/usr/src/games/worms/worms.c

Bug Summary

File:	src/games/worms/worms.c
Warning:	line 252, column 9 Dereference of null pointer

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name worms.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/games/worms/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/games/worms/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/games/worms/worms.c

1/*	$OpenBSD: worms.c,v 1.30 2021/10/23 11:22:49 mestre Exp $	*/

3/*
* Copyright (c) 1980, 1993
*	The Regents of the University of California.  All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
*    may be used to endorse or promote products derived from this software
*    without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

32/*
*
*	 @@@	    @@@	   @@@@@@@@@@	  @@@@@@@@@@@	 @@@@@@@@@@@@
*	 @@@	    @@@	  @@@@@@@@@@@@	  @@@@@@@@@@@@	 @@@@@@@@@@@@@
*	 @@@	    @@@	 @@@@	   @@@@	  @@@@		 @@@@ @@@  @@@@
*	 @@@   @@   @@@	 @@@	    @@@	  @@@		 @@@  @@@   @@@
*	 @@@  @@@@  @@@	 @@@	    @@@	  @@@		 @@@  @@@   @@@
*	 @@@@ @@@@ @@@@	 @@@	    @@@	  @@@		 @@@  @@@   @@@
*	  @@@@@@@@@@@@	 @@@@	   @@@@	  @@@		 @@@  @@@   @@@
*	   @@@@	 @@@@	  @@@@@@@@@@@@	  @@@		 @@@  @@@   @@@
*	    @@	  @@	   @@@@@@@@@@	  @@@		 @@@  @@@   @@@
*
*				 Eric P. Scott
*			  Caltech High Energy Physics
*				 October, 1980
*
*/
49#include <curses.h>
50#include <err.h>
51#include <signal.h>
52#include <stdlib.h>
53#include <termios.h>
54#include <unistd.h>

56static const struct options {
int nopts;
int opts[3];
59}
normal[8] = {
{ 3, { 7, 0, 1 } },
{ 3, { 0, 1, 2 } },
{ 3, { 1, 2, 3 } },
{ 3, { 2, 3, 4 } },
{ 3, { 3, 4, 5 } },
{ 3, { 4, 5, 6 } },
{ 3, { 5, 6, 7 } },
{ 3, { 6, 7, 0 } }
69},	upper[8] = {
{ 1, { 1, 0, 0 } },
{ 2, { 1, 2, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 2, { 4, 5, 0 } },
{ 1, { 5, 0, 0 } },
{ 2, { 1, 5, 0 } }
78},
left[8] = {
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 2, { 2, 3, 0 } },
{ 1, { 3, 0, 0 } },
{ 2, { 3, 7, 0 } },
{ 1, { 7, 0, 0 } },
{ 2, { 7, 0, 0 } }
88},
right[8] = {
{ 1, { 7, 0, 0 } },
{ 2, { 3, 7, 0 } },
{ 1, { 3, 0, 0 } },
{ 2, { 3, 4, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 2, { 6, 7, 0 } }
98},
lower[8] = {
{ 0, { 0, 0, 0 } },
{ 2, { 0, 1, 0 } },
{ 1, { 1, 0, 0 } },
{ 2, { 1, 5, 0 } },
{ 1, { 5, 0, 0 } },
{ 2, { 5, 6, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } }
108},
upleft[8] = {
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 1, { 3, 0, 0 } },
{ 2, { 1, 3, 0 } },
{ 1, { 1, 0, 0 } }
118},
upright[8] = {
{ 2, { 3, 5, 0 } },
{ 1, { 3, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 1, { 5, 0, 0 } }
128},
lowleft[8] = {
{ 3, { 7, 0, 1 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 1, { 1, 0, 0 } },
{ 2, { 1, 7, 0 } },
{ 1, { 7, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } }
138},
lowright[8] = {
{ 0, { 0, 0, 0 } },
{ 1, { 7, 0, 0 } },
{ 2, { 5, 7, 0 } },
{ 1, { 5, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } },
{ 0, { 0, 0, 0 } }
148};

150static const char	flavor[] = {
'O', '*', '#', '$', '%', '0', '@', '~'
152};
153static const short	xinc[] = {
1,  1,  1,  0, -1, -1, -1,  0
155}, yinc[] = {
-1,  0,  1,  1,  1,  0, -1, -1
157};
158static struct	worm {
int orientation, head;
short *xpos, *ypos;
161} *worm;

163volatile sig_atomic_t sig_caught = 0;

165void	 nomem(void);
166void	 onsig(int);

168int
169main(int argc, char *argv[])
170{
int x, y, h, n;
struct worm *w;
const struct options *op;
short *ip;
int CO, LI, last, bottom, ch, length, number, trail;
short **ref;
const char *field, *errstr;
struct timespec sleeptime;
struct termios term;
speed_t speed;
time_t delay = 0;

/* set default delay based on terminal baud rate */
if (tcgetattr(STDOUT_FILENO1, &term) == 0 &&
1
Assuming the condition is false→
   (speed = cfgetospeed(&term)) > B96009600)
delay = (speed / B96009600) - 1;

length = 16;
number = 3;
trail = ' ';
field = NULL((void *)0);
while ((ch = getopt(argc, argv, "d:fhl:n:t")) != -1)
2
←
Assuming the condition is false→
3
←
Loop condition is false. Execution continues on line 226→
switch(ch) {
case 'd':
	delay = (time_t)strtonum(optarg, 0, 1000, &errstr);
	if (errstr)
		errx(1, "delay (0-1000) is %s: %s", errstr,
		    optarg);
	break;
case 'f':
	field = "WORM";
	break;
case 'l':
	length = strtonum(optarg, 2, 1024, &errstr);
	if (errstr)
		errx(1, "length (2-1024) is %s: %s", errstr,
		    optarg);
	break;
case 'n':
	number = strtonum(optarg, 1, 100, &errstr);
	if (errstr)
		errx(1, "number of worms (1-100) is %s: %s",
		    errstr, optarg);
	break;
case 't':
	trail = '.';
	break;
case 'h':
default:
	(void)fprintf(stderr(&__sF[2]), "usage: %s [-ft] [-d delay] "
	    "[-l length] [-n number]\n", getprogname());
	return 1;
}

/* Convert delay from ms -> ns */
sleeptime.tv_sec = 0;
sleeptime.tv_nsec = delay * 500000;
timespecadd(&sleeptime, &sleeptime, &sleeptime)do { (&sleeptime)->tv_sec = (&sleeptime)->tv_sec
 + (&sleeptime)->tv_sec; (&sleeptime)->tv_nsec =
 (&sleeptime)->tv_nsec + (&sleeptime)->tv_nsec;
 if ((&sleeptime)->tv_nsec >= 1000000000L) { (&
sleeptime)->tv_sec++; (&sleeptime)->tv_nsec -= 1000000000L
; } } while (0);
4
←
Taking false branch→
5
←
Loop condition is false.  Exiting loop→

if (!(worm = calloc(number, sizeof(struct worm))))
6
←
Assuming 'worm' is non-null→
7
←
Taking false branch→
nomem();
initscr();

if (pledge("stdio tty", NULL((void *)0)) == -1)
8
←
Assuming the condition is false→
9
←
Taking false branch→
err(1, "pledge");

curs_set(0);
CO = COLS;
LI = LINES;
last = CO - 1;
bottom = LI - 1;
if (!(ip = reallocarray(NULL((void *)0), LI, CO * sizeof(short))) ||
10
←
Assuming 'ip' is non-null→
12
←
Taking false branch→
   !(ref = calloc(LI, sizeof(short *)))) {
11
←
Assuming 'ref' is non-null→
endwin();
nomem();
}
for (n = 0; n < LI; ++n) {
13
←
Assuming 'n' is >= 'LI'→
14
←
Loop condition is false. Execution continues on line 251→
ref[n] = ip;
ip += CO;
}
for (ip = ref[0], n = LI * CO; --n >= 0;)
15
←
Assuming the condition is true→
16
←
Loop condition is true.  Entering loop body→
*ip++ = 0;
17
←
Null pointer value stored to 'ip'→
18
←
Dereference of null pointer
for (n = number, w = &worm[0]; --n >= 0; w++) {
w->orientation = w->head = 0;
if (!(ip = calloc(length, sizeof(short)))) {
	endwin();
	nomem();
}
w->xpos = ip;
for (x = length; --x >= 0;)
	*ip++ = -1;
if (!(ip = calloc(length, sizeof(short)))) {
	endwin();
	nomem();
}
w->ypos = ip;
for (y = length; --y >= 0;)
	*ip++ = -1;
}

(void)signal(SIGHUP1, onsig);
(void)signal(SIGINT2, onsig);
(void)signal(SIGQUIT3, onsig);
(void)signal(SIGSTOP17, onsig);
(void)signal(SIGTSTP18, onsig);
(void)signal(SIGTERM15, onsig);

if (field) {
const char *p = field;

for (y = LI; --y >= 0;) {
	for (x = CO; --x >= 0;) {
		addch(*p++)waddch(stdscr,*p++);
		if (!*p)
			p = field;
	}
	refresh()wrefresh(stdscr);
}
}
for (;;) {
refresh()wrefresh(stdscr);
if (sig_caught) {
	endwin();
	return 0;
}
nanosleep(&sleeptime, NULL((void *)0));
for (n = 0, w = &worm[0]; n < number; n++, w++) {
	if ((x = w->xpos[h = w->head]) < 0) {
		mvaddch(y = w->ypos[h] = bottom,(wmove(stdscr,y = w->ypos[h] = bottom,x = w->xpos[h] = 0
) == (-1) ? (-1) : waddch(stdscr,flavor[n % sizeof(flavor)]))
		    x = w->xpos[h] = 0,(wmove(stdscr,y = w->ypos[h] = bottom,x = w->xpos[h] = 0
) == (-1) ? (-1) : waddch(stdscr,flavor[n % sizeof(flavor)]))
		    flavor[n % sizeof(flavor)])(wmove(stdscr,y = w->ypos[h] = bottom,x = w->xpos[h] = 0
) == (-1) ? (-1) : waddch(stdscr,flavor[n % sizeof(flavor)]));
		ref[y][x]++;
	}
	else
		y = w->ypos[h];
	if (++h == length)
		h = 0;
	if (w->xpos[w->head = h] >= 0) {
		int x1, y1;

		x1 = w->xpos[h];
		y1 = w->ypos[h];
		if (--ref[y1][x1] == 0)
			mvaddch(y1, x1, trail)(wmove(stdscr,y1,x1) == (-1) ? (-1) : waddch(stdscr,trail));
	}

	if (x == 0) {
		if (y == 0)
			op = &upleft[w->orientation];
		else if (y == bottom)
			op = &lowleft[w->orientation];
		else
			op = &left[w->orientation];
	} else if (x == last) {
		if (y == 0)
			op = &upright[w->orientation];
		else if (y == bottom)
			op = &lowright[w->orientation];
		else
			op = &right[w->orientation];
	} else {
		if (y == 0)
			op = &upper[w->orientation];
		else if (y == bottom)
			op = &lower[w->orientation];
		else
			op = &normal[w->orientation];
	}

	switch (op->nopts) {
	case 0:
		endwin();
		return(1);
	case 1:
		w->orientation = op->opts[0];
		break;
	default:
		w->orientation =
		    op->opts[arc4random_uniform(op->nopts)];
	}
	mvaddch(y += yinc[w->orientation],(wmove(stdscr,y += yinc[w->orientation],x += xinc[w->orientation
]) == (-1) ? (-1) : waddch(stdscr,flavor[n % sizeof(flavor)])
)
	    x += xinc[w->orientation],(wmove(stdscr,y += yinc[w->orientation],x += xinc[w->orientation
]) == (-1) ? (-1) : waddch(stdscr,flavor[n % sizeof(flavor)])
)
	    flavor[n % sizeof(flavor)])(wmove(stdscr,y += yinc[w->orientation],x += xinc[w->orientation
]) == (-1) ? (-1) : waddch(stdscr,flavor[n % sizeof(flavor)])
);
	ref[w->ypos[h] = y][w->xpos[h] = x]++;
}
}
357}

359void
360onsig(int signo)
361{
sig_caught = 1;
363}

365void
366nomem(void)
367{
errx(1, "not enough memory.");
369}