clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name svc_run.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libc/obj -resource-dir /usr/local/lib/clang/13.0.0 -include namespace.h -I /usr/src/lib/libc/include -I /usr/src/lib/libc/hidden -D __LIBC__ -D APIWARN -D YP -I /usr/src/lib/libc/yp -I /usr/src/lib/libc -I /usr/src/lib/libc/gdtoa -I /usr/src/lib/libc/arch/amd64/gdtoa -D INFNAN_CHECK -D MULTIPLE_THREADS -D NO_FENV_H -D USE_LOCALE -I /usr/src/lib/libc -I /usr/src/lib/libc/citrus -D RESOLVSORT -D FLOATING_POINT -D PRINTF_WIDE_CHAR -D SCANF_WIDE_CHAR -D FUTEX -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libc/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/lib/libc/rpc/svc_run.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | |
34 | |
35 | |
36 | |
37 | |
38 | #include <rpc/rpc.h> |
39 | #include <errno.h> |
40 | #include <unistd.h> |
41 | #include <stdio.h> |
42 | #include <stdlib.h> |
43 | #include <string.h> |
44 | |
45 | void |
46 | svc_run(void) |
47 | { |
48 | struct pollfd *pfd = NULL, *newp; |
| 1 | 'pfd' initialized to a null pointer value | |
|
49 | int nready, saved_max_pollfd = 0; |
50 | |
51 | for (;;) { |
| 2 | | Loop condition is true. Entering loop body | |
|
52 | if (svc_max_pollfd > saved_max_pollfd) { |
| 3 | | Assuming 'svc_max_pollfd' is <= 'saved_max_pollfd' | |
|
| |
53 | newp = reallocarray(pfd, svc_max_pollfd, sizeof(*pfd)); |
54 | if (newp == NULL) { |
55 | free(pfd); |
56 | return; |
57 | } |
58 | saved_max_pollfd = svc_max_pollfd; |
59 | pfd = newp; |
60 | } |
61 | memcpy(pfd, svc_pollfd, sizeof(*pfd) * svc_max_pollfd); |
| 5 | | Null pointer passed as 1st argument to memory copy function |
|
62 | |
63 | nready = poll(pfd, svc_max_pollfd, INFTIM); |
64 | switch (nready) { |
65 | case -1: |
66 | if (errno == EINTR) |
67 | continue; |
68 | free(pfd); |
69 | return; |
70 | case 0: |
71 | |
72 | continue; |
73 | default: |
74 | svc_getreq_poll(pfd, nready); |
75 | } |
76 | } |
77 | } |