/home/ben/Projects/got/got/../lib/buf.c

Bug Summary

File:	got/../lib/buf.c
Warning:	line 113, column 12 Access to field 'cb_buf' results in a dereference of a null pointer

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd6.9 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name buf.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/local/lib/clang/11.1.0 -I /home/ben/Projects/got/got/../include -I /home/ben/Projects/got/got/../lib -D GOT_LIBEXECDIR=/home/ben/bin -D GOT_VERSION=0.53-current -internal-isystem /usr/local/lib/clang/11.1.0/include -internal-externc-isystem /usr/include -O0 -fdebug-compilation-dir /home/ben/Projects/got/got/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /home/ben/Projects/got/scan/2021-05-28-230913-68537-1 -x c /home/ben/Projects/got/got/../lib/buf.c

1/*	$OpenBSD: buf.c,v 1.27 2016/10/16 13:35:51 okan Exp $	*/
2/*
3 * Copyright (c) 2003 Jean-Francois Brousseau <jfb@openbsd.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. The name of the author may not be used to endorse or promote products
13 *    derived from this software without specific prior written permission.
14 *
15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
16 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
17 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
18 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
19 * EXEMPLARY, OR CONSEQUENTIAL  DAMAGES (INCLUDING, BUT NOT LIMITED TO,
20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
21 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
22 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
24 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26 
27#include <sys/queue.h>
28#include <sys/stat.h>
29 
30#include <errno(*__errno()).h>
31#include <fcntl.h>
32#include <stdint.h>
33#include <stdio.h>
34#include <stdlib.h>
35#include <string.h>
36#include <unistd.h>
37 
38#include "buf.h"
39 
40#include "got_error.h"
41 
42#define BUF_INCR128	128
43 
44#define SIZE_LEFT(b)((b)->cb_size - (b)->cb_len)	((b)->cb_size - (b)->cb_len)
45 
46static const struct got_error *buf_grow(BUF *, size_t);
47 
48/*
49 * Create a new buffer structure and return a pointer to it.  This structure
50 * uses dynamically-allocated memory and must be freed with buf_free(), once
51 * the buffer is no longer needed.
52 */
53const struct got_error *
54buf_alloc(BUF **b, size_t len)
55{
56	const struct got_error *err = NULL((void *)0);
57 
58	*b = malloc(sizeof(**b));
7
←
Assigning value→
59	if (*b == NULL((void *)0))
8
←
Assuming the condition is true→
9
←
Taking true branch→
60		return NULL((void *)0);
10
←
Returning null pointer, which participates in a condition later→
61	/* Postpone creation of zero-sized buffers */
62	if (len > 0) {
63		(*b)->cb_buf = calloc(1, len);
64		if ((*b)->cb_buf == NULL((void *)0)) {
65			err = got_error_from_errno("calloc");
66			free(*b);
67			*b = NULL((void *)0);
68			return err;
69		}
70	} else
71		(*b)->cb_buf = NULL((void *)0);
72 
73	(*b)->cb_size = len;
74	(*b)->cb_len = 0;
75 
76	return NULL((void *)0);
77}
78 
79/*
80 * Open the file specified by <path> and load all of its contents into a
81 * buffer.
82 * Returns the loaded buffer on success or NULL on failure.
83 * Sets errno on error.
84 */
85const struct got_error *
86buf_load(BUF **buf, const char *path)
87{
88	const struct got_error *err = NULL((void *)0);
89	int fd;
90	ssize_t ret;
91	size_t len;
92	u_char *bp;
93	struct stat st;
94 
95	*buf = NULL((void *)0);
96 
97	fd = open(path, O_RDONLY0x0000, 0600);
98	if (fd == -1)
1
Assuming the condition is false→
2
←
Taking false branch→
99		return got_error_from_errno2("open", path);
100 
101	if (fstat(fd, &st) == -1) {
3
←
Assuming the condition is false→
4
←
Taking false branch→
102		err = got_error_from_errno2("fstat", path);
103		goto out;
104	}
105 
106	if ((uintmax_t)st.st_size4.1
Field 'st_size' is <= SIZE_MAX
 > SIZE_MAX0xffffffffffffffffUL) {
5
←
Taking false branch→
107		err = got_error_set_errno(EFBIG27, path);
108		goto out;
109	}
110	err = buf_alloc(buf, st.st_size);
6
←
Calling 'buf_alloc'→
11
←
Returning from 'buf_alloc'→
111	if (err11.1
'err' is null
)
12
←
Taking false branch→
112		goto out;
113	for (bp = (*buf)->cb_buf; ; bp += (size_t)ret) {
13
←
Access to field 'cb_buf' results in a dereference of a null pointer
114		len = SIZE_LEFT(*buf)((*buf)->cb_size - (*buf)->cb_len);
115		ret = read(fd, bp, len);
116		if (ret == -1) {
117			err = got_error_from_errno2("read", path);
118			goto out;
119		} else if (ret == 0)
120			break;
121 
122		(*buf)->cb_len += (size_t)ret;
123	}
124 
125out:
126	if (close(fd) == -1 && err == NULL((void *)0))
127		err = got_error_from_errno2("close", path);
128	if (err) {
129		buf_free(*buf);
130		*buf = NULL((void *)0);
131	}
132	return err;
133}
134 
135void
136buf_free(BUF *b)
137{
138	if (b == NULL((void *)0))
139		return;
140	free(b->cb_buf);
141	free(b);
142}
143 
144/*
145 * Free the buffer <b>'s structural information but do not free the contents
146 * of the buffer.  Instead, they are returned and should be freed later using
147 * free().
148 */
149void *
150buf_release(BUF *b)
151{
152	void *tmp;
153 
154	tmp = b->cb_buf;
155	free(b);
156	return (tmp);
157}
158 
159u_char *
160buf_get(BUF *b)
161{
162	return (b->cb_buf);
163}
164 
165/*
166 * Empty the contents of the buffer <b> and reset pointers.
167 */
168void
169buf_empty(BUF *b)
170{
171	memset(b->cb_buf, 0, b->cb_size);
172	b->cb_len = 0;
173}
174 
175/*
176 * Append a single character <c> to the end of the buffer <b>.
177 */
178const struct got_error *
179buf_putc(BUF *b, int c)
180{
181	const struct got_error *err = NULL((void *)0);
182	u_char *bp;
183 
184	if (SIZE_LEFT(b)((b)->cb_size - (b)->cb_len) == 0) {
185		err = buf_grow(b, BUF_INCR128);
186		if (err)
187			return err;
188	}
189	bp = b->cb_buf + b->cb_len;
190	*bp = (u_char)c;
191	b->cb_len++;
192	return NULL((void *)0);
193}
194 
195/*
196 * Append a string <s> to the end of buffer <b>.
197 */
198const struct got_error *
199buf_puts(size_t *newlen, BUF *b, const char *str)
200{
201	return buf_append(newlen, b, str, strlen(str));
202}
203 
204/*
205 * Return u_char at buffer position <pos>.
206 */
207u_char
208buf_getc(BUF *b, size_t pos)
209{
210	return (b->cb_buf[pos]);
211}
212 
213/*
214 * Append <len> bytes of data pointed to by <data> to the buffer <b>.  If the
215 * buffer is too small to accept all data, it will get resized to an
216 * appropriate size to accept all data.
217 * Returns the number of bytes successfully appended to the buffer.
218 */
219const struct got_error *
220buf_append(size_t *newlen, BUF *b, const void *data, size_t len)
221{
222	const struct got_error *err = NULL((void *)0);
223	size_t left, rlen;
224	u_char *bp;
225 
226	left = SIZE_LEFT(b)((b)->cb_size - (b)->cb_len);
227	rlen = len;
228 
229	if (left < len) {
230		err = buf_grow(b, len - left);
231		if (err)
232			return err;
233	}
234	bp = b->cb_buf + b->cb_len;
235	memcpy(bp, data, rlen);
236	b->cb_len += rlen;
237 
238	*newlen = rlen;
239	return NULL((void *)0);
240}
241 
242/*
243 * Returns the size of the buffer that is being used.
244 */
245size_t
246buf_len(BUF *b)
247{
248	return (b->cb_len);
249}
250 
251/*
252 * Write the contents of the buffer <b> to the specified <fd>
253 */
254int
255buf_write_fd(BUF *b, int fd)
256{
257	u_char *bp;
258	size_t len;
259	ssize_t ret;
260 
261	len = b->cb_len;
262	bp = b->cb_buf;
263 
264	do {
265		ret = write(fd, bp, len);
266		if (ret == -1) {
267			if (errno(*__errno()) == EINTR4 || errno(*__errno()) == EAGAIN35)
268				continue;
269			return (-1);
270		}
271 
272		len -= (size_t)ret;
273		bp += (size_t)ret;
274	} while (len > 0);
275 
276	return (0);
277}
278 
279/*
280 * Write the contents of the buffer <b> to the file whose path is given in
281 * <path>.  If the file does not exist, it is created with mode <mode>.
282 */
283const struct got_error *
284buf_write(BUF *b, const char *path, mode_t mode)
285{
286	const struct got_error *err = NULL((void *)0);
287	int fd;
288 open:
289	if ((fd = open(path, O_WRONLY0x0001|O_CREAT0x0200|O_TRUNC0x0400, mode)) == -1) {
290		err = got_error_from_errno2("open", path);
291		if (errno(*__errno()) == EACCES13 && unlink(path) != -1)
292			goto open;
293		else
294			return err;
295	}
296 
297	if (buf_write_fd(b, fd) == -1) {
298		err = got_error_from_errno("buf_write_fd");
299		(void)unlink(path);
300		return err;
301	}
302 
303	if (fchmod(fd, mode) < 0)
304		err = got_error_from_errno2("fchmod", path);
305 
306	if (close(fd) == -1 && err == NULL((void *)0))
307		err = got_error_from_errno2("close", path);
308 
309	return err;
310}
311 
312/*
313 * Write the contents of the buffer <b> to a temporary file whose path is
314 * specified using <template> (see mkstemp.3).
315 * NB. This function will modify <template>, as per mkstemp
316 */
317const struct got_error *
318buf_write_stmp(BUF *b, char *template)
319{
320	const struct got_error *err = NULL((void *)0);
321	int fd;
322 
323	if ((fd = mkstemp(template)) == -1)
324		return got_error_from_errno("mkstemp");
325 
326	if (buf_write_fd(b, fd) == -1) {
327		err = got_error_from_errno("buf_write_fd");
328		(void)unlink(template);
329	}
330 
331	if (close(fd) == -1 && err == NULL((void *)0))
332		err = got_error_from_errno("close");
333 
334	return err;
335}
336 
337/*
338 * Grow the buffer <b> by <len> bytes.  The contents are unchanged by this
339 * operation regardless of the result.
340 */
341static const struct got_error *
342buf_grow(BUF *b, size_t len)
343{
344	u_char *buf;
345	buf = reallocarray(b->cb_buf, 1, b->cb_size + len);
346	if (buf == NULL((void *)0))
347		return got_error_from_errno("reallocarray");
348	b->cb_buf = buf;
349	b->cb_size += len;
350	return NULL((void *)0);
351}