Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Fishy code in sticky emulation?



I'm looking through Coverity issues (some patches to come later), and
it flagged this in builtin.c that I can't quite say for sure if it's
right or wrong about.

int
bin_emulate(UNUSED(char *nam), char **argv, Options ops, UNUSED(int func))
{
...
    if (sticky->n_on_opts)
      on_ptr = sticky->on_opts =
        zhalloc(sticky->n_on_opts * sizeof(*sticky->on_opts));
    else
      on_ptr = NULL;
    if (sticky->n_off_opts)
      off_ptr = sticky->off_opts = zhalloc(sticky->n_off_opts *
                                   sizeof(*sticky->off_opts));
    else
      off_ptr = NULL;
    for (optnode = firstnode(optlist); optnode; incnode(optnode)) {
      /* Data is index into new_opts */
      char *optptr = (char *)getdata(optnode);
      int optno = optptr - new_opts;
      if (*optptr)
        *on_ptr++ = optno;
      else
        *off_ptr++ = optno;
      }
...

In particular, on_ptr and off_ptr can be NULL, but unconditionally one
of them is always incremented in the for loop, which isn't very well
defined for a NULL pointer. Am I missing something, or are these
n_*_opts simply never 0?

-- 
Mikael Magnusson



Messages sorted by: Reverse Date, Date, Thread, Author