/usr/src/sbin/badsect/badsect.c

Bug Summary

File:	src/sbin/badsect/badsect.c
Warning:	line 116, column 2 Null pointer passed as 2nd argument to string copy function

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name badsect.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sbin/badsect/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/sbin/badsect/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/sbin/badsect/badsect.c

1/*	$OpenBSD: badsect.c,v 1.28 2019/06/28 13:32:43 deraadt Exp $	*/
2/*	$NetBSD: badsect.c,v 1.10 1995/03/18 14:54:28 cgd Exp $	*/
3 
4/*
5 * Copyright (c) 1981, 1983, 1993
6 *	The Regents of the University of California.  All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32 
33/*
34 * badsect
35 *
36 * Badsect takes a list of file-system relative sector numbers
37 * and makes files containing the blocks of which these sectors are a part.
38 * It can be used to contain sectors which have problems if these sectors
39 * are not part of the bad file for the pack (see bad144).  For instance,
40 * this program can be used if the driver for the file system in question
41 * does not support bad block forwarding.
42 */
43#include <sys/param.h>	/* MAXBSIZE DEV_BSIZE isclr */
44#include <sys/stat.h>
45 
46#include <ufs/ffs/fs.h>
47#include <ufs/ufs/dinode.h>
48 
49#include <dirent.h>
50#include <fcntl.h>
51#include <paths.h>
52#include <stdio.h>
53#include <stdlib.h>
54#include <string.h>
55#include <unistd.h>
56#include <limits.h>
57#include <err.h>
58 
59static int chkuse(daddr_t, int);
60static void rdfs(daddr_t, int, char *);
61 
62static union {
63	struct	fs fs;
64	char	fsx[SBSIZE8192];
65} ufs;
66#define sblockufs.fs	ufs.fs
67static union {
68	struct	cg cg;
69	char	cgx[MAXBSIZE(64 * 1024)];
70} ucg;
71#define	acgucg.cg	ucg.cg
72static struct	fs *fs;
73static int	fsi;
74static int	errs;
75 
76int
77main(int argc, char *argv[])
78{
79	daddr_t number;
80	struct stat stbuf, devstat;
81	struct dirent *dp;
82	DIR *dirp;
83	char name[BUFSIZ1024];
84	int len;
85 
86	if (argc < 3) {
1
Assuming 'argc' is >= 3→
2
←
Taking false branch→
87		fprintf(stderr(&__sF[2]), "usage: badsect bbdir sector ...\n");
88		exit(1);
89	}
90	if (chdir(argv[1]) == -1 || stat(".", &stbuf) == -1)
3
←
Assuming the condition is false→
4
←
Assuming the condition is false→
5
←
Taking false branch→
91		err(2, "%s", argv[1]);
92 
93	strlcpy(name, _PATH_DEV"/dev/", sizeof name);
94	len = strlen(name);
95	if ((dirp = opendir(name)) == NULL((void *)0))
6
←
Assuming the condition is false→
7
←
Taking false branch→
96		err(3, "%s", name);
97 
98	while ((dp = readdir(dirp)) != NULL((void *)0)) {
8
←
Assuming the condition is false→
9
←
Loop condition is false. Execution continues on line 115→
99		strlcpy(&name[len], dp->d_name, sizeof name - len);
100		if (stat(name, &devstat) == -1)
101			err(4, "%s", name);
102 
103		if (stbuf.st_dev == devstat.st_rdev &&
104		    S_ISBLK(devstat.st_mode)((devstat.st_mode & 0170000) == 0060000))
105			break;
106	}
107 
108	/*
109	 * We've found the block device, but since the filesystem
110	 * is mounted, we must write to the raw (character) device
111	 * instead. This is not guaranteed to work if someone has a
112	 * /dev that doesn't follow standard naming conventions, but
113	 * it's all we've got.
114	 */
115	name[len] = 'r';
116	strlcpy(&name[len+1], dp->d_name, sizeof name - (len+1));
10
←
Null pointer passed as 2nd argument to string copy function
117	closedir(dirp);
118	if (dp == NULL((void *)0))
119		err(5, "Cannot find dev 0%o corresponding to %s",
120			stbuf.st_rdev, argv[1]);
121 
122	if ((fsi = open(name, O_RDONLY0x0000)) == -1)
123		err(6, "%s", name);
124 
125	fs = &sblockufs.fs;
126	rdfs(SBOFF((off_t)(((off_t)(0)) + 8192)), SBSIZE8192, (char *)fs);
127	for (argc -= 2, argv += 2; argc > 0; argc--, argv++) {
128		number = strtonum(*argv, 0, QUAD_MAX0x7fffffffffffffffLL, NULL((void *)0));
129		if (chkuse(number, 1))
130			continue;
131		if (mknod(*argv, S_IFMT0170000|S_IRUSR0000400|S_IWUSR0000200,
132		    dbtofsb(fs, number)((number) >> (fs)->fs_fsbtodb)) < 0) {
133			warn("%s", *argv);
134			errs++;
135		}
136	}
137	printf("Don't forget to run ``fsck %s''\n", name);
138	exit(errs);
139}
140 
141static int
142chkuse(daddr_t blkno, int cnt)
143{
144	int cg;
145	daddr_t fsbn, bn;
146 
147	fsbn = dbtofsb(fs, blkno)((blkno) >> (fs)->fs_fsbtodb);
148	if (fsbn+cnt > fs->fs_ffs1_size) {
149		fprintf(stderr(&__sF[2]), "block %lld out of range of file system\n",
150		    (long long)blkno);
151		return (1);
152	}
153	cg = dtog(fs, fsbn)((fsbn) / (fs)->fs_fpg);
154	if (fsbn < cgdmin(fs, cg)((((daddr_t)(fs)->fs_fpg * (cg)) + (fs)->fs_cgoffset * (
(cg) & ~((fs)->fs_cgmask))) + (fs)->fs_dblkno)) {
155		if (cg == 0 || (fsbn+cnt) > cgsblock(fs, cg)((((daddr_t)(fs)->fs_fpg * (cg)) + (fs)->fs_cgoffset * (
(cg) & ~((fs)->fs_cgmask))) + (fs)->fs_sblkno)) {
156			fprintf(stderr(&__sF[2]), "block %lld in non-data area: cannot "
157			    "attach\n", (long long)blkno);
158			return (1);
159		}
160	} else {
161		if ((fsbn+cnt) > cgbase(fs, cg+1)((daddr_t)(fs)->fs_fpg * (cg+1))) {
162			fprintf(stderr(&__sF[2]), "block %lld in non-data area: cannot "
163			    "attach\n", (long long)blkno);
164			return (1);
165		}
166	}
167	rdfs(fsbtodb(fs, cgtod(fs, cg))((((((daddr_t)(fs)->fs_fpg * (cg)) + (fs)->fs_cgoffset *
 ((cg) & ~((fs)->fs_cgmask))) + (fs)->fs_cblkno)) <<
 (fs)->fs_fsbtodb), (int)sblockufs.fs.fs_cgsize,
168	    (char *)&acgucg.cg);
169	if (!cg_chkmagic(&acg)((&ucg.cg)->cg_magic == 0x090255 || ((struct ocg *)(&
ucg.cg))->cg_magic == 0x090255)) {
170		fprintf(stderr(&__sF[2]), "cg %d: bad magic number\n", cg);
171		errs++;
172		return (1);
173	}
174	bn = dtogd(fs, fsbn)((fsbn) % (fs)->fs_fpg);
175	if (isclr(cg_blksfree(&acg), bn)((((((&ucg.cg)->cg_magic != 0x090255) ? (((struct ocg *
)(&ucg.cg))->cg_free) : ((u_int8_t *)((u_int8_t *)(&
ucg.cg) + (&ucg.cg)->cg_freeoff))))[(bn)>>3] &
 (1<<((bn)&(8 -1)))) == 0))
176		fprintf(stderr(&__sF[2]), "Warning: sector %lld is in use\n",
177		    (long long)blkno);
178	return (0);
179}
180 
181/*
182 * read a block from the file system
183 */
184static void
185rdfs(daddr_t bno, int size, char *bf)
186{
187	if (pread(fsi, bf, size, bno * DEV_BSIZE(1 << 9)) != size) {
188		fprintf(stderr(&__sF[2]), "read error: %lld\n", (long long)bno);
189		err(1, "rdfs");
190	}
191}