Bug Summary

File:src/bin/ed/glbl.c
Warning:line 124, column 5
Null pointer passed as 1st argument to memory copy function

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name glbl.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/bin/ed/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/bin/ed/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/bin/ed/glbl.c
1/* $OpenBSD: glbl.c,v 1.20 2018/06/04 13:26:21 martijn Exp $ */
2/* $NetBSD: glbl.c,v 1.2 1995/03/21 09:04:41 cgd Exp $ */
3
4/* glob.c: This file contains the global command routines for the ed line
5 editor */
6/*-
7 * Copyright (c) 1993 Andrew Moore, Talke Studio.
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#include <sys/ioctl.h>
33#include <sys/wait.h>
34
35#include <regex.h>
36#include <signal.h>
37#include <stdio.h>
38#include <stdlib.h>
39#include <string.h>
40
41#include "ed.h"
42
43static int set_active_node(line_t *);
44static line_t *next_active_node(void);
45
46/* build_active_list: add line matching a pattern to the global-active list */
47int
48build_active_list(int isgcmd)
49{
50 regex_t *pat;
51 line_t *lp;
52 int n;
53 char *s;
54 char delimiter;
55
56 if ((delimiter = *ibufp) == ' ' || delimiter == '\n') {
57 seterrmsg("invalid pattern delimiter");
58 return ERR(-2);
59 } else if ((pat = get_compiled_pattern()) == NULL((void *)0))
60 return ERR(-2);
61 else if (*ibufp == delimiter)
62 ibufp++;
63 clear_active_list();
64 lp = get_addressed_line_node(first_addr);
65 for (n = first_addr; n <= second_addr; n++, lp = lp->q_forw) {
66 if ((s = get_sbuf_line(lp)) == NULL((void *)0))
67 return ERR(-2);
68 if (isbinary)
69 NUL_TO_NEWLINE(s, lp->len)translit_text(s, lp->len, '\0', '\n');
70 if ((!regexec(pat, s, 0, NULL((void *)0), 0)) == isgcmd &&
71 set_active_node(lp) < 0)
72 return ERR(-2);
73 }
74 return 0;
75}
76
77
78/* exec_global: apply command list in the command buffer to the active
79 lines in a range; return command status */
80int
81exec_global(int interact, int gflag)
82{
83 static char *ocmd = NULL((void *)0);
1
'ocmd' initialized to a null pointer value
84 static int ocmdsz = 0;
85
86 line_t *lp = NULL((void *)0);
87 int status;
88 int n;
89 char *cmd = NULL((void *)0);
90
91 if (!interact) {
2
Assuming 'interact' is not equal to 0
3
Taking false branch
92 if (!strcmp(ibufp, "\n"))
93 cmd = "p\n"; /* null cmd-list == `p' */
94 else if ((cmd = get_extended_line(&n, 0)) == NULL((void *)0))
95 return ERR(-2);
96 }
97 clear_undo_stack();
98 while ((lp = next_active_node()) != NULL((void *)0)) {
4
Assuming the condition is true
5
Loop condition is true. Entering loop body
99 if ((current_addr = get_line_node_addr(lp)) < 0)
6
Assuming the condition is false
7
Taking false branch
100 return ERR(-2);
101 if (interact
7.1
'interact' is not equal to 0
) {
8
Taking true branch
102 /* print current_addr; get a command in global syntax */
103 if (display_lines(current_addr, current_addr, gflag) < 0)
9
Assuming the condition is false
10
Taking false branch
104 return ERR(-2);
105 while ((n = get_tty_line()) > 0 &&
11
Assuming the condition is true
12
Loop condition is false. Execution continues on line 108
106 ibuf[n - 1] != '\n')
107 clearerr(stdin)(!__isthreaded ? ((void)(((&__sF[0]))->_flags &= ~
(0x0040|0x0020))) : (clearerr)((&__sF[0])));
108 if (n
12.1
'n' is >= 0
 < 0)
13
Taking false branch
109 return ERR(-2);
110 else if (n
13.1
'n' is not equal to 0
 == 0) {
14
Taking false branch
111 seterrmsg("unexpected end-of-file");
112 return ERR(-2);
113 } else if (n == 1 && !strcmp(ibuf, "\n"))
15
Assuming 'n' is not equal to 1
114 continue;
115 else if (n == 2 && !strcmp(ibuf, "&\n")) {
16
Assuming 'n' is not equal to 2
116 if (cmd == NULL((void *)0)) {
117 seterrmsg("no previous command");
118 return ERR(-2);
119 } else cmd = ocmd;
120 } else if ((cmd = get_extended_line(&n, 0)) == NULL((void *)0))
17
Assuming the condition is false
18
Taking false branch
121 return ERR(-2);
122 else {
123 REALLOC(ocmd, ocmdsz, n + 1, ERR)if ((n + 1) > (ocmdsz)) { int ti = (ocmdsz); char *ts; mutex
++; if ((ts = realloc((ocmd), ti += (((n + 1)) > (512) ? (
(n + 1)) : (512)))) == ((void *)0)) { perror(((void *)0)); seterrmsg
("out of memory"); do { if (--mutex == 0) { if (sighup) handle_hup
(1); if (sigint) handle_int(2); } } while (0); return (-2); }
(ocmdsz) = ti; (ocmd) = ts; do { if (--mutex == 0) { if (sighup
) handle_hup(1); if (sigint) handle_int(2); } } while (0); };
19
Assuming the condition is false
20
Taking false branch
124 memcpy(ocmd, cmd, n + 1);
21
Null pointer passed as 1st argument to memory copy function
125 cmd = ocmd;
126 }
127
128 }
129 ibufp = cmd;
130 for (; *ibufp;)
131 if ((status = extract_addr_range()) < 0 ||
132 (status = exec_command()) < 0 ||
133 (status > 0 && (status = display_lines(
134 current_addr, current_addr, status)) < 0))
135 return status;
136 }
137 return 0;
138}
139
140
141static line_t **active_list; /* list of lines active in a global command */
142static int active_last; /* index of last active line in active_list */
143static int active_size; /* size of active_list */
144static int active_ptr; /* active_list index (non-decreasing) */
145static int active_ndx; /* active_list index (modulo active_last) */
146
147/* set_active_node: add a line node to the global-active list */
148static int
149set_active_node(line_t *lp)
150{
151 if (active_last + 1 > active_size) {
152 int ti = active_size;
153 line_t **ts;
154 SPL1()mutex++;
155 if ((ts = reallocarray(active_list,
156 (ti += MINBUFSZ512), sizeof(line_t **))) == NULL((void *)0)) {
157 perror(NULL((void *)0));
158 seterrmsg("out of memory");
159 SPL0()do { if (--mutex == 0) { if (sighup) handle_hup(1); if (sigint
) handle_int(2); } } while (0);
160 return ERR(-2);
161 }
162 active_size = ti;
163 active_list = ts;
164 SPL0()do { if (--mutex == 0) { if (sighup) handle_hup(1); if (sigint
) handle_int(2); } } while (0);
165 }
166 active_list[active_last++] = lp;
167 return 0;
168}
169
170
171/* unset_active_nodes: remove a range of lines from the global-active list */
172void
173unset_active_nodes(line_t *np, line_t *mp)
174{
175 line_t *lp;
176 int i;
177
178 for (lp = np; lp != mp; lp = lp->q_forw)
179 for (i = 0; i < active_last; i++)
180 if (active_list[active_ndx] == lp) {
181 active_list[active_ndx] = NULL((void *)0);
182 active_ndx = INC_MOD(active_ndx, active_last - 1)((active_ndx) + 1 > (active_last - 1) ? 0 : (active_ndx) +
1);
183 break;
184 } else active_ndx = INC_MOD(active_ndx, active_last - 1)((active_ndx) + 1 > (active_last - 1) ? 0 : (active_ndx) +
1);
185}
186
187
188/* next_active_node: return the next global-active line node */
189static line_t *
190next_active_node(void)
191{
192 while (active_ptr < active_last && active_list[active_ptr] == NULL((void *)0))
193 active_ptr++;
194 return (active_ptr < active_last) ? active_list[active_ptr++] : NULL((void *)0);
195}
196
197
198/* clear_active_list: clear the global-active list */
199void
200clear_active_list(void)
201{
202 SPL1()mutex++;
203 active_size = active_last = active_ptr = active_ndx = 0;
204 free(active_list);
205 active_list = NULL((void *)0);
206 SPL0()do { if (--mutex == 0) { if (sighup) handle_hup(1); if (sigint
) handle_int(2); } } while (0);
207}