/usr/src/usr.bin/less/less/../tags.c

Bug Summary

File:	src/usr.bin/less/less/../tags.c
Warning:	line 78, column 3 Use of memory after it is freed

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name tags.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/less/less/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.bin/less/less/.. -D SYSDIR="/etc" -D HELPDIR="/usr/share/misc" -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/less/less/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/less/less/../tags.c

1/*
* Copyright (C) 1984-2012  Mark Nudelman
* Modified for use with illumos by Garrett D'Amore.
* Copyright 2014 Garrett D'Amore <garrett@damore.org>
*
* You may distribute under the terms of either the GNU General Public
* License or the Less License, as specified in the README file.
*
* For more information, see the README file.
*/

12#include "less.h"

14#define	WHITESP(c)((c) == ' ' || (c) == '\t')	((c) == ' ' || (c) == '\t')

16char *tags = "tags";

18static int total;
19static int curseq;

21extern int linenums;

23enum tag_result {
TAG_FOUND,
TAG_NOFILE,
TAG_NOTAG,
TAG_NOTYPE,
TAG_INTR
29};

31static enum tag_result findctag(char *);
32static char *nextctag(void);
33static char *prevctag(void);
34static off_t ctagsearch(void);

36/*
* The list of tags generated by the last findctag() call.
*/
39struct taglist {
struct tag *tl_first;
struct tag *tl_last;
42};
43#define	TAG_END((struct tag *)&taglist)  ((struct tag *)&taglist)
44static struct taglist taglist = { TAG_END((struct tag *)&taglist), TAG_END((struct tag *)&taglist) };
45struct tag {
struct tag *next, *prev; /* List links */
char *tag_file;		/* Source file containing the tag */
off_t tag_linenum;	/* Appropriate line number in source file */
char *tag_pattern;	/* Pattern used to find the tag */
int tag_endline;	/* True if the pattern includes '$' */
51};
52static struct tag *curtag;

54#define	TAG_INS(tp)(tp)->next = ((struct tag *)&taglist); (tp)->prev =
 taglist.tl_last; taglist.tl_last->next = (tp); taglist.tl_last
 = (tp); \
(tp)->next = TAG_END((struct tag *)&taglist); \
(tp)->prev = taglist.tl_last; \
taglist.tl_last->next = (tp); \
taglist.tl_last = (tp);

60#define	TAG_RM(tp)(tp)->next->prev = (tp)->prev; (tp)->prev->next
 = (tp)->next; \
(tp)->next->prev = (tp)->prev; \
(tp)->prev->next = (tp)->next;

64/*
* Delete tag structures.
*/
67void
68cleantags(void)
69{
struct tag *tp;

/*
* Delete any existing tag list.
* {{ Ideally, we wouldn't do this until after we know that we
*    can load some other tag information. }}
*/
while ((tp = taglist.tl_first) != TAG_END((struct tag *)&taglist)) {
5
←
Loop condition is true.  Entering loop body→
7
←
Loop condition is true.  Entering loop body→
TAG_RM(tp)(tp)->next->prev = (tp)->prev; (tp)->prev->next
 = (tp)->next;;
8
←
Use of memory after it is freed
free(tp->tag_file);
free(tp->tag_pattern);
free(tp);
6
←
Memory is released→
}
curtag = NULL((void *)0);
total = curseq = 0;
85}

87/*
* Create a new tag entry.
*/
90static struct tag *
91maketagent(char *file, off_t linenum, char *pattern, int endline)
92{
struct tag *tp;

tp = ecalloc(sizeof (struct tag), 1);
tp->tag_file = estrdup(file);
tp->tag_linenum = linenum;
tp->tag_endline = endline;
if (pattern == NULL((void *)0))
tp->tag_pattern = NULL((void *)0);
else
tp->tag_pattern = estrdup(pattern);
return (tp);
104}

106/*
* Find tags in tag file.
*/
109void
110findtag(char *tag)
111{
enum tag_result result;

result = findctag(tag);
1
Calling 'findctag'→
switch (result) {
case TAG_FOUND:
case TAG_INTR:
break;
case TAG_NOFILE:
error("No tags file", NULL((void *)0));
break;
case TAG_NOTAG:
error("No such tag in tags file", NULL((void *)0));
break;
case TAG_NOTYPE:
error("unknown tag type", NULL((void *)0));
break;
}
129}

131/*
* Search for a tag.
*/
134off_t
135tagsearch(void)
136{
if (curtag == NULL((void *)0))
return (-1);	/* No tags loaded! */
if (curtag->tag_linenum != 0)
return (find_pos(curtag->tag_linenum));
return (ctagsearch());
142}

144/*
* Go to the next tag.
*/
147char *
148nexttag(int n)
149{
char *tagfile = NULL((void *)0);

while (n-- > 0)
tagfile = nextctag();
return (tagfile);
155}

157/*
* Go to the previous tag.
*/
160char *
161prevtag(int n)
162{
char *tagfile = NULL((void *)0);

while (n-- > 0)
tagfile = prevctag();
return (tagfile);
168}

170/*
* Return the total number of tags.
*/
173int
174ntags(void)
175{
return (total);
177}

179/*
* Return the sequence number of current tag.
*/
182int
183curr_tag(void)
184{
return (curseq);
186}

188/*
* Find tags in the "tags" file.
* Sets curtag to the first tag entry.
*/
192static enum tag_result
193findctag(char *tag)
194{
char *p;
FILE *f;
int taglen;
off_t taglinenum;
char *tagfile;
char *tagpattern;
int tagendline;
int search_char;
int err;
char tline[TAGLINE_SIZE1024];
struct tag *tp;

p = shell_unquote(tags);
f = fopen(p, "r");
free(p);
if (f == NULL((void *)0))
2
←
Assuming 'f' is not equal to NULL→
3
←
Taking false branch→
return (TAG_NOFILE);

cleantags();
4
←
Calling 'cleantags'→
total = 0;
taglen = strlen(tag);

/*
* Search the tags file for the desired tag.
*/
while (fgets(tline, sizeof (tline), f) != NULL((void *)0)) {
if (tline[0] == '!')
	/* Skip header of extended format. */
	continue;
if (strncmp(tag, tline, taglen) != 0 || !WHITESP(tline[taglen])((tline[taglen]) == ' ' || (tline[taglen]) == '\t'))
	continue;

/*
 * Found it.
 * The line contains the tag, the filename and the
 * location in the file, separated by white space.
 * The location is either a decimal line number,
 * or a search pattern surrounded by a pair of delimiters.
 * Parse the line and extract these parts.
 */
tagpattern = NULL((void *)0);

/*
 * Skip over the whitespace after the tag name.
 */
p = skipsp(tline+taglen);
if (*p == '\0')
	/* File name is missing! */
	continue;

/*
 * Save the file name.
 * Skip over the whitespace after the file name.
 */
tagfile = p;
while (!WHITESP(*p)((*p) == ' ' || (*p) == '\t') && *p != '\0')
	p++;
*p++ = '\0';
p = skipsp(p);
if (*p == '\0')
	/* Pattern is missing! */
	continue;

/*
 * First see if it is a line number.
 */
tagendline = 0;
taglinenum = getnum(&p, 0, &err);
if (err) {
	/*
	 * No, it must be a pattern.
	 * Delete the initial "^" (if present) and
	 * the final "$" from the pattern.
	 * Delete any backslash in the pattern.
	 */
	taglinenum = 0;
	search_char = *p++;
	if (*p == '^')
		p++;
	tagpattern = p;
	while (*p != search_char && *p != '\0') {
		if (*p == '\\')
			p++;
		p++;
	}
	tagendline = (p[-1] == '$');
	if (tagendline)
		p--;
	*p = '\0';
}
tp = maketagent(tagfile, taglinenum, tagpattern, tagendline);
TAG_INS(tp)(tp)->next = ((struct tag *)&taglist); (tp)->prev =
 taglist.tl_last; taglist.tl_last->next = (tp); taglist.tl_last
 = (tp);;
total++;
}
fclose(f);
if (total == 0)
return (TAG_NOTAG);
curtag = taglist.tl_first;
curseq = 1;
return (TAG_FOUND);
295}

297/*
* Edit current tagged file.
*/
300int
301edit_tagfile(void)
302{
if (curtag == NULL((void *)0))
return (1);
return (edit(curtag->tag_file));
306}

308/*
* Search for a tag.
* This is a stripped-down version of search().
* We don't use search() for several reasons:
*   -	We don't want to blow away any search string we may have saved.
*   -	The various regular-expression functions (from different systems:
*	regcmp vs. re_comp) behave differently in the presence of
*	parentheses (which are almost always found in a tag).
*/
317static off_t
318ctagsearch(void)
319{
off_t pos, linepos;
off_t linenum;
int len;
char *line;

pos = ch_zero()(0);
linenum = find_linenum(pos);

for (;;) {
/*
 * Get lines until we find a matching one or
 * until we hit end-of-file.
 */
if (abort_sigs())
	return (-1);

/*
 * Read the next line, and save the
 * starting position of that line in linepos.
 */
linepos = pos;
pos = forw_raw_line(pos, &line, (int *)NULL((void *)0));
if (linenum != 0)
	linenum++;

if (pos == -1) {
	/*
	 * We hit EOF without a match.
	 */
	error("Tag not found", NULL((void *)0));
	return (-1);
}

/*
 * If we're using line numbers, we might as well
 * remember the information we have now (the position
 * and line number of the current line).
 */
if (linenums)
	add_lnum(linenum, pos);

/*
 * Test the line to see if we have a match.
 * Use strncmp because the pattern may be
 * truncated (in the tags file) if it is too long.
 * If tagendline is set, make sure we match all
 * the way to end of line (no extra chars after the match).
 */
len = strlen(curtag->tag_pattern);
if (strncmp(curtag->tag_pattern, line, len) == 0 &&
    (!curtag->tag_endline || line[len] == '\0' ||
    line[len] == '\r')) {
	curtag->tag_linenum = find_linenum(linepos);
	break;
}
}

return (linepos);
378}

380static int circular = 0;	/* 1: circular tag structure */

382/*
* Return the filename required for the next tag in the queue that was setup
* by findctag().  The next call to ctagsearch() will try to position at the
* appropriate tag.
*/
387static char *
388nextctag(void)
389{
struct tag *tp;

if (curtag == NULL((void *)0))
/* No tag loaded */
return (NULL((void *)0));

tp = curtag->next;
if (tp == TAG_END((struct tag *)&taglist)) {
if (!circular)
	return (NULL((void *)0));
/* Wrapped around to the head of the queue */
curtag = taglist.tl_first;
curseq = 1;
} else {
curtag = tp;
curseq++;
}
return (curtag->tag_file);
408}

410/*
* Return the filename required for the previous ctag in the queue that was
* setup by findctag().  The next call to ctagsearch() will try to position
* at the appropriate tag.
*/
415static char *
416prevctag(void)
417{
struct tag *tp;

if (curtag == NULL((void *)0))
/* No tag loaded */
return (NULL((void *)0));

tp = curtag->prev;
if (tp == TAG_END((struct tag *)&taglist)) {
if (!circular)
	return (NULL((void *)0));
/* Wrapped around to the tail of the queue */
curtag = taglist.tl_last;
curseq = total;
} else {
curtag = tp;
curseq--;
}
return (curtag->tag_file);
436}