Bug Summary

File:src/bin/csh/exp.c
Warning:line 310, column 10
Division by zero

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name exp.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/bin/csh/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/bin/csh -I . -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/bin/csh/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/bin/csh/exp.c
1/* $OpenBSD: exp.c,v 1.18 2018/09/18 06:56:09 deraadt Exp $ */
2/* $NetBSD: exp.c,v 1.6 1995/03/21 09:02:51 cgd Exp $ */
3
4/*-
5 * Copyright (c) 1980, 1991, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33#include <sys/types.h>
34#include <sys/stat.h>
35#include <limits.h>
36#include <stdlib.h>
37#include <unistd.h>
38#include <stdarg.h>
39
40#include "csh.h"
41#include "extern.h"
42
43#define IGNORE1 1 /* in ignore, it means to ignore value, just parse */
44#define NOGLOB2 2 /* in ignore, it means not to globone */
45
46#define ADDOP1 1
47#define MULOP2 2
48#define EQOP4 4
49#define RELOP8 8
50#define RESTOP16 16
51#define ANYOP31 31
52
53#define EQEQ1 1
54#define GTR2 2
55#define LSS4 4
56#define NOTEQ6 6
57#define EQMATCH7 7
58#define NOTEQMATCH8 8
59
60static int exp1(Char ***, bool);
61static int exp2_(Char ***, bool);
62static int exp2a(Char ***, bool);
63static int exp2b(Char ***, bool);
64static int exp2c(Char ***, bool);
65static Char * exp3(Char ***, bool);
66static Char * exp3a(Char ***, bool);
67static Char * exp4(Char ***, bool);
68static Char * exp5(Char ***, bool);
69static Char * exp6(Char ***, bool);
70static void evalav(Char **);
71static int isa(Char *, int);
72static int egetn(Char *);
73
74int
75expr(Char ***vp)
76{
77 return (exp0(vp, 0));
78}
79
80int
81exp0(Char ***vp, bool ignore)
82{
83 int p1 = exp1(vp, ignore);
84
85 if (**vp && eq(**vp, STRor2)(Strcmp(**vp, STRor2) == 0)) {
86 int p2;
87
88 (*vp)++;
89 p2 = exp0(vp, (ignore & IGNORE1) || p1);
90 return (p1 || p2);
91 }
92 return (p1);
93}
94
95static int
96exp1(Char ***vp, bool ignore)
97{
98 int p1 = exp2_(vp, ignore);
99
100 if (**vp && eq(**vp, STRand2)(Strcmp(**vp, STRand2) == 0)) {
101 int p2;
102
103 (*vp)++;
104 p2 = exp1(vp, (ignore & IGNORE1) || !p1);
105 return (p1 && p2);
106 }
107 return (p1);
108}
109
110static int
111exp2_(Char ***vp, bool ignore)
112{
113 int p1 = exp2a(vp, ignore);
114
115 if (**vp && eq(**vp, STRor)(Strcmp(**vp, STRor) == 0)) {
116 int p2;
117
118 (*vp)++;
119 p2 = exp2_(vp, ignore);
120 return (p1 | p2);
121 }
122 return (p1);
123}
124
125static int
126exp2a(Char ***vp, bool ignore)
127{
128 int p1 = exp2b(vp, ignore);
129
130 if (**vp && eq(**vp, STRcaret)(Strcmp(**vp, STRcaret) == 0)) {
131 int p2;
132
133 (*vp)++;
134 p2 = exp2a(vp, ignore);
135 return (p1 ^ p2);
136 }
137 return (p1);
138}
139
140static int
141exp2b(Char ***vp, bool ignore)
142{
143 int p1 = exp2c(vp, ignore);
144
145 if (**vp && eq(**vp, STRand)(Strcmp(**vp, STRand) == 0)) {
146 int p2;
147
148 (*vp)++;
149 p2 = exp2b(vp, ignore);
150 return (p1 & p2);
151 }
152 return (p1);
153}
154
155static int
156exp2c(Char ***vp, bool ignore)
157{
158 Char *p1 = exp3(vp, ignore);
1
Calling 'exp3'
159 Char *p2;
160 int i;
161
162 if ((i = isa(**vp, EQOP4)) != 0) {
163 (*vp)++;
164 if (i == EQMATCH7 || i == NOTEQMATCH8)
165 ignore |= NOGLOB2;
166 p2 = exp3(vp, ignore);
167 if (!(ignore & IGNORE1))
168 switch (i) {
169
170 case EQEQ1:
171 i = eq(p1, p2)(Strcmp(p1, p2) == 0);
172 break;
173
174 case NOTEQ6:
175 i = !eq(p1, p2)(Strcmp(p1, p2) == 0);
176 break;
177
178 case EQMATCH7:
179 i = Gmatch(p1, p2);
180 break;
181
182 case NOTEQMATCH8:
183 i = !Gmatch(p1, p2);
184 break;
185 }
186 free(p1);
187 free(p2);
188 return (i);
189 }
190 i = egetn(p1);
191 free(p1);
192 return (i);
193}
194
195static Char *
196exp3(Char ***vp, bool ignore)
197{
198 Char *p1, *p2;
199 int i;
200
201 p1 = exp3a(vp, ignore);
2
Calling 'exp3a'
202 if ((i = isa(**vp, RELOP8)) != 0) {
203 (*vp)++;
204 if (**vp && eq(**vp, STRequal)(Strcmp(**vp, STRequal) == 0))
205 i |= 1, (*vp)++;
206 p2 = exp3(vp, ignore);
207 if (!(ignore & IGNORE1))
208 switch (i) {
209
210 case GTR2:
211 i = egetn(p1) > egetn(p2);
212 break;
213
214 case GTR2 | 1:
215 i = egetn(p1) >= egetn(p2);
216 break;
217
218 case LSS4:
219 i = egetn(p1) < egetn(p2);
220 break;
221
222 case LSS4 | 1:
223 i = egetn(p1) <= egetn(p2);
224 break;
225 }
226 free(p1);
227 free(p2);
228 return (putn(i));
229 }
230 return (p1);
231}
232
233static Char *
234exp3a(Char ***vp, bool ignore)
235{
236 Char *p1, *p2, *op;
237 int i;
238
239 p1 = exp4(vp, ignore);
3
Calling 'exp4'
240 op = **vp;
241 if (op && any("<>", op[0]) && op[0] == op[1]) {
242 (*vp)++;
243 p2 = exp3a(vp, ignore);
244 if (op[0] == '<')
245 i = egetn(p1) << egetn(p2);
246 else
247 i = egetn(p1) >> egetn(p2);
248 free(p1);
249 free(p2);
250 return (putn(i));
251 }
252 return (p1);
253}
254
255static Char *
256exp4(Char ***vp, bool ignore)
257{
258 Char *p1, *p2;
259 int i = 0;
260
261 p1 = exp5(vp, ignore);
4
Calling 'exp5'
262 if (isa(**vp, ADDOP1)) {
263 Char *op = *(*vp)++;
264
265 p2 = exp4(vp, ignore);
266 if (!(ignore & IGNORE1))
267 switch (op[0]) {
268
269 case '+':
270 i = egetn(p1) + egetn(p2);
271 break;
272
273 case '-':
274 i = egetn(p1) - egetn(p2);
275 break;
276 }
277 free(p1);
278 free(p2);
279 return (putn(i));
280 }
281 return (p1);
282}
283
284static Char *
285exp5(Char ***vp, bool ignore)
286{
287 Char *p1, *p2;
288 int i = 0, l;
289
290 p1 = exp6(vp, ignore);
291 if (isa(**vp, MULOP2)) {
5
Assuming the condition is true
6
Taking true branch
292 Char *op = *(*vp)++;
293
294 p2 = exp5(vp, ignore);
295 if (!(ignore & IGNORE1))
7
Assuming the condition is true
8
Taking true branch
296 switch (op[0]) {
9
Control jumps to 'case 47:' at line 302
297
298 case '*':
299 i = egetn(p1) * egetn(p2);
300 break;
301
302 case '/':
303 i = egetn(p2);
10
Value assigned to 'i'
304 if (i == 0)
11
Assuming 'i' is equal to 0
12
Taking true branch
305 stderror(ERR_DIV072);
306 l = egetn(p1);
307 if (l == INT_MIN(-2147483647 -1) && i == -1)
13
Assuming the condition is false
308 i = INT_MIN(-2147483647 -1);
309 else
310 i = l / i;
14
Division by zero
311 break;
312
313 case '%':
314 i = egetn(p2);
315 if (i == 0)
316 stderror(ERR_MOD073);
317 l = egetn(p1);
318 if (l == INT_MIN(-2147483647 -1) && i == -1)
319 i = 0;
320 else
321 i = l % i;
322 break;
323 }
324 free(p1);
325 free(p2);
326 return (putn(i));
327 }
328 return (p1);
329}
330
331static Char *
332exp6(Char ***vp, bool ignore)
333{
334 int ccode, i = 0;
335 Char *cp, *dp, *ep;
336
337 if (**vp == 0)
338 stderror(ERR_NAME0x10000000 | ERR_EXPRESSION34);
339 if (eq(**vp, STRbang)(Strcmp(**vp, STRbang) == 0)) {
340 (*vp)++;
341 cp = exp6(vp, ignore);
342 i = egetn(cp);
343 free(cp);
344 return (putn(!i));
345 }
346 if (eq(**vp, STRtilde)(Strcmp(**vp, STRtilde) == 0)) {
347 (*vp)++;
348 cp = exp6(vp, ignore);
349 i = egetn(cp);
350 free(cp);
351 return (putn(~i));
352 }
353 if (eq(**vp, STRLparen)(Strcmp(**vp, STRLparen) == 0)) {
354 (*vp)++;
355 ccode = exp0(vp, ignore);
356 if (*vp == 0 || **vp == 0 || ***vp != ')')
357 stderror(ERR_NAME0x10000000 | ERR_EXPRESSION34);
358 (*vp)++;
359 return (putn(ccode));
360 }
361 if (eq(**vp, STRLbrace)(Strcmp(**vp, STRLbrace) == 0)) {
362 Char **v;
363 struct command faket;
364 Char *fakecom[2];
365
366 faket.t_dtyp = NODE_COMMAND1;
367 faket.t_dflg = 0;
368 faket.t_dcarL.T_dcar = faket.t_dcdrR.T_dcdr = faket.t_dspr = NULL((void *)0);
369 faket.t_dcom = fakecom;
370 fakecom[0] = STRfakecom;
371 fakecom[1] = NULL((void *)0);
372 (*vp)++;
373 v = *vp;
374 for (;;) {
375 if (!**vp)
376 stderror(ERR_NAME0x10000000 | ERR_MISSING51, '}');
377 if (eq(*(*vp)++, STRRbrace)(Strcmp(*(*vp)++, STRRbrace) == 0))
378 break;
379 }
380 if (ignore & IGNORE1)
381 return (Strsave(STRNULL));
382 psavejob();
383 if (pfork(&faket, -1) == 0) {
384 *--(*vp) = 0;
385 evalav(v);
386 exitstat();
387 }
388 pwait();
389 prestjob();
390 return (putn(egetn(value(STRstatus)value1(STRstatus, &shvhed)) == 0));
391 }
392 if (isa(**vp, ANYOP31))
393 return (Strsave(STRNULL));
394 cp = *(*vp)++;
395 if (*cp == '-' && any("erwxfdzopls", cp[1])) {
396 struct stat stb;
397
398 if (cp[2] != '\0')
399 stderror(ERR_NAME0x10000000 | ERR_FILEINQ108);
400 /*
401 * Detect missing file names by checking for operator in the file name
402 * position. However, if an operator name appears there, we must make
403 * sure that there's no file by that name (e.g., "/") before announcing
404 * an error. Even this check isn't quite right, since it doesn't take
405 * globbing into account.
406 */
407 if (isa(**vp, ANYOP31) && stat(short2str(**vp), &stb))
408 stderror(ERR_NAME0x10000000 | ERR_FILENAME12);
409
410 dp = *(*vp)++;
411 if (ignore & IGNORE1)
412 return (Strsave(STRNULL));
413 ep = globone(dp, G_ERROR0);
414 switch (cp[1]) {
415
416 case 'r':
417 i = !access(short2str(ep), R_OK0x04);
418 break;
419
420 case 'w':
421 i = !access(short2str(ep), W_OK0x02);
422 break;
423
424 case 'x':
425 i = !access(short2str(ep), X_OK0x01);
426 break;
427
428 default:
429 if (cp[1] == 'l' ? lstat(short2str(ep), &stb) :
430 stat(short2str(ep), &stb)) {
431 free(ep);
432 return (Strsave(STR0));
433 }
434 switch (cp[1]) {
435
436 case 'f':
437 i = S_ISREG(stb.st_mode)((stb.st_mode & 0170000) == 0100000);
438 break;
439
440 case 'd':
441 i = S_ISDIR(stb.st_mode)((stb.st_mode & 0170000) == 0040000);
442 break;
443
444 case 'p':
445 i = S_ISFIFO(stb.st_mode)((stb.st_mode & 0170000) == 0010000);
446 break;
447
448 case 'l':
449 i = S_ISLNK(stb.st_mode)((stb.st_mode & 0170000) == 0120000);
450 break;
451
452 case 's':
453 i = S_ISSOCK(stb.st_mode)((stb.st_mode & 0170000) == 0140000);
454 break;
455
456 case 'z':
457 i = stb.st_size == 0;
458 break;
459
460 case 'e':
461 i = 1;
462 break;
463
464 case 'o':
465 i = stb.st_uid == uid;
466 break;
467 }
468 }
469 free(ep);
470 return (putn(i));
471 }
472 return (ignore & NOGLOB2 ? Strsave(cp) : globone(cp, G_ERROR0));
473}
474
475static void
476evalav(Char **v)
477{
478 struct wordent paraml1;
479 struct wordent *hp = &paraml1;
480 struct command *t;
481 struct wordent *wdp = hp;
482
483 set(STRstatus, Strsave(STR0));
484 hp->prev = hp->next = hp;
485 hp->word = STRNULL;
486 while (*v) {
487 struct wordent *new = xcalloc(1, sizeof *wdp);
488
489 new->prev = wdp;
490 new->next = hp;
491 wdp->next = new;
492 wdp = new;
493 wdp->word = Strsave(*v++);
494 }
495 hp->prev = wdp;
496 alias(&paraml1);
497 t = syntax(paraml1.next, &paraml1, 0);
498 if (seterr)
499 stderror(ERR_OLD0x40000000);
500 execute(t, -1, NULL((void *)0), NULL((void *)0));
501 freelex(&paraml1), freesyn(t);
502}
503
504static int
505isa(Char *cp, int what)
506{
507 if (cp == 0)
508 return ((what & RESTOP16) != 0);
509 if (cp[1] == 0) {
510 if (what & ADDOP1 && (*cp == '+' || *cp == '-'))
511 return (1);
512 if (what & MULOP2 && (*cp == '*' || *cp == '/' || *cp == '%'))
513 return (1);
514 if (what & RESTOP16 && (*cp == '(' || *cp == ')' || *cp == '!' ||
515 *cp == '~' || *cp == '^' || *cp == '"'))
516 return (1);
517 }
518 else if (cp[2] == 0) {
519 if (what & RESTOP16) {
520 if (cp[0] == '|' && cp[1] == '&')
521 return (1);
522 if (cp[0] == '<' && cp[1] == '<')
523 return (1);
524 if (cp[0] == '>' && cp[1] == '>')
525 return (1);
526 }
527 if (what & EQOP4) {
528 if (cp[0] == '=') {
529 if (cp[1] == '=')
530 return (EQEQ1);
531 if (cp[1] == '~')
532 return (EQMATCH7);
533 }
534 else if (cp[0] == '!') {
535 if (cp[1] == '=')
536 return (NOTEQ6);
537 if (cp[1] == '~')
538 return (NOTEQMATCH8);
539 }
540 }
541 }
542 if (what & RELOP8) {
543 if (*cp == '<')
544 return (LSS4);
545 if (*cp == '>')
546 return (GTR2);
547 }
548 return (0);
549}
550
551static int
552egetn(Char *cp)
553{
554 if (*cp && *cp != '-' && !Isdigit(*cp)(((*cp) & 0100000U) ? 0 : isdigit((unsigned char) (*cp))))
555 stderror(ERR_NAME0x10000000 | ERR_EXPRESSION34);
556 return (getn(cp));
557}
558
559/* Phew! */