/usr/src/usr.sbin/mopd/mopchk/../common/loop-bsd.c

Bug Summary

File:	src/usr.sbin/mopd/mopchk/../common/loop-bsd.c
Warning:	line 102, column 8 1st function call argument is an uninitialized value

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name loop-bsd.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/mopd/mopchk/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.sbin/mopd/mopchk -I /usr/src/usr.sbin/mopd/mopchk/.. -I /usr/src/usr.sbin/mopd/mopchk/../common -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.sbin/mopd/mopchk/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.sbin/mopd/mopchk/../common/loop-bsd.c

1/*	$OpenBSD: loop-bsd.c,v 1.14 2021/01/26 18:25:07 deraadt Exp $ */
2 
3/*
4 * Copyright (c) 1993-95 Mats O Jansson.  All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26 
27#include <errno(*__errno()).h>
28#include <stdlib.h>
29#include <string.h>
30#include <unistd.h>
31#if defined(__bsdi__) || defined(__FreeBSD__)
32#include <sys/time.h>
33#endif
34#include <net/bpf.h>
35#include <sys/ioctl.h>
36 
37#include "os.h"
38#include "common/common.h"
39#include "common/mopdef.h"
40 
41int
42mopOpenRC(struct if_info *p, int trans)
43{
44#ifndef NORC
45	return (*(p->iopen))(p->if_name, O_RDWR0x0002, MOP_K_PROTO_RC0x6002, trans);
46#else
47	return (-1);
48#endif
49}
50 
51int
52mopOpenDL(struct if_info *p, int trans)
53{
54#ifndef NODL
55	return (*(p->iopen))(p->if_name, O_RDWR0x0002, MOP_K_PROTO_DL0x6001, trans);
56#else
57	return (-1);
58#endif
59}
60 
61void
62mopReadRC(void)
63{
64}
65 
66void
67mopReadDL(void)
68{
69}
70 
71/*
72 * The list of all interfaces that are being listened to.  loop()
73 * "selects" on the descriptors in this list.
74 */
75extern struct if_info *iflist;
76 
77void   mopProcess(struct if_info *, u_char *);
78 
79/*
80 * Loop indefinitely listening for MOP requests on the
81 * interfaces in 'iflist'.
82 */
83void
84Loop(void)
85{
86	u_char		*buf, *bp, *ep;
87	int		 cc;
88	fd_set		 fds, listeners;
89	int		 bufsize, maxfd = 0;
1
'bufsize' declared without an initial value→
90	struct if_info	*ii;
91 
92	if (iflist == 0) {
2
←
Assuming 'iflist' is not equal to null→
3
←
Taking false branch→
93		syslog(LOG_ERR3, "no interfaces");
94		exit(0);
95	}
96	if (iflist->fd != -1)
4
←
Assuming the condition is false→
5
←
Taking false branch→
97		if (ioctl(iflist->fd, BIOCGBLEN((unsigned long)0x40000000 | ((sizeof(u_int) & 0x1fff) <<
 16) | ((('B')) << 8) | ((102))), (caddr_t)&bufsize) < 0) {
98			syslog(LOG_ERR3, "BIOCGBLEN: %m");
99			exit(0);
100		}
101 
102	buf = malloc(bufsize);
6
←
1st function call argument is an uninitialized value
103	if (buf == 0) {
104		syslog(LOG_ERR3, "malloc: %m");
105		exit(0);
106	}
107	/*
108         * Find the highest numbered file descriptor for select().
109         * Initialize the set of descriptors to listen to.
110         */
111	FD_ZERO(&fds)do { fd_set *_p = (&fds); __size_t _n = (((1024) + ((((unsigned
)(sizeof(__fd_mask) * 8))) - 1)) / (((unsigned)(sizeof(__fd_mask
) * 8)))); while (_n > 0) _p->fds_bits[--_n] = 0; } while
 (0);
112	for (ii = iflist; ii; ii = ii->next)
113		if (ii->fd != -1) {
114			FD_SET(ii->fd, &fds)__fd_set((ii->fd), (&fds));
115			if (ii->fd > maxfd)
116				maxfd = ii->fd;
117		}
118 
119	while (1) {
120		listeners = fds;
121		if (select(maxfd + 1, &listeners, NULL((void *)0), NULL((void *)0), NULL((void *)0)) < 0) {
122			syslog(LOG_ERR3, "select: %m");
123			exit(0);
124		}
125		for (ii = iflist; ii; ii = ii->next)
126			if (ii->fd != -1) {
127				if (!FD_ISSET(ii->fd, &listeners)__fd_isset((ii->fd), (&listeners)))
128					continue;
129again:
130			cc = read(ii->fd, buf, bufsize);
131			/* Don't choke when we get ptraced */
132			if (cc < 0 && errno(*__errno()) == EINTR4)
133				goto again;
134			/* Due to a SunOS bug, after 2^31 bytes, the file
135			 * offset overflows and read fails with EINVAL.  The
136			 * lseek() to 0 will fix things. */
137			if (cc < 0) {
138				if (errno(*__errno()) == EINVAL22 && (lseek(ii->fd, 0,
139				    SEEK_CUR1) + bufsize) < 0) {
140					lseek(ii->fd, 0, SEEK_SET0);
141					goto again;
142				}
143				syslog(LOG_ERR3, "read: %m");
144				exit(0);
145			}
146			/* Loop through the packet(s) */
147#define bhp((struct bpf_hdr *)bp) ((struct bpf_hdr *)bp)
148			bp = buf;
149			ep = bp + cc;
150			while (bp < ep) {
151				int caplen, hdrlen;
152 
153				caplen = bhp((struct bpf_hdr *)bp)->bh_caplen;
154				hdrlen = bhp((struct bpf_hdr *)bp)->bh_hdrlen;
155				mopProcess(ii, bp + hdrlen);
156				bp += BPF_WORDALIGN(hdrlen + caplen)(((hdrlen + caplen) + (sizeof(u_int32_t) - 1)) & ~(sizeof
(u_int32_t) - 1));
157			}
158		}
159	}
160}