1641void
1642delete_dir(dev_t dev, ino_t ino)
1643{
DIRDATA *dblk;
char *name;
size_t i;

if (dirp == NULL((void *)0))
return;
for (i = 0; i < dircnt; i++) {
dblk = &dirp[i];

if (dblk->ft.ft_name == NULL((void *)0))
	continue;
if (dblk->ft.ft_dev == dev && dblk->ft.ft_ino == ino) {
	name = dblk->ft.ft_name;
	dblk->ft.ft_name = NULL((void *)0);
	free(name);
	break;
}
}
1662}

1664/*
* proc_dir(int in_sig)
*	process all file modes and times stored for directories CREATED
*	by pax.  If in_sig is set, we're in a signal handler and can't
*	free stuff.
*/

1671void
1672proc_dir(int in_sig)
1673{
DIRDATA *dblk;
size_t cnt;

if (dirp == NULL((void *)0))
return;
/*
* read backwards through the file and process each directory
*/
cnt = dircnt;
while (cnt-- > 0) {
dblk = &dirp[cnt];
/*
 * If we remove a directory we created, we replace the
 * ft_name with NULL.  Ignore those.
 */
if (dblk->ft.ft_name == NULL((void *)0))
	continue;

/*
 * frc_mode set, make sure we set the file modes even if
 * the user didn't ask for it (see file_subs.c for more info)
 */
set_attr(&dblk->ft, 0, dblk->mode, pmode || dblk->frc_mode,
    in_sig);
if (!in_sig)
	free(dblk->ft.ft_name);
}

if (!in_sig)
free(dirp);
dirp = NULL((void *)0);
dircnt = 0;
1706}

1708/*
* database independent routines
*/

1712/*
* st_hash()
*	hashes filenames to a u_int for hashing into a table. Looks at the tail
*	end of file, as this provides far better distribution than any other
*	part of the name. For performance reasons we only care about the last
*	MAXKEYLEN chars (should be at LEAST large enough to pick off the file
*	name). Was tested on 500,000 name file tree traversal from the root
*	and gave almost a perfectly uniform distribution of keys when used with
*	prime sized tables (MAXKEYLEN was 128 in test). Hashes (sizeof int)
*	chars at a time and pads with 0 for last addition.
* Return:
*	the hash value of the string MOD (%) the table size.
*/

1726u_int
1727st_hash(const char *name, int len, int tabsz)
1728{
const char *pt;
char *dest;
const char *end;
int i;
u_int key = 0;
int steps;
int res;
u_int val;
4
←
'val' declared without an initial value→

/*
* only look at the tail up to MAXKEYLEN, we do not need to waste
* time here (remember these are pathnames, the tail is what will
* spread out the keys)
*/
if (len > MAXKEYLEN64) {
5
←
Assuming 'len' is > MAXKEYLEN→
6
←
Taking true branch→
pt = &(name[len - MAXKEYLEN64]);
len = MAXKEYLEN64;
} else
pt = name;

/*
* calculate the number of u_int size steps in the string and if
* there is a runt to deal with
*/
steps = len/sizeof(u_int);
res = len % sizeof(u_int);

/*
* add up the value of the string in unsigned integer sized pieces
* too bad we cannot have unsigned int aligned strings, then we
* could avoid the expensive copy.
*/
for (i = 0; i < steps; ++i) {
7
←
Loop condition is true.  Entering loop body→
end = pt + sizeof(u_int);
dest = (char *)&val;
while (pt < end)
8
←
Assuming 'pt' is >= 'end'→
9
←
Loop condition is false. Execution continues on line 1766→
	*dest++ = *pt++;
key += val;
10
←
Assigned value is garbage or undefined
}

/*
* add in the runt padded with zero to the right
*/
if (res) {
val = 0;
end = pt + res;
dest = (char *)&val;
while (pt < end)
	*dest++ = *pt++;
key += val;
}

/*
* return the result mod the table size
*/
return(key % tabsz);
1785}