/usr/src/usr.bin/patch/inp.c

Bug Summary

File:	src/usr.bin/patch/inp.c
Warning:	line 296, column 5 Potential leak of memory pointed to by 'p'

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name inp.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/patch/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/patch/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/patch/inp.c

1/*	$OpenBSD: inp.c,v 1.49 2019/06/28 13:35:02 deraadt Exp $	*/

3/*
* patch - a program to apply diffs to original files
* 
* Copyright 1986, Larry Wall
* 
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following condition is met:
* 1. Redistributions of source code must retain the above copyright notice,
* this condition and the following disclaimer.
* 
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* 
* -C option added in 1998, original code by Marc Espie, based on FreeBSD
* behaviour
*/

29#include <sys/stat.h>
30#include <sys/mman.h>

32#include <ctype.h>
33#include <fcntl.h>
34#include <stddef.h>
35#include <stdint.h>
36#include <stdio.h>
37#include <stdlib.h>
38#include <string.h>
39#include <unistd.h>

41#include "common.h"
42#include "util.h"
43#include "pch.h"
44#include "inp.h"


47/* Input-file-with-indexable-lines abstract type */

49static off_t	i_size;		/* size of the input file */
50static char	*i_womp;	/* plan a buffer for entire file */
51static char	**i_ptr;	/* pointers to lines in i_womp */

53static int	tifd = -1;	/* plan b virtual string array */
54static char	*tibuf[2];	/* plan b buffers */
55static LINENUM	tiline[2] = {-1, -1};	/* 1st line in each buffer */
56static size_t	lines_per_buf;	/* how many lines per buffer */
57static size_t	tibuflen;	/* plan b buffer length */
58static size_t	tireclen;	/* length of records in tmp file */

60static bool_Bool	rev_in_string(const char *);
61static bool_Bool	reallocate_lines(size_t *);

63/* returns false if insufficient memory */
64static bool_Bool	plan_a(const char *);

66static void	plan_b(const char *);

68/* New patch--prepare to edit another file. */

70void
71re_input(void)
72{
if (using_plan_a) {
free(i_ptr);
i_ptr = NULL((void*)0);
if (i_womp != NULL((void*)0)) {
	munmap(i_womp, i_size);
	i_womp = NULL((void*)0);
}
i_size = 0;
} else {
using_plan_a = true1;	/* maybe the next one is smaller */
close(tifd);
tifd = -1;
free(tibuf[0]);
free(tibuf[1]);
tibuf[0] = tibuf[1] = NULL((void*)0);
tiline[0] = tiline[1] = -1;
tireclen = 0;
}
91}

93/* Construct the line index, somehow or other. */

95void
96scan_input(const char *filename)
97{
if (!plan_a(filename))
1
Taking true branch→
plan_b(filename);
2
←
Calling 'plan_b'→
if (verbose) {
say("Patching file %s using Plan %s...\n", filename,
    (using_plan_a ? "A" : "B"));
}
104}

106static bool_Bool
107reallocate_lines(size_t *lines_allocatedp)
108{
char	**p;
size_t	new_size;

new_size = *lines_allocatedp * 3 / 2;
p = reallocarray(i_ptr, new_size + 2, sizeof(char *));
if (p == NULL((void*)0)) {	/* shucks, it was a near thing */
munmap(i_womp, i_size);
i_womp = NULL((void*)0);
free(i_ptr);
i_ptr = NULL((void*)0);
*lines_allocatedp = 0;
return false0;
}
*lines_allocatedp = new_size;
i_ptr = p;
return true1;
125}

127/* Try keeping everything in memory. */

129static bool_Bool
130plan_a(const char *filename)
131{
int		ifd, statfailed;
char		*p, *s;
struct stat	filestat;
off_t		i;
ptrdiff_t	sz;
size_t		iline, lines_allocated;

139#ifdef DEBUGGING
if (debug & 8)
return false0;
142#endif

if (filename == NULL((void*)0) || *filename == '\0')
return false0;

statfailed = stat(filename, &filestat);
if (statfailed && ok_to_create_file) {
int fd;

if (verbose)
	say("(Creating file %s...)\n", filename);

/*
 * in check_patch case, we still display `Creating file' even
 * though we're not. The rule is that -C should be as similar
 * to normal patch behavior as possible
 */
if (check_only)
	return true1;
makedirs(filename, true1);
if ((fd = open(filename, O_CREAT0x0200 | O_TRUNC0x0400 | O_WRONLY0x0001, 0666)) != -1)
	close(fd);

statfailed = stat(filename, &filestat);
}
if (statfailed)
fatal("can't find %s\n", filename);
filemode = filestat.st_mode;
if (!S_ISREG(filemode)((filemode & 0170000) == 0100000))
fatal("%s is not a normal file--can't patch\n", filename);
i_size = filestat.st_size;
if (out_of_mem) {
set_hunkmax();	/* make sure dynamic arrays are allocated */
out_of_mem = false0;
return false0;	/* force plan b because plan a bombed */
}
if (i_size > SIZE_MAX0xffffffffffffffffUL) {
say("block too large to mmap\n");
return false0;
}
if ((ifd = open(filename, O_RDONLY0x0000)) == -1)
pfatal("can't open file %s", filename);

if (i_size) {
i_womp = mmap(NULL((void*)0), i_size, PROT_READ0x01, MAP_PRIVATE0x0002, ifd, 0);
if (i_womp == MAP_FAILED((void *)-1)) {
	perror("mmap failed");
	i_womp = NULL((void*)0);
	close(ifd);
	return false0;
}
} else {
i_womp = NULL((void*)0);
}

close(ifd);
if (i_size)
madvise(i_womp, i_size, MADV_SEQUENTIAL2);

/* estimate the number of lines */
lines_allocated = i_size / 25;
if (lines_allocated < 100)
lines_allocated = 100;

if (!reallocate_lines(&lines_allocated))
return false0;

/* now scan the buffer and build pointer array */
iline = 1;
i_ptr[iline] = i_womp;
/* test for NUL too, to maintain the behavior of the original code */
for (s = i_womp, i = 0; i < i_size && *s != '\0'; s++, i++) {
if (*s == '\n') {
	if (iline == lines_allocated) {
		if (!reallocate_lines(&lines_allocated))
			return false0;
	}
	/* these are NOT NUL terminated */
	i_ptr[++iline] = s + 1;
}
}
/* if the last line contains no EOL, append one */
if (i_size > 0 && i_womp[i_size - 1] != '\n') {
last_line_missing_eol = true1;
/* fix last line */
sz = s - i_ptr[iline];
p = malloc(sz + 1);
if (p == NULL((void*)0)) {
	free(i_ptr);
	i_ptr = NULL((void*)0);
	munmap(i_womp, i_size);
	i_womp = NULL((void*)0);
	return false0;
}

memcpy(p, i_ptr[iline], sz);
p[sz] = '\n';
i_ptr[iline] = p;
/* count the extra line and make it point to some valid mem */
i_ptr[++iline] = "";
} else
last_line_missing_eol = false0;

input_lines = iline - 1;

/* now check for revision, if any */

if (revision != NULL((void*)0)) {
if (i_womp == NULL((void*)0) || !rev_in_string(i_womp)) {
	if (force) {
		if (verbose)
			say("Warning: this file doesn't appear "
			    "to be the %s version--patching anyway.\n",
			    revision);
	} else if (batch) {
		fatal("this file doesn't appear to be the "
		    "%s version--aborting.\n",
		    revision);
	} else {
		ask("This file doesn't appear to be the "
		    "%s version--patch anyway? [n] ",
		    revision);
		if (*buf != 'y')
			fatal("aborted\n");
	}
} else if (verbose)
	say("Good.  This file appears to be the %s version.\n",
	    revision);
}
return true1;		/* plan a will work */
272}

274/* Keep (virtually) nothing in memory. */

276static void
277plan_b(const char *filename)
278{
FILE	*ifp;
size_t	i = 0, j, len, maxlen = 1;
char	*lbuf = NULL((void*)0), *p;
bool_Bool	found_revision = (revision == NULL((void*)0));
3
←
Assuming 'revision' is not equal to NULL→

using_plan_a = false0;
if ((ifp = fopen(filename, "r")) == NULL((void*)0))
4
←
Assuming the condition is false→
5
←
Taking false branch→
pfatal("can't open file %s", filename);
(void) unlink(TMPINNAME);
if ((tifd = open(TMPINNAME, O_EXCL0x0800 | O_CREAT0x0200 | O_WRONLY0x0001, 0666)) == -1)
6
←
Assuming the condition is false→
7
←
Taking false branch→
pfatal("can't open file %s", TMPINNAME);
while ((p = fgetln(ifp, &len)) != NULL((void*)0)) {
8
←
Assuming the condition is true→
9
←
Loop condition is true.  Entering loop body→
18
←
Assuming the condition is true→
19
←
Loop condition is true.  Entering loop body→
if (p[len - 1] == '\n')
10
←
Assuming the condition is false→
11
←
Taking false branch→
20
←
Assuming the condition is false→
21
←
Taking false branch→
	p[len - 1] = '\0';
else {
	/* EOF without EOL, copy and add the NUL */
	if ((lbuf = malloc(len + 1)) == NULL((void*)0))
12
←
Memory is allocated→
13
←
Assuming the condition is false→
14
←
Taking false branch→
22
←
Assuming the condition is true→
23
←
Taking true branch→
		fatal("out of memory\n");
24
←
Potential leak of memory pointed to by 'p'
	memcpy(lbuf, p, len);
	lbuf[len] = '\0';
	p = lbuf;

	last_line_missing_eol = true1;
	len++;
}
if (revision14.1
'revision' is not equal to NULL
 != NULL((void*)0) && !found_revision14.2
'found_revision' is false
 && rev_in_string(p))
15
←
Assuming the condition is false→
16
←
Taking false branch→
	found_revision = true1;
if (len16.1
'len' is > 'maxlen'
 > maxlen)
17
←
Taking true branch→
	maxlen = len;	/* find longest line */
}
free(lbuf);
if (ferror(ifp)(!__isthreaded ? (((ifp)->_flags & 0x0040) != 0) : (ferror
)(ifp)))
pfatal("can't read file %s", filename);

if (revision != NULL((void*)0)) {
if (!found_revision) {
	if (force) {
		if (verbose)
			say("Warning: this file doesn't appear "
			    "to be the %s version--patching anyway.\n",
			    revision);
	} else if (batch) {
		fatal("this file doesn't appear to be the "
		    "%s version--aborting.\n",
		    revision);
	} else {
		ask("This file doesn't appear to be the %s "
		    "version--patch anyway? [n] ",
		    revision);
		if (*buf != 'y')
			fatal("aborted\n");
	}
} else if (verbose)
	say("Good.  This file appears to be the %s version.\n",
	    revision);
}
fseek(ifp, 0L, SEEK_SET0);	/* rewind file */
tireclen = maxlen;
tibuflen = maxlen > BUFFERSIZE1024 ? maxlen : BUFFERSIZE1024;
lines_per_buf = tibuflen / maxlen;
tibuf[0] = malloc(tibuflen + 1);
if (tibuf[0] == NULL((void*)0))
fatal("out of memory\n");
tibuf[1] = malloc(tibuflen + 1);
if (tibuf[1] == NULL((void*)0))
fatal("out of memory\n");
for (i = 1;; i++) {
p = tibuf[0] + maxlen * (i % lines_per_buf);
if (i % lines_per_buf == 0)	/* new block */
	if (write(tifd, tibuf[0], tibuflen) !=
	    (ssize_t) tibuflen)
		pfatal("can't write temp file");
if (fgets(p, maxlen + 1, ifp) == NULL((void*)0)) {
	input_lines = i - 1;
	if (i % lines_per_buf != 0)
		if (write(tifd, tibuf[0], tibuflen) !=
		    (ssize_t) tibuflen)
			pfatal("can't write temp file");
	break;
}
j = strlen(p);
/* These are '\n' terminated strings, so no need to add a NUL */
if (j == 0 || p[j - 1] != '\n')
	p[j] = '\n';
}
fclose(ifp);
close(tifd);
if ((tifd = open(TMPINNAME, O_RDONLY0x0000)) == -1)
pfatal("can't reopen file %s", TMPINNAME);
368}

370/*
* Fetch a line from the input file, \n terminated, not necessarily \0.
*/
373char *
374ifetch(LINENUM line, int whichbuf)
375{
if (line < 1 || line > input_lines) {
if (warn_on_invalid_line) {
	say("No such line %ld in input file, ignoring\n", line);
	warn_on_invalid_line = false0;
}
return NULL((void*)0);
}
if (using_plan_a)
return i_ptr[line];
else {
LINENUM	offline = line % lines_per_buf;
LINENUM	baseline = line - offline;

if (tiline[0] == baseline)
	whichbuf = 0;
else if (tiline[1] == baseline)
	whichbuf = 1;
else {
	tiline[whichbuf] = baseline;

	if (lseek(tifd, (off_t) (baseline / lines_per_buf *
	    tibuflen), SEEK_SET0) == -1)
		pfatal("cannot seek in the temporary input file");

	if (read(tifd, tibuf[whichbuf], tibuflen)
	    != (ssize_t) tibuflen)
		pfatal("error reading tmp file %s", TMPINNAME);
}
return tibuf[whichbuf] + (tireclen * offline);
}
406}

408/*
* True if the string argument contains the revision number we want.
*/
411static bool_Bool
412rev_in_string(const char *string)
413{
const char	*s;
size_t		patlen;

if (revision == NULL((void*)0))
return true1;
patlen = strlen(revision);
if (strnEQ(string, revision, patlen)(!strncmp(string, revision, patlen)) &&
   isspace((unsigned char)string[patlen]))
return true1;
for (s = string; *s; s++) {
if (isspace((unsigned char)*s) && strnEQ(s + 1, revision, patlen)(!strncmp(s + 1, revision, patlen)) &&
    isspace((unsigned char)s[patlen + 1])) {
	return true1;
}
}
return false0;
430}