Bug Summary

File:src/usr.bin/lex/buf.c
Warning:line 153, column 34
Null pointer passed as 1st argument to string length function

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name buf.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/lex/obj -resource-dir /usr/local/lib/clang/13.0.0 -I . -I /usr/src/usr.bin/lex -D HAVE_CONFIG_H -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/lex/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/lex/buf.c
1/* $OpenBSD: buf.c,v 1.7 2015/11/20 18:54:49 tedu Exp $ */
2
3/* flex - tool to generate fast lexical analyzers */
4
5/* Copyright (c) 1990 The Regents of the University of California. */
6/* All rights reserved. */
7
8/* This code is derived from software contributed to Berkeley by */
9/* Vern Paxson. */
10
11/* The United States Government has rights in this work pursuant */
12/* to contract no. DE-AC03-76SF00098 between the United States */
13/* Department of Energy and the University of California. */
14
15/* This file is part of flex. */
16
17/* Redistribution and use in source and binary forms, with or without */
18/* modification, are permitted provided that the following conditions */
19/* are met: */
20
21/* 1. Redistributions of source code must retain the above copyright */
22/* notice, this list of conditions and the following disclaimer. */
23/* 2. Redistributions in binary form must reproduce the above copyright */
24/* notice, this list of conditions and the following disclaimer in the */
25/* documentation and/or other materials provided with the distribution. */
26
27/* Neither the name of the University nor the names of its contributors */
28/* may be used to endorse or promote products derived from this software */
29/* without specific prior written permission. */
30
31/* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR */
32/* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED */
33/* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR */
34/* PURPOSE. */
35
36
37#include "flexdef.h"
38
39/* Take note: The buffer object is sometimes used as a String buffer (one
40 * continuous string), and sometimes used as a list of strings, usually line by
41 * line.
42 *
43 * The type is specified in buf_init by the elt_size. If the elt_size is
44 * sizeof(char), then the buffer should be treated as string buffer. If the
45 * elt_size is sizeof(char*), then the buffer should be treated as a list of
46 * strings.
47 *
48 * Certain functions are only appropriate for one type or the other.
49 */
50
51/* global buffers. */
52struct Buf userdef_buf; /**< for user #definitions triggered by cmd-line. */
53struct Buf defs_buf; /**< for #define's autogenerated. List of strings. */
54struct Buf yydmap_buf; /**< string buffer to hold yydmap elements */
55struct Buf m4defs_buf; /**< m4 definitions. List of strings. */
56struct Buf top_buf; /**< contains %top code. String buffer. */
57
58struct Buf *
59buf_print_strings(struct Buf * buf, FILE * out)
60{
61 int i;
62
63 if (!buf || !out)
64 return buf;
65
66 for (i = 0; i < buf->nelts; i++) {
67 const char *s = ((char **) buf->elts)[i];
68 if (s)
69 fprintf(out, "%s", s);
70 }
71 return buf;
72}
73
74/* Append a "%s" formatted string to a string buffer */
75struct Buf *
76buf_prints(struct Buf * buf, const char *fmt, const char *s)
77{
78 char *t;
79 size_t tsz;
80
81 tsz = strlen(fmt) + strlen(s) + 1;
82 t = malloc(tsz);
1
Value assigned to 't'
83 if (!t)
2
Assuming 't' is null
3
Taking true branch
84 flexfatal(_("Allocation of buffer to print string failed")"Allocation of buffer to print string failed");
85 snprintf(t, tsz, fmt, s);
86 buf = buf_strappend(buf, t);
4
Passing null pointer value via 2nd parameter 'str'
5
Calling 'buf_strappend'
87 free(t);
88 return buf;
89}
90
91/** Append a line directive to the string buffer.
92 * @param buf A string buffer.
93 * @param filename file name
94 * @param lineno line number
95 * @return buf
96 */
97struct Buf *
98buf_linedir(struct Buf * buf, const char *filename, int lineno)
99{
100 const char *src;
101 char *dst, *t;
102 size_t tsz;
103
104 tsz = strlen("#line \"\"\n") + /* constant parts */
105 2 * strlen(filename) + /* filename with possibly all backslashes escaped */
106 (int) (1 + log10(abs(lineno))) + /* line number */
107 1; /* NUL */
108 t = malloc(tsz);
109 if (!t)
110 flexfatal(_("Allocation of buffer for line directive failed")"Allocation of buffer for line directive failed");
111 dst = t + snprintf(t, tsz, "#line %d \"", lineno);
112 for (src = filename; *src; *dst++ = *src++)
113 if (*src == '\\') /* escape backslashes */
114 *dst++ = '\\';
115 *dst++ = '"';
116 *dst++ = '\n';
117 *dst = '\0';
118 buf = buf_strappend(buf, t);
119 free(t);
120 return buf;
121}
122
123
124/** Append the contents of @a src to @a dest.
125 * @param @a dest the destination buffer
126 * @param @a dest the source buffer
127 * @return @a dest
128 */
129struct Buf *
130buf_concat(struct Buf * dest, const struct Buf * src)
131{
132 buf_append(dest, src->elts, src->nelts);
133 return dest;
134}
135
136
137/* Appends n characters in str to buf. */
138struct Buf *
139buf_strnappend(struct Buf *buf, const char *str, int n)
140{
141 buf_append(buf, str, n + 1);
142
143 /* "undo" the '\0' character that buf_append() already copied. */
144 buf->nelts--;
145
146 return buf;
147}
148
149/* Appends characters in str to buf. */
150struct Buf *
151buf_strappend(struct Buf *buf, const char *str)
152{
153 return buf_strnappend(buf, str, strlen(str));
6
Null pointer passed as 1st argument to string length function
154}
155
156/* appends "#define str def\n" */
157struct Buf *
158buf_strdefine(struct Buf *buf, const char *str, const char *def)
159{
160 buf_strappend(buf, "#define ");
161 buf_strappend(buf, " ");
162 buf_strappend(buf, str);
163 buf_strappend(buf, " ");
164 buf_strappend(buf, def);
165 buf_strappend(buf, "\n");
166 return buf;
167}
168
169/** Pushes "m4_define( [[def]], [[val]])m4_dnl" to end of buffer.
170 * @param buf A buffer as a list of strings.
171 * @param def The m4 symbol to define.
172 * @param val The definition; may be NULL.
173 * @return buf
174 */
175struct Buf *
176buf_m4_define(struct Buf * buf, const char *def, const char *val)
177{
178 const char *fmt = "m4_define( [[%s]], [[%s]])m4_dnl\n";
179 char *str;
180 size_t strsz;
181
182 val = val ? val : "";
183 strsz = strlen(fmt) + strlen(def) + strlen(val) + 2;
184 str = malloc(strsz);
185 if (!str)
186 flexfatal(_("Allocation of buffer for m4 def failed")"Allocation of buffer for m4 def failed");
187
188 snprintf(str, strsz, fmt, def, val);
189 buf_append(buf, &str, 1);
190 return buf;
191}
192
193/** Pushes "m4_undefine([[def]])m4_dnl" to end of buffer.
194 * @param buf A buffer as a list of strings.
195 * @param def The m4 symbol to undefine.
196 * @return buf
197 */
198struct Buf *
199buf_m4_undefine(struct Buf * buf, const char *def)
200{
201 const char *fmt = "m4_undefine( [[%s]])m4_dnl\n";
202 char *str;
203 size_t strsz;
204
205 strsz = strlen(fmt) + strlen(def) + 2;
206 str = malloc(strsz);
207 if (!str)
208 flexfatal(_("Allocation of buffer for m4 undef failed")"Allocation of buffer for m4 undef failed");
209
210 snprintf(str, strsz, fmt, def);
211 buf_append(buf, &str, 1);
212 return buf;
213}
214
215/* create buf with 0 elements, each of size elem_size. */
216void
217buf_init(struct Buf *buf, size_t elem_size)
218{
219 buf->elts = NULL((void *)0);
220 buf->nelts = 0;
221 buf->elt_size = elem_size;
222 buf->nmax = 0;
223}
224
225/* frees memory */
226void
227buf_destroy(struct Buf *buf)
228{
229 free(buf->elts);
230 buf->elts = NULL((void *)0);
231}
232
233
234/* appends ptr[] to buf, grow if necessary.
235 * n_elem is number of elements in ptr[], NOT bytes.
236 * returns buf.
237 * We grow by mod(512) boundaries.
238 */
239
240struct Buf *
241buf_append(struct Buf *buf, const void *ptr, int n_elem)
242{
243 int n_alloc = 0;
244
245 if (!ptr || n_elem == 0)
246 return buf;
247
248 /* May need to alloc more. */
249 if (n_elem + buf->nelts > buf->nmax) {
250
251 /* exact amount needed... */
252 n_alloc = (n_elem + buf->nelts) * buf->elt_size;
253
254 /* ...plus some extra */
255 if (((n_alloc * buf->elt_size) % 512) != 0
256 && buf->elt_size < 512)
257 n_alloc +=
258 (512 -
259 ((n_alloc * buf->elt_size) % 512)) /
260 buf->elt_size;
261
262 if (!buf->elts)
263 buf->elts =
264 allocate_array(n_alloc, buf->elt_size);
265 else
266 buf->elts =
267 reallocate_array(buf->elts, n_alloc,
268 buf->elt_size);
269
270 buf->nmax = n_alloc;
271 }
272 memcpy((char *) buf->elts + buf->nelts * buf->elt_size, ptr,
273 n_elem * buf->elt_size);
274 buf->nelts += n_elem;
275
276 return buf;
277}