clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name quiz.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/games/quiz/obj -resource-dir /usr/local/llvm16/lib/clang/16 -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/games/quiz/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/games/quiz/quiz.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | |
34 | |
35 | |
36 | |
37 | #include <ctype.h> |
38 | #include <err.h> |
39 | #include <stdio.h> |
40 | #include <stdlib.h> |
41 | #include <string.h> |
42 | #include <unistd.h> |
43 | |
44 | #include "pathnames.h" |
45 | #include "quiz.h" |
46 | |
47 | static QE qlist; |
48 | static int catone, cattwo, tflag; |
49 | static u_int qsize; |
50 | |
51 | void downcase(char *); |
52 | void get_cats(char *, char *); |
53 | void get_file(const char *); |
54 | const char *next_cat(const char *); |
55 | void quiz(void); |
56 | void score(u_int, u_int, u_int); |
57 | void show_index(void); |
58 | __dead void usage(void); |
59 | |
60 | int |
61 | main(int argc, char *argv[]) |
62 | { |
63 | int ch; |
64 | const char *indexfile; |
65 | |
66 | if (pledge("stdio rpath proc exec", NULL) == -1) |
| 1 | Assuming the condition is false | |
|
| |
67 | err(1, "pledge"); |
68 | |
69 | indexfile = _PATH_QUIZIDX; |
70 | while ((ch = getopt(argc, argv, "hi:t")) != -1) |
| 3 | | Assuming the condition is false | |
|
| 4 | | Loop condition is false. Execution continues on line 82 | |
|
71 | switch(ch) { |
72 | case 'i': |
73 | indexfile = optarg; |
74 | break; |
75 | case 't': |
76 | tflag = 1; |
77 | break; |
78 | case 'h': |
79 | default: |
80 | usage(); |
81 | } |
82 | argc -= optind; |
83 | argv += optind; |
84 | |
85 | switch(argc) { |
| 5 | | Control jumps to 'case 2:' at line 90 | |
|
86 | case 0: |
87 | get_file(indexfile); |
88 | show_index(); |
89 | break; |
90 | case 2: |
91 | if (pledge("stdio rpath", NULL) == -1) |
| 6 | | Assuming the condition is false | |
|
| |
92 | err(1, "pledge"); |
93 | get_file(indexfile); |
94 | get_cats(argv[0], argv[1]); |
| |
| 43 | | Returning from 'get_cats' | |
|
95 | |
96 | if (pledge("stdio", NULL) == -1) |
| 44 | | Assuming the condition is false | |
|
| |
97 | err(1, "pledge"); |
98 | |
99 | quiz(); |
| |
100 | break; |
101 | default: |
102 | usage(); |
103 | } |
104 | return 0; |
105 | } |
106 | |
107 | void |
108 | get_file(const char *file) |
109 | { |
110 | FILE *fp; |
111 | QE *qp; |
112 | ssize_t len; |
113 | size_t qlen, size; |
114 | char *lp; |
115 | |
116 | if ((fp = fopen(file, "r")) == NULL) |
| 24 | | Assuming the condition is false | |
|
| |
117 | err(1, "%s", file); |
118 | |
119 | |
120 | |
121 | |
122 | |
123 | |
124 | qp = &qlist; |
125 | qsize = 0; |
126 | qlen = 0; |
127 | lp = NULL; |
128 | size = 0; |
129 | while ((len = getline(&lp, &size, fp)) != -1) { |
| 26 | | Assuming the condition is true | |
|
| 27 | | Loop condition is true. Entering loop body | |
|
| 36 | | Assuming the condition is false | |
|
| 37 | | Loop condition is false. Execution continues on line 153 | |
|
130 | if (lp[len - 1] == '\n') |
| 28 | | Assuming the condition is false | |
|
| |
131 | lp[--len] = '\0'; |
132 | if (qp->q_text) |
| 30 | | Assuming field 'q_text' is null | |
|
133 | qlen = strlen(qp->q_text); |
134 | if (qlen > 0 && qp->q_text[qlen - 1] == '\\') { |
135 | qp->q_text[--qlen] = '\0'; |
136 | qlen += len; |
137 | qp->q_text = realloc(qp->q_text, qlen + 1); |
138 | if (qp->q_text == NULL) |
139 | errx(1, "realloc"); |
140 | strlcat(qp->q_text, lp, qlen + 1); |
141 | } else { |
142 | if ((qp->q_next = malloc(sizeof(QE))) == NULL) |
| 31 | | Assuming the condition is false | |
|
| |
143 | errx(1, "malloc"); |
144 | qp = qp->q_next; |
145 | qp->q_text = strdup(lp); |
146 | if (qp->q_text == NULL) |
| 33 | | Assuming field 'q_text' is not equal to NULL | |
|
| |
147 | errx(1, "strdup"); |
148 | qp->q_asked = qp->q_answered = FALSE; |
149 | qp->q_next = NULL; |
| 35 | | Null pointer value stored to field 'q_next' | |
|
150 | ++qsize; |
151 | } |
152 | } |
153 | free(lp); |
154 | if (ferror(fp)) |
| 38 | | Assuming '__isthreaded' is not equal to 0 | |
|
| |
| 40 | | Assuming the condition is false | |
|
| |
155 | err(1, "getline"); |
156 | (void)fclose(fp); |
157 | } |
158 | |
159 | void |
160 | show_index(void) |
161 | { |
162 | QE *qp; |
163 | const char *p, *s; |
164 | FILE *pf; |
165 | const char *pager; |
166 | |
167 | if (!isatty(1)) |
168 | pager = "/bin/cat"; |
169 | else if (!(pager = getenv("PAGER")) || (*pager == 0)) |
170 | pager = _PATH_PAGER; |
171 | if ((pf = popen(pager, "w")) == NULL) |
172 | err(1, "%s", pager); |
173 | (void)fprintf(pf, "Subjects:\n\n"); |
174 | for (qp = qlist.q_next; qp; qp = qp->q_next) { |
175 | for (s = next_cat(qp->q_text); s; s = next_cat(s)) { |
176 | if (!rxp_compile(s)) |
177 | errx(1, "%s", rxperr); |
178 | if ((p = rxp_expand())) |
179 | (void)fprintf(pf, "%s ", p); |
180 | } |
181 | (void)fprintf(pf, "\n"); |
182 | } |
183 | (void)fprintf(pf, "\n%s\n%s\n%s\n", |
184 | "For example, \"quiz victim killer\" prints a victim's name and you reply", |
185 | "with the killer, and \"quiz killer victim\" works the other way around.", |
186 | "Type an empty line to get the correct answer."); |
187 | (void)pclose(pf); |
188 | } |
189 | |
190 | void |
191 | get_cats(char *cat1, char *cat2) |
192 | { |
193 | QE *qp; |
194 | int i; |
195 | const char *s; |
196 | |
197 | downcase(cat1); |
198 | downcase(cat2); |
199 | for (qp = qlist.q_next; qp; qp = qp->q_next) { |
| 9 | | Loop condition is true. Entering loop body | |
|
200 | s = next_cat(qp->q_text); |
201 | catone = cattwo = i = 0; |
202 | while (s) { |
| 10 | | Loop condition is true. Entering loop body | |
|
203 | if (!rxp_compile(s)) |
| 11 | | Assuming the condition is false | |
|
| |
204 | errx(1, "%s", rxperr); |
205 | i++; |
206 | if (rxp_match(cat1)) |
| 13 | | Assuming the condition is false | |
|
| |
207 | catone = i; |
208 | if (rxp_match(cat2)) |
| 15 | | Assuming the condition is false | |
|
| |
209 | cattwo = i; |
210 | s = next_cat(s); |
211 | } |
212 | if (catone && cattwo && catone != cattwo) { |
| 17 | | Assuming 'catone' is not equal to 0 | |
|
| 18 | | Assuming 'cattwo' is not equal to 0 | |
|
| 19 | | Assuming 'catone' is not equal to 'cattwo' | |
|
| |
213 | if (!rxp_compile(qp->q_text)) |
| 21 | | Assuming the condition is false | |
|
| |
214 | errx(1, "%s", rxperr); |
215 | get_file(rxp_expand()); |
| |
| 42 | | Returning from 'get_file' | |
|
216 | return; |
217 | } |
218 | } |
219 | errx(1, "invalid categories"); |
220 | } |
221 | |
222 | void |
223 | quiz(void) |
224 | { |
225 | QE *qp; |
226 | int i; |
227 | size_t size; |
228 | ssize_t len; |
229 | u_int guesses, rights, wrongs; |
230 | int next; |
231 | char *answer, *t, question[LINE_SZ]; |
232 | const char *s; |
233 | |
234 | size = 0; |
235 | answer = NULL; |
236 | |
237 | guesses = rights = wrongs = 0; |
238 | for (;;) { |
| 47 | | Loop condition is true. Entering loop body | |
|
239 | if (qsize == 0) |
| |
240 | break; |
241 | next = arc4random_uniform(qsize); |
242 | qp = qlist.q_next; |
243 | for (i = 0; i < next; i++) |
| 49 | | Assuming 'i' is < 'next' | |
|
| 50 | | Loop condition is true. Entering loop body | |
|
| 52 | | Assuming 'i' is < 'next' | |
|
| 53 | | Loop condition is true. Entering loop body | |
|
244 | qp = qp->q_next; |
| 51 | | Null pointer value stored to 'qp' | |
|
| 54 | | Access to field 'q_next' results in a dereference of a null pointer (loaded from variable 'qp') |
|
245 | while (qp && qp->q_answered) |
246 | qp = qp->q_next; |
247 | if (!qp) { |
248 | qsize = next; |
249 | continue; |
250 | } |
251 | if (tflag && arc4random_uniform(100) > 20) { |
252 | |
253 | while (qp && (!qp->q_asked || qp->q_answered)) |
254 | qp = qp->q_next; |
255 | if (!qp) |
256 | continue; |
257 | } |
258 | s = qp->q_text; |
259 | for (i = 0; i < catone - 1; i++) |
260 | s = next_cat(s); |
261 | if (!rxp_compile(s)) |
262 | errx(1, "%s", rxperr); |
263 | t = rxp_expand(); |
264 | if (!t || *t == '\0') { |
265 | qp->q_answered = TRUE; |
266 | continue; |
267 | } |
268 | (void)strlcpy(question, t, sizeof question); |
269 | s = qp->q_text; |
270 | for (i = 0; i < cattwo - 1; i++) |
271 | s = next_cat(s); |
272 | if (s == NULL) |
273 | errx(1, "too few fields in data file, line \"%s\"", |
274 | qp->q_text); |
275 | if (!rxp_compile(s)) |
276 | errx(1, "%s", rxperr); |
277 | t = rxp_expand(); |
278 | if (!t || *t == '\0') { |
279 | qp->q_answered = TRUE; |
280 | continue; |
281 | } |
282 | qp->q_asked = TRUE; |
283 | (void)printf("%s?\n", question); |
284 | for (;; ++guesses) { |
285 | if ((len = getline(&answer, &size, stdin)) == -1 || |
286 | answer[len - 1] != '\n') { |
287 | score(rights, wrongs, guesses); |
288 | exit(0); |
289 | } |
290 | answer[len - 1] = '\0'; |
291 | downcase(answer); |
292 | if (rxp_match(answer)) { |
293 | (void)printf("Right!\n"); |
294 | ++rights; |
295 | qp->q_answered = TRUE; |
296 | break; |
297 | } |
298 | if (*answer == '\0') { |
299 | (void)printf("%s\n", t); |
300 | ++wrongs; |
301 | if (!tflag) |
302 | qp->q_answered = TRUE; |
303 | break; |
304 | } |
305 | (void)printf("What?\n"); |
306 | } |
307 | } |
308 | score(rights, wrongs, guesses); |
309 | free(answer); |
310 | } |
311 | |
312 | const char * |
313 | next_cat(const char *s) |
314 | { |
315 | int esc; |
316 | |
317 | if (s == NULL) |
318 | return (NULL); |
319 | esc = 0; |
320 | for (;;) |
321 | switch (*s++) { |
322 | case '\0': |
323 | return (NULL); |
324 | case '\\': |
325 | esc = 1; |
326 | break; |
327 | case ':': |
328 | if (!esc) |
329 | return (s); |
330 | default: |
331 | esc = 0; |
332 | break; |
333 | } |
334 | } |
335 | |
336 | void |
337 | score(u_int r, u_int w, u_int g) |
338 | { |
339 | (void)printf("Rights %d, wrongs %d,", r, w); |
340 | if (g) |
341 | (void)printf(" extra guesses %d,", g); |
342 | (void)printf(" score %d%%\n", (r + w + g) ? r * 100 / (r + w + g) : 0); |
343 | } |
344 | |
345 | void |
346 | downcase(char *p) |
347 | { |
348 | int ch; |
349 | |
350 | for (; (ch = *p) != '\0'; ++p) |
351 | if (isascii(ch) && isupper(ch)) |
352 | *p = tolower(ch); |
353 | } |
354 | |
355 | void |
356 | usage(void) |
357 | { |
358 | (void)fprintf(stderr, |
359 | "usage: %s [-t] [-i file] category1 category2\n", getprogname()); |
360 | exit(1); |
361 | } |