[Bug 37133] New: Clang Static Analyzer: Null path
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Aug 16 13:41:35 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=37133
Bug ID: 37133
Summary: Clang Static Analyzer: Null path
Product: Wine
Version: 1.7.22
Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: lukebenes at hotmail.com
Clang Static Analyzer identifies Null path
File: dlls/crypt32/rootstore.c
Location: line 413, column 10
Description: Null pointer passed as an argument to a 'nonnull' parameter
static BOOL import_certs_from_path(LPCSTR path,
HCERTSTORE store, BOOL allow_dir)
{
...
fd = open(path, O_RDONLY);
//Clang: Null pointer passed as
//an argument to a 'nonnull' parameter
...
}
To understand why Clang suspects that NULL may get here, let's examine the
fragment where this function is called:
static BOOL import_certs_from_dir(LPCSTR path, HCERTSTORE store)
{
...
char *filebuf = NULL;
//Clang: 'filebuf' initialized to a null pointer value
struct dirent *entry;
while ((entry = readdir(dir)))
{
...
size_t name_len = strlen(entry->d_name);
//Calling function to change filebuf
if (!check_buffer_resize(&filebuf, &bufsize,
path_len + 1 + name_len + 1))
{
ERR(...);
break;
}
snprintf(filebuf, bufsize, "%s/%s", path, entry->d_name);
if (import_certs_from_path(filebuf, store, FALSE) && !ret)
//Clang: Passing null pointer value via 1st parameter 'path'
//Clang: Calling 'import_certs_from_path'
ret = TRUE;
...
}
}
In this code, the check_buffer_resize function is called where either the value
of the filebuf variable must change or FALSE must be returned; but the function
may fail to change filebuf and return TRUE instead. Take a look at the
function's code below:
static BOOL check_buffer_resize(char **ptr_buf,
size_t *buf_size, size_t check_size)
{
if (check_size > *buf_size)
{
...
*ptr_buf = CryptMemAlloc(*buf_size);
...
}
return TRUE;
}
The function contains only one condition where the ptr_buf variable is changed,
and if this condition is false, the true return result will allow you to use
this variable further on.
A similar issue is with the memcpy() function:
File: server/directory.c
Location: line 548, column 21
Description: Null pointer passed as an argument to a 'nonnull' parameter
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list