Bug Summary

File:src/lib/libc/gen/glob.c
Warning:line 255, column 51
Assigned value is garbage or undefined

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name glob.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libc/obj -resource-dir /usr/local/lib/clang/13.0.0 -include namespace.h -I /usr/src/lib/libc/include -I /usr/src/lib/libc/hidden -D __LIBC__ -D APIWARN -D YP -I /usr/src/lib/libc/yp -I /usr/src/lib/libc -I /usr/src/lib/libc/gdtoa -I /usr/src/lib/libc/arch/amd64/gdtoa -D INFNAN_CHECK -D MULTIPLE_THREADS -D NO_FENV_H -D USE_LOCALE -I /usr/src/lib/libc -I /usr/src/lib/libc/citrus -D RESOLVSORT -D FLOATING_POINT -D PRINTF_WIDE_CHAR -D SCANF_WIDE_CHAR -D FUTEX -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libc/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/lib/libc/gen/glob.c
1/* $OpenBSD: glob.c,v 1.50 2020/10/13 04:42:28 guenther Exp $ */
2/*
3 * Copyright (c) 1989, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * This code is derived from software contributed to Berkeley by
7 * Guido van Rossum.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34/*
35 * glob(3) -- a superset of the one defined in POSIX 1003.2.
36 *
37 * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
38 *
39 * Optional extra services, controlled by flags not defined by POSIX:
40 *
41 * GLOB_QUOTE:
42 * Escaping convention: \ inhibits any special meaning the following
43 * character might have (except \ at end of string is retained).
44 * GLOB_MAGCHAR:
45 * Set in gl_flags if pattern contained a globbing character.
46 * GLOB_NOMAGIC:
47 * Same as GLOB_NOCHECK, but it will only append pattern if it did
48 * not contain any magic characters. [Used in csh style globbing]
49 * GLOB_ALTDIRFUNC:
50 * Use alternately specified directory access functions.
51 * GLOB_TILDE:
52 * expand ~user/foo to the /home/dir/of/user/foo
53 * GLOB_BRACE:
54 * expand {1,2}{a,b} to 1a 1b 2a 2b
55 * gl_matchc:
56 * Number of matches in the current invocation of glob.
57 */
58
59#include <sys/stat.h>
60
61#include <ctype.h>
62#include <dirent.h>
63#include <errno(*__errno()).h>
64#include <glob.h>
65#include <limits.h>
66#include <pwd.h>
67#include <stdint.h>
68#include <stdio.h>
69#include <stdlib.h>
70#include <string.h>
71#include <unistd.h>
72
73#include "charclass.h"
74
75#define DOLLAR'$' '$'
76#define DOT'.' '.'
77#define EOS'\0' '\0'
78#define LBRACKET'[' '['
79#define NOT'!' '!'
80#define QUESTION'?' '?'
81#define QUOTE'\\' '\\'
82#define RANGE'-' '-'
83#define RBRACKET']' ']'
84#define SEP'/' '/'
85#define STAR'*' '*'
86#define TILDE'~' '~'
87#define UNDERSCORE'_' '_'
88#define LBRACE'{' '{'
89#define RBRACE'}' '}'
90#define SLASH'/' '/'
91#define COMMA',' ','
92
93#ifndef DEBUG
94
95#define M_QUOTE0x8000 0x8000
96#define M_PROTECT0x4000 0x4000
97#define M_MASK0xffff 0xffff
98#define M_ASCII0x00ff 0x00ff
99
100typedef u_short Char;
101
102#else
103
104#define M_QUOTE0x8000 0x80
105#define M_PROTECT0x4000 0x40
106#define M_MASK0xffff 0xff
107#define M_ASCII0x00ff 0x7f
108
109typedef char Char;
110
111#endif
112
113
114#define CHAR(c)((Char)((c)&0x00ff)) ((Char)((c)&M_ASCII0x00ff))
115#define META(c)((Char)((c)|0x8000)) ((Char)((c)|M_QUOTE0x8000))
116#define M_ALL((Char)(('*')|0x8000)) META('*')((Char)(('*')|0x8000))
117#define M_END((Char)((']')|0x8000)) META(']')((Char)((']')|0x8000))
118#define M_NOT((Char)(('!')|0x8000)) META('!')((Char)(('!')|0x8000))
119#define M_ONE((Char)(('?')|0x8000)) META('?')((Char)(('?')|0x8000))
120#define M_RNG((Char)(('-')|0x8000)) META('-')((Char)(('-')|0x8000))
121#define M_SET((Char)(('[')|0x8000)) META('[')((Char)(('[')|0x8000))
122#define M_CLASS((Char)((':')|0x8000)) META(':')((Char)((':')|0x8000))
123#define ismeta(c)(((c)&0x8000) != 0) (((c)&M_QUOTE0x8000) != 0)
124
125#define GLOB_LIMIT_MALLOC65536 65536
126#define GLOB_LIMIT_STAT2048 2048
127#define GLOB_LIMIT_READDIR16384 16384
128
129struct glob_lim {
130 size_t glim_malloc;
131 size_t glim_stat;
132 size_t glim_readdir;
133};
134
135struct glob_path_stat {
136 char *gps_path;
137 struct stat *gps_stat;
138};
139
140static int compare(const void *, const void *);
141static int compare_gps(const void *, const void *);
142static int g_Ctoc(const Char *, char *, size_t);
143static int g_lstat(Char *, struct stat *, glob_t *);
144static DIR *g_opendir(Char *, glob_t *);
145static Char *g_strchr(const Char *, int);
146static int g_strncmp(const Char *, const char *, size_t);
147static int g_stat(Char *, struct stat *, glob_t *);
148static int glob0(const Char *, glob_t *, struct glob_lim *);
149static int glob1(Char *, Char *, glob_t *, struct glob_lim *);
150static int glob2(Char *, Char *, Char *, Char *, Char *, Char *,
151 glob_t *, struct glob_lim *);
152static int glob3(Char *, Char *, Char *, Char *, Char *,
153 Char *, Char *, glob_t *, struct glob_lim *);
154static int globextend(const Char *, glob_t *, struct glob_lim *,
155 struct stat *);
156static const Char *
157 globtilde(const Char *, Char *, size_t, glob_t *);
158static int globexp1(const Char *, glob_t *, struct glob_lim *);
159static int globexp2(const Char *, const Char *, glob_t *,
160 struct glob_lim *);
161static int match(Char *, Char *, Char *);
162#ifdef DEBUG
163static void qprintf(const char *, Char *);
164#endif
165
166int
167glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
168 glob_t *pglob)
169{
170 const u_char *patnext;
171 int c;
172 Char *bufnext, *bufend, patbuf[PATH_MAX1024];
173 struct glob_lim limit = { 0, 0, 0 };
174
175 patnext = (u_char *) pattern;
176 if (!(flags & GLOB_APPEND0x0001)) {
1
Assuming the condition is true
2
Taking true branch
177 pglob->gl_pathc = 0;
178 pglob->gl_pathv = NULL((void *)0);
179 pglob->gl_statv = NULL((void *)0);
180 if (!(flags & GLOB_DOOFFS0x0002))
3
Assuming the condition is true
4
Taking true branch
181 pglob->gl_offs = 0;
182 }
183 pglob->gl_flags = flags & ~GLOB_MAGCHAR0x0100;
184 pglob->gl_errfunc = errfunc;
185 pglob->gl_matchc = 0;
186
187 if (strnlen(pattern, PATH_MAX1024) == PATH_MAX1024)
5
Assuming the condition is false
6
Taking false branch
188 return(GLOB_NOMATCH(-3));
189
190 if (pglob->gl_offs
6.1
Field 'gl_offs' is < SSIZE_MAX
>= SSIZE_MAX9223372036854775807L || pglob->gl_pathc
6.2
Field 'gl_pathc' is < SSIZE_MAX
>= SSIZE_MAX9223372036854775807L ||
7
Taking false branch
191 pglob->gl_pathc >= SSIZE_MAX9223372036854775807L - pglob->gl_offs - 1)
192 return GLOB_NOSPACE(-1);
193
194 bufnext = patbuf;
195 bufend = bufnext + PATH_MAX1024 - 1;
196 if (flags & GLOB_NOESCAPE0x1000)
8
Assuming the condition is false
9
Taking false branch
197 while (bufnext < bufend && (c = *patnext++) != EOS'\0')
198 *bufnext++ = c;
199 else {
200 /* Protect the quoted characters. */
201 while (bufnext
9.1
'bufnext' is < 'bufend'
< bufend && (c = *patnext++) != EOS'\0')
10
Assuming the condition is false
11
Loop condition is false. Execution continues on line 211
202 if (c == QUOTE'\\') {
203 if ((c = *patnext++) == EOS'\0') {
204 c = QUOTE'\\';
205 --patnext;
206 }
207 *bufnext++ = c | M_PROTECT0x4000;
208 } else
209 *bufnext++ = c;
210 }
211 *bufnext = EOS'\0';
212
213 if (flags & GLOB_BRACE0x0080)
12
Assuming the condition is true
13
Taking true branch
214 return globexp1(patbuf, pglob, &limit);
14
Calling 'globexp1'
215 else
216 return glob0(patbuf, pglob, &limit);
217}
218
219/*
220 * Expand recursively a glob {} pattern. When there is no more expansion
221 * invoke the standard globbing routine to glob the rest of the magic
222 * characters
223 */
224static int
225globexp1(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
226{
227 const Char* ptr = pattern;
228
229 /* Protect a single {}, for find(1), like csh */
230 if (pattern[0] == LBRACE'{' && pattern[1] == RBRACE'}' && pattern[2] == EOS'\0')
231 return glob0(pattern, pglob, limitp);
232
233 if ((ptr = (const Char *) g_strchr(ptr, LBRACE'{')) != NULL((void *)0))
15
Assuming the condition is true
16
Taking true branch
234 return globexp2(ptr, pattern, pglob, limitp);
17
Calling 'globexp2'
235
236 return glob0(pattern, pglob, limitp);
237}
238
239
240/*
241 * Recursive brace globbing helper. Tries to expand a single brace.
242 * If it succeeds then it invokes globexp1 with the new pattern.
243 * If it fails then it tries to glob the rest of the pattern and returns.
244 */
245static int
246globexp2(const Char *ptr, const Char *pattern, glob_t *pglob,
247 struct glob_lim *limitp)
248{
249 int i, rv;
250 Char *lm, *ls;
251 const Char *pe, *pm, *pl;
252 Char patbuf[PATH_MAX1024];
253
254 /* copy part up to the brace */
255 for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
18
Loop condition is true. Entering loop body
19
Loop condition is true. Entering loop body
20
Assigned value is garbage or undefined
256 ;
257 *lm = EOS'\0';
258 ls = lm;
259
260 /* Find the balanced brace */
261 for (i = 0, pe = ++ptr; *pe; pe++)
262 if (*pe == LBRACKET'[') {
263 /* Ignore everything between [] */
264 for (pm = pe++; *pe != RBRACKET']' && *pe != EOS'\0'; pe++)
265 ;
266 if (*pe == EOS'\0') {
267 /*
268 * We could not find a matching RBRACKET.
269 * Ignore and just look for RBRACE
270 */
271 pe = pm;
272 }
273 } else if (*pe == LBRACE'{')
274 i++;
275 else if (*pe == RBRACE'}') {
276 if (i == 0)
277 break;
278 i--;
279 }
280
281 /* Non matching braces; just glob the pattern */
282 if (i != 0 || *pe == EOS'\0')
283 return glob0(patbuf, pglob, limitp);
284
285 for (i = 0, pl = pm = ptr; pm <= pe; pm++) {
286 switch (*pm) {
287 case LBRACKET'[':
288 /* Ignore everything between [] */
289 for (pl = pm++; *pm != RBRACKET']' && *pm != EOS'\0'; pm++)
290 ;
291 if (*pm == EOS'\0') {
292 /*
293 * We could not find a matching RBRACKET.
294 * Ignore and just look for RBRACE
295 */
296 pm = pl;
297 }
298 break;
299
300 case LBRACE'{':
301 i++;
302 break;
303
304 case RBRACE'}':
305 if (i) {
306 i--;
307 break;
308 }
309 /* FALLTHROUGH */
310 case COMMA',':
311 if (i && *pm == COMMA',')
312 break;
313 else {
314 /* Append the current string */
315 for (lm = ls; (pl < pm); *lm++ = *pl++)
316 ;
317
318 /*
319 * Append the rest of the pattern after the
320 * closing brace
321 */
322 for (pl = pe + 1; (*lm++ = *pl++) != EOS'\0'; )
323 ;
324
325 /* Expand the current pattern */
326#ifdef DEBUG
327 qprintf("globexp2:", patbuf);
328#endif
329 rv = globexp1(patbuf, pglob, limitp);
330 if (rv && rv != GLOB_NOMATCH(-3))
331 return rv;
332
333 /* move after the comma, to the next string */
334 pl = pm + 1;
335 }
336 break;
337
338 default:
339 break;
340 }
341 }
342 return 0;
343}
344
345
346
347/*
348 * expand tilde from the passwd file.
349 */
350static const Char *
351globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob)
352{
353 struct passwd pwstore, *pwd = NULL((void *)0);
354 char *h, pwbuf[_PW_BUF_LEN1024];
355 const Char *p;
356 Char *b, *eb;
357
358 if (*pattern != TILDE'~' || !(pglob->gl_flags & GLOB_TILDE0x0800))
359 return pattern;
360
361 /* Copy up to the end of the string or / */
362 eb = &patbuf[patbuf_len - 1];
363 for (p = pattern + 1, h = (char *) patbuf;
364 h < (char *)eb && *p && *p != SLASH'/'; *h++ = *p++)
365 ;
366
367 *h = EOS'\0';
368
369#if 0
370 if (h == (char *)eb)
371 return what;
372#endif
373
374 if (((char *) patbuf)[0] == EOS'\0') {
375 /*
376 * handle a plain ~ or ~/ by expanding $HOME
377 * first and then trying the password file
378 */
379 if (issetugid() != 0 || (h = getenv("HOME")) == NULL((void *)0)) {
380 getpwuid_r(getuid(), &pwstore, pwbuf, sizeof(pwbuf),
381 &pwd);
382 if (pwd == NULL((void *)0))
383 return pattern;
384 else
385 h = pwd->pw_dir;
386 }
387 } else {
388 /*
389 * Expand a ~user
390 */
391 getpwnam_r((char *)patbuf, &pwstore, pwbuf, sizeof(pwbuf),
392 &pwd);
393 if (pwd == NULL((void *)0))
394 return pattern;
395 else
396 h = pwd->pw_dir;
397 }
398
399 /* Copy the home directory */
400 for (b = patbuf; b < eb && *h; *b++ = *h++)
401 ;
402
403 /* Append the rest of the pattern */
404 while (b < eb && (*b++ = *p++) != EOS'\0')
405 ;
406 *b = EOS'\0';
407
408 return patbuf;
409}
410
411static int
412g_strncmp(const Char *s1, const char *s2, size_t n)
413{
414 int rv = 0;
415
416 while (n--) {
417 rv = *(Char *)s1 - *(const unsigned char *)s2++;
418 if (rv)
419 break;
420 if (*s1++ == '\0')
421 break;
422 }
423 return rv;
424}
425
426static int
427g_charclass(const Char **patternp, Char **bufnextp)
428{
429 const Char *pattern = *patternp + 1;
430 Char *bufnext = *bufnextp;
431 const Char *colon;
432 const struct cclass *cc;
433 size_t len;
434
435 if ((colon = g_strchr(pattern, ':')) == NULL((void *)0) || colon[1] != ']')
436 return 1; /* not a character class */
437
438 len = (size_t)(colon - pattern);
439 for (cc = cclasses; cc->name != NULL((void *)0); cc++) {
440 if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0')
441 break;
442 }
443 if (cc->name == NULL((void *)0))
444 return -1; /* invalid character class */
445 *bufnext++ = M_CLASS((Char)((':')|0x8000));
446 *bufnext++ = (Char)(cc - &cclasses[0]);
447 *bufnextp = bufnext;
448 *patternp += len + 3;
449
450 return 0;
451}
452
453/*
454 * The main glob() routine: compiles the pattern (optionally processing
455 * quotes), calls glob1() to do the real pattern matching, and finally
456 * sorts the list (unless unsorted operation is requested). Returns 0
457 * if things went well, nonzero if errors occurred. It is not an error
458 * to find no matches.
459 */
460static int
461glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
462{
463 const Char *qpatnext;
464 int c, err;
465 size_t oldpathc;
466 Char *bufnext, patbuf[PATH_MAX1024];
467
468 qpatnext = globtilde(pattern, patbuf, PATH_MAX1024, pglob);
469 oldpathc = pglob->gl_pathc;
470 bufnext = patbuf;
471
472 /* We don't need to check for buffer overflow any more. */
473 while ((c = *qpatnext++) != EOS'\0') {
474 switch (c) {
475 case LBRACKET'[':
476 c = *qpatnext;
477 if (c == NOT'!')
478 ++qpatnext;
479 if (*qpatnext == EOS'\0' ||
480 g_strchr(qpatnext+1, RBRACKET']') == NULL((void *)0)) {
481 *bufnext++ = LBRACKET'[';
482 if (c == NOT'!')
483 --qpatnext;
484 break;
485 }
486 *bufnext++ = M_SET((Char)(('[')|0x8000));
487 if (c == NOT'!')
488 *bufnext++ = M_NOT((Char)(('!')|0x8000));
489 c = *qpatnext++;
490 do {
491 if (c == LBRACKET'[' && *qpatnext == ':') {
492 do {
493 err = g_charclass(&qpatnext,
494 &bufnext);
495 if (err)
496 break;
497 c = *qpatnext++;
498 } while (c == LBRACKET'[' && *qpatnext == ':');
499 if (err == -1 &&
500 !(pglob->gl_flags & GLOB_NOCHECK0x0010))
501 return GLOB_NOMATCH(-3);
502 if (c == RBRACKET']')
503 break;
504 }
505 *bufnext++ = CHAR(c)((Char)((c)&0x00ff));
506 if (*qpatnext == RANGE'-' &&
507 (c = qpatnext[1]) != RBRACKET']') {
508 *bufnext++ = M_RNG((Char)(('-')|0x8000));
509 *bufnext++ = CHAR(c)((Char)((c)&0x00ff));
510 qpatnext += 2;
511 }
512 } while ((c = *qpatnext++) != RBRACKET']');
513 pglob->gl_flags |= GLOB_MAGCHAR0x0100;
514 *bufnext++ = M_END((Char)((']')|0x8000));
515 break;
516 case QUESTION'?':
517 pglob->gl_flags |= GLOB_MAGCHAR0x0100;
518 *bufnext++ = M_ONE((Char)(('?')|0x8000));
519 break;
520 case STAR'*':
521 pglob->gl_flags |= GLOB_MAGCHAR0x0100;
522 /* collapse adjacent stars to one,
523 * to avoid exponential behavior
524 */
525 if (bufnext == patbuf || bufnext[-1] != M_ALL((Char)(('*')|0x8000)))
526 *bufnext++ = M_ALL((Char)(('*')|0x8000));
527 break;
528 default:
529 *bufnext++ = CHAR(c)((Char)((c)&0x00ff));
530 break;
531 }
532 }
533 *bufnext = EOS'\0';
534#ifdef DEBUG
535 qprintf("glob0:", patbuf);
536#endif
537
538 if ((err = glob1(patbuf, patbuf+PATH_MAX1024-1, pglob, limitp)) != 0)
539 return(err);
540
541 /*
542 * If there was no match we are going to append the pattern
543 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
544 * and the pattern did not contain any magic characters
545 * GLOB_NOMAGIC is there just for compatibility with csh.
546 */
547 if (pglob->gl_pathc == oldpathc) {
548 if ((pglob->gl_flags & GLOB_NOCHECK0x0010) ||
549 ((pglob->gl_flags & GLOB_NOMAGIC0x0200) &&
550 !(pglob->gl_flags & GLOB_MAGCHAR0x0100)))
551 return(globextend(pattern, pglob, limitp, NULL((void *)0)));
552 else
553 return(GLOB_NOMATCH(-3));
554 }
555 if (!(pglob->gl_flags & GLOB_NOSORT0x0020)) {
556 if ((pglob->gl_flags & GLOB_KEEPSTAT0x4000)) {
557 /* Keep the paths and stat info synced during sort */
558 struct glob_path_stat *path_stat;
559 size_t i;
560 size_t n = pglob->gl_pathc - oldpathc;
561 size_t o = pglob->gl_offs + oldpathc;
562
563 if ((path_stat = calloc(n, sizeof(*path_stat))) == NULL((void *)0))
564 return GLOB_NOSPACE(-1);
565 for (i = 0; i < n; i++) {
566 path_stat[i].gps_path = pglob->gl_pathv[o + i];
567 path_stat[i].gps_stat = pglob->gl_statv[o + i];
568 }
569 qsort(path_stat, n, sizeof(*path_stat), compare_gps);
570 for (i = 0; i < n; i++) {
571 pglob->gl_pathv[o + i] = path_stat[i].gps_path;
572 pglob->gl_statv[o + i] = path_stat[i].gps_stat;
573 }
574 free(path_stat);
575 } else {
576 qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
577 pglob->gl_pathc - oldpathc, sizeof(char *),
578 compare);
579 }
580 }
581 return(0);
582}
583
584static int
585compare(const void *p, const void *q)
586{
587 return(strcmp(*(char **)p, *(char **)q));
588}
589
590static int
591compare_gps(const void *_p, const void *_q)
592{
593 const struct glob_path_stat *p = (const struct glob_path_stat *)_p;
594 const struct glob_path_stat *q = (const struct glob_path_stat *)_q;
595
596 return(strcmp(p->gps_path, q->gps_path));
597}
598
599static int
600glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
601{
602 Char pathbuf[PATH_MAX1024];
603
604 /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
605 if (*pattern == EOS'\0')
606 return(0);
607 return(glob2(pathbuf, pathbuf+PATH_MAX1024-1,
608 pathbuf, pathbuf+PATH_MAX1024-1,
609 pattern, pattern_last, pglob, limitp));
610}
611
612/*
613 * The functions glob2 and glob3 are mutually recursive; there is one level
614 * of recursion for each segment in the pattern that contains one or more
615 * meta characters.
616 */
617static int
618glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
619 Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
620{
621 struct stat sb;
622 Char *p, *q;
623 int anymeta;
624
625 /*
626 * Loop over pattern segments until end of pattern or until
627 * segment with meta character found.
628 */
629 for (anymeta = 0;;) {
630 if (*pattern == EOS'\0') { /* End of pattern? */
631 *pathend = EOS'\0';
632
633 if ((pglob->gl_flags & GLOB_LIMIT0x2000) &&
634 limitp->glim_stat++ >= GLOB_LIMIT_STAT2048) {
635 errno(*__errno()) = 0;
636 *pathend++ = SEP'/';
637 *pathend = EOS'\0';
638 return(GLOB_NOSPACE(-1));
639 }
640 if (g_lstat(pathbuf, &sb, pglob))
641 return(0);
642
643 if (((pglob->gl_flags & GLOB_MARK0x0008) &&
644 pathend[-1] != SEP'/') && (S_ISDIR(sb.st_mode)((sb.st_mode & 0170000) == 0040000) ||
645 (S_ISLNK(sb.st_mode)((sb.st_mode & 0170000) == 0120000) &&
646 (g_stat(pathbuf, &sb, pglob) == 0) &&
647 S_ISDIR(sb.st_mode)((sb.st_mode & 0170000) == 0040000)))) {
648 if (pathend+1 > pathend_last)
649 return (1);
650 *pathend++ = SEP'/';
651 *pathend = EOS'\0';
652 }
653 ++pglob->gl_matchc;
654 return(globextend(pathbuf, pglob, limitp, &sb));
655 }
656
657 /* Find end of next segment, copy tentatively to pathend. */
658 q = pathend;
659 p = pattern;
660 while (*p != EOS'\0' && *p != SEP'/') {
661 if (ismeta(*p)(((*p)&0x8000) != 0))
662 anymeta = 1;
663 if (q+1 > pathend_last)
664 return (1);
665 *q++ = *p++;
666 }
667
668 if (!anymeta) { /* No expansion, do next segment. */
669 pathend = q;
670 pattern = p;
671 while (*pattern == SEP'/') {
672 if (pathend+1 > pathend_last)
673 return (1);
674 *pathend++ = *pattern++;
675 }
676 } else
677 /* Need expansion, recurse. */
678 return(glob3(pathbuf, pathbuf_last, pathend,
679 pathend_last, pattern, p, pattern_last,
680 pglob, limitp));
681 }
682 /* NOTREACHED */
683}
684
685static int
686glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
687 Char *pattern, Char *restpattern, Char *restpattern_last, glob_t *pglob,
688 struct glob_lim *limitp)
689{
690 struct dirent *dp;
691 DIR *dirp;
692 int err;
693 char buf[PATH_MAX1024];
694
695 /*
696 * The readdirfunc declaration can't be prototyped, because it is
697 * assigned, below, to two functions which are prototyped in glob.h
698 * and dirent.h as taking pointers to differently typed opaque
699 * structures.
700 */
701 struct dirent *(*readdirfunc)(void *);
702
703 if (pathend > pathend_last)
704 return (1);
705 *pathend = EOS'\0';
706 errno(*__errno()) = 0;
707
708 if ((dirp = g_opendir(pathbuf, pglob)) == NULL((void *)0)) {
709 /* TODO: don't call for ENOENT or ENOTDIR? */
710 if (pglob->gl_errfunc) {
711 if (g_Ctoc(pathbuf, buf, sizeof(buf)))
712 return(GLOB_ABORTED(-2));
713 if (pglob->gl_errfunc(buf, errno(*__errno())) ||
714 pglob->gl_flags & GLOB_ERR0x0004)
715 return(GLOB_ABORTED(-2));
716 }
717 return(0);
718 }
719
720 err = 0;
721
722 /* Search directory for matching names. */
723 if (pglob->gl_flags & GLOB_ALTDIRFUNC0x0040)
724 readdirfunc = pglob->gl_readdir;
725 else
726 readdirfunc = (struct dirent *(*)(void *))readdir;
727 while ((dp = (*readdirfunc)(dirp))) {
728 u_char *sc;
729 Char *dc;
730
731 if ((pglob->gl_flags & GLOB_LIMIT0x2000) &&
732 limitp->glim_readdir++ >= GLOB_LIMIT_READDIR16384) {
733 errno(*__errno()) = 0;
734 *pathend++ = SEP'/';
735 *pathend = EOS'\0';
736 err = GLOB_NOSPACE(-1);
737 break;
738 }
739
740 /* Initial DOT must be matched literally. */
741 if (dp->d_name[0] == DOT'.' && *pattern != DOT'.')
742 continue;
743 dc = pathend;
744 sc = (u_char *) dp->d_name;
745 while (dc < pathend_last && (*dc++ = *sc++) != EOS'\0')
746 ;
747 if (dc >= pathend_last) {
748 *dc = EOS'\0';
749 err = 1;
750 break;
751 }
752
753 if (!match(pathend, pattern, restpattern)) {
754 *pathend = EOS'\0';
755 continue;
756 }
757 err = glob2(pathbuf, pathbuf_last, --dc, pathend_last,
758 restpattern, restpattern_last, pglob, limitp);
759 if (err)
760 break;
761 }
762
763 if (pglob->gl_flags & GLOB_ALTDIRFUNC0x0040)
764 (*pglob->gl_closedir)(dirp);
765 else
766 closedir(dirp);
767 return(err);
768}
769
770
771/*
772 * Extend the gl_pathv member of a glob_t structure to accommodate a new item,
773 * add the new item, and update gl_pathc.
774 *
775 * This assumes the BSD realloc, which only copies the block when its size
776 * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
777 * behavior.
778 *
779 * Return 0 if new item added, error code if memory couldn't be allocated.
780 *
781 * Invariant of the glob_t structure:
782 * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
783 * gl_pathv points to (gl_offs + gl_pathc + 1) items.
784 */
785static int
786globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
787 struct stat *sb)
788{
789 char **pathv;
790 size_t i, newn, len;
791 char *copy = NULL((void *)0);
792 const Char *p;
793 struct stat **statv;
794
795 newn = 2 + pglob->gl_pathc + pglob->gl_offs;
796 if (pglob->gl_offs >= SSIZE_MAX9223372036854775807L ||
797 pglob->gl_pathc >= SSIZE_MAX9223372036854775807L ||
798 newn >= SSIZE_MAX9223372036854775807L ||
799 SIZE_MAX0xffffffffffffffffUL / sizeof(*pathv) <= newn ||
800 SIZE_MAX0xffffffffffffffffUL / sizeof(*statv) <= newn) {
801 nospace:
802 for (i = pglob->gl_offs; i < newn - 2; i++) {
803 if (pglob->gl_pathv && pglob->gl_pathv[i])
804 free(pglob->gl_pathv[i]);
805 if ((pglob->gl_flags & GLOB_KEEPSTAT0x4000) != 0 &&
806 pglob->gl_pathv && pglob->gl_pathv[i])
807 free(pglob->gl_statv[i]);
808 }
809 free(pglob->gl_pathv);
810 pglob->gl_pathv = NULL((void *)0);
811 free(pglob->gl_statv);
812 pglob->gl_statv = NULL((void *)0);
813 return(GLOB_NOSPACE(-1));
814 }
815
816 pathv = reallocarray(pglob->gl_pathv, newn, sizeof(*pathv));
817 if (pathv == NULL((void *)0))
818 goto nospace;
819 if (pglob->gl_pathv == NULL((void *)0) && pglob->gl_offs > 0) {
820 /* first time around -- clear initial gl_offs items */
821 pathv += pglob->gl_offs;
822 for (i = pglob->gl_offs; i > 0; i--)
823 *--pathv = NULL((void *)0);
824 }
825 pglob->gl_pathv = pathv;
826
827 if ((pglob->gl_flags & GLOB_KEEPSTAT0x4000) != 0) {
828 statv = reallocarray(pglob->gl_statv, newn, sizeof(*statv));
829 if (statv == NULL((void *)0))
830 goto nospace;
831 if (pglob->gl_statv == NULL((void *)0) && pglob->gl_offs > 0) {
832 /* first time around -- clear initial gl_offs items */
833 statv += pglob->gl_offs;
834 for (i = pglob->gl_offs; i > 0; i--)
835 *--statv = NULL((void *)0);
836 }
837 pglob->gl_statv = statv;
838 if (sb == NULL((void *)0))
839 statv[pglob->gl_offs + pglob->gl_pathc] = NULL((void *)0);
840 else {
841 limitp->glim_malloc += sizeof(**statv);
842 if ((pglob->gl_flags & GLOB_LIMIT0x2000) &&
843 limitp->glim_malloc >= GLOB_LIMIT_MALLOC65536) {
844 errno(*__errno()) = 0;
845 return(GLOB_NOSPACE(-1));
846 }
847 if ((statv[pglob->gl_offs + pglob->gl_pathc] =
848 malloc(sizeof(**statv))) == NULL((void *)0))
849 goto copy_error;
850 memcpy(statv[pglob->gl_offs + pglob->gl_pathc], sb,
851 sizeof(*sb));
852 }
853 statv[pglob->gl_offs + pglob->gl_pathc + 1] = NULL((void *)0);
854 }
855
856 for (p = path; *p++;)
857 ;
858 len = (size_t)(p - path);
859 limitp->glim_malloc += len;
860 if ((copy = malloc(len)) != NULL((void *)0)) {
861 if (g_Ctoc(path, copy, len)) {
862 free(copy);
863 return(GLOB_NOSPACE(-1));
864 }
865 pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
866 }
867 pathv[pglob->gl_offs + pglob->gl_pathc] = NULL((void *)0);
868
869 if ((pglob->gl_flags & GLOB_LIMIT0x2000) &&
870 (newn * sizeof(*pathv)) + limitp->glim_malloc >
871 GLOB_LIMIT_MALLOC65536) {
872 errno(*__errno()) = 0;
873 return(GLOB_NOSPACE(-1));
874 }
875 copy_error:
876 return(copy == NULL((void *)0) ? GLOB_NOSPACE(-1) : 0);
877}
878
879
880/*
881 * pattern matching function for filenames. Each occurrence of the *
882 * pattern causes an iteration.
883 *
884 * Note, this function differs from the original as per the discussion
885 * here: https://research.swtch.com/glob
886 *
887 * Basically we removed the recursion and made it use the algorithm
888 * from Russ Cox to not go quadratic on cases like a file called
889 * ("a" x 100) . "x" matched against a pattern like "a*a*a*a*a*a*a*y".
890 */
891static int
892match(Char *name, Char *pat, Char *patend)
893{
894 int ok, negate_range;
895 Char c, k;
896 Char *nextp = NULL((void *)0);
897 Char *nextn = NULL((void *)0);
898
899loop:
900 while (pat < patend) {
901 c = *pat++;
902 switch (c & M_MASK0xffff) {
903 case M_ALL((Char)(('*')|0x8000)):
904 while (pat < patend && (*pat & M_MASK0xffff) == M_ALL((Char)(('*')|0x8000)))
905 pat++; /* eat consecutive '*' */
906 if (pat == patend)
907 return(1);
908 if (*name == EOS'\0')
909 return(0);
910 nextn = name + 1;
911 nextp = pat - 1;
912 break;
913 case M_ONE((Char)(('?')|0x8000)):
914 if (*name++ == EOS'\0')
915 goto fail;
916 break;
917 case M_SET((Char)(('[')|0x8000)):
918 ok = 0;
919 if ((k = *name++) == EOS'\0')
920 goto fail;
921 if ((negate_range = ((*pat & M_MASK0xffff) == M_NOT((Char)(('!')|0x8000)))) != EOS'\0')
922 ++pat;
923 while (((c = *pat++) & M_MASK0xffff) != M_END((Char)((']')|0x8000))) {
924 if ((c & M_MASK0xffff) == M_CLASS((Char)((':')|0x8000))) {
925 Char idx = *pat & M_MASK0xffff;
926 if (idx < NCCLASSES(sizeof(cclasses) / sizeof(cclasses[0]) - 1) &&
927 cclasses[idx].isctype(k))
928 ok = 1;
929 ++pat;
930 }
931 if ((*pat & M_MASK0xffff) == M_RNG((Char)(('-')|0x8000))) {
932 if (c <= k && k <= pat[1])
933 ok = 1;
934 pat += 2;
935 } else if (c == k)
936 ok = 1;
937 }
938 if (ok == negate_range)
939 goto fail;
940 break;
941 default:
942 if (*name++ != c)
943 goto fail;
944 break;
945 }
946 }
947 if (*name == EOS'\0')
948 return(1);
949
950fail:
951 if (nextn) {
952 pat = nextp;
953 name = nextn;
954 goto loop;
955 }
956 return(0);
957}
958
959/* Free allocated data belonging to a glob_t structure. */
960void
961globfree(glob_t *pglob)
962{
963 size_t i;
964 char **pp;
965
966 if (pglob->gl_pathv != NULL((void *)0)) {
967 pp = pglob->gl_pathv + pglob->gl_offs;
968 for (i = pglob->gl_pathc; i--; ++pp)
969 free(*pp);
970 free(pglob->gl_pathv);
971 pglob->gl_pathv = NULL((void *)0);
972 }
973 if (pglob->gl_statv != NULL((void *)0)) {
974 for (i = 0; i < pglob->gl_pathc; i++) {
975 free(pglob->gl_statv[i]);
976 }
977 free(pglob->gl_statv);
978 pglob->gl_statv = NULL((void *)0);
979 }
980}
981
982static DIR *
983g_opendir(Char *str, glob_t *pglob)
984{
985 char buf[PATH_MAX1024];
986
987 if (!*str)
988 strlcpy(buf, ".", sizeof buf);
989 else {
990 if (g_Ctoc(str, buf, sizeof(buf)))
991 return(NULL((void *)0));
992 }
993
994 if (pglob->gl_flags & GLOB_ALTDIRFUNC0x0040)
995 return((*pglob->gl_opendir)(buf));
996
997 return(opendir(buf));
998}
999
1000static int
1001g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
1002{
1003 char buf[PATH_MAX1024];
1004
1005 if (g_Ctoc(fn, buf, sizeof(buf)))
1006 return(-1);
1007 if (pglob->gl_flags & GLOB_ALTDIRFUNC0x0040)
1008 return((*pglob->gl_lstat)(buf, sb));
1009 return(lstat(buf, sb));
1010}
1011
1012static int
1013g_stat(Char *fn, struct stat *sb, glob_t *pglob)
1014{
1015 char buf[PATH_MAX1024];
1016
1017 if (g_Ctoc(fn, buf, sizeof(buf)))
1018 return(-1);
1019 if (pglob->gl_flags & GLOB_ALTDIRFUNC0x0040)
1020 return((*pglob->gl_stat)(buf, sb));
1021 return(stat(buf, sb));
1022}
1023
1024static Char *
1025g_strchr(const Char *str, int ch)
1026{
1027 do {
1028 if (*str == ch)
1029 return ((Char *)str);
1030 } while (*str++);
1031 return (NULL((void *)0));
1032}
1033
1034static int
1035g_Ctoc(const Char *str, char *buf, size_t len)
1036{
1037
1038 while (len--) {
1039 if ((*buf++ = *str++) == EOS'\0')
1040 return (0);
1041 }
1042 return (1);
1043}
1044
1045#ifdef DEBUG
1046static void
1047qprintf(const char *str, Char *s)
1048{
1049 Char *p;
1050
1051 (void)printf("%s:\n", str);
1052 for (p = s; *p; p++)
1053 (void)printf("%c", CHAR(*p)((Char)((*p)&0x00ff)));
1054 (void)printf("\n");
1055 for (p = s; *p; p++)
1056 (void)printf("%c", *p & M_PROTECT0x4000 ? '"' : ' ');
1057 (void)printf("\n");
1058 for (p = s; *p; p++)
1059 (void)printf("%c", ismeta(*p)(((*p)&0x8000) != 0) ? '_' : ' ');
1060 (void)printf("\n");
1061}
1062#endif