Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Fishy code in sticky emulation?

X-seq: zsh-workers 34097
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
Subject: Re: Fishy code in sticky emulation?
Date: Tue, 6 Jan 2015 00:21:04 +0100
Cc: zsh workers <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=f19Rlr7cgotde0fG/IqOy8f2VgyNF+uoaD8efBnaJls=; b=tI/7L90X0c4lo63/Z5sL9VyNd275nv+bij5X4jt8aTsRP27oJNmxh+GejOUj1GotSv Vi6CUhx4/H8QOvUqTRPZneNISKtdm5TDeBxVv3JXB1HvtptX8G6uBeLboWCvAno43uGq 919gq0PQFsunC/xMzlYMY6vVXWXwHNzcJu+MnKtLl3Lgp+vooK/81ajftW/jRH7+7neh IEsbZWdOIG0ze1/woM2ssHQMOFmnpQX24tUuqIqTWtuJNgAjgNWGw+x4mR88NqUkJWDu sFlFVJP1X3+byEFFk8LdrTrj2FG/w0KbMDIpJRl46uk1gnQzLn0yopxtXlcuBx9q6wVT a78A==
In-reply-to: <20150105144819.2f768fcb@pwslap01u.europe.root.pri>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAHYJk3SjCocOpnoS5K_N=J7CWKmVBTgrUtryLLf+cu6xLqxZ8w@mail.gmail.com> <20150105144819.2f768fcb@pwslap01u.europe.root.pri>

On Mon, Jan 5, 2015 at 3:48 PM, Peter Stephenson
<p.stephenson@xxxxxxxxxxx> wrote:
> On Mon, 5 Jan 2015 15:34:00 +0100
> Mikael Magnusson <mikachu@xxxxxxxxx> wrote:
>> I'm looking through Coverity issues (some patches to come later), and
>> it flagged this in builtin.c that I can't quite say for sure if it's
>> right or wrong about.
>>
>> int
>> bin_emulate(UNUSED(char *nam), char **argv, Options ops, UNUSED(int func))
>> {
>> ...
>>     if (sticky->n_on_opts)
>>       on_ptr = sticky->on_opts =
>>         zhalloc(sticky->n_on_opts * sizeof(*sticky->on_opts));
>>     else
>>       on_ptr = NULL;
>>     if (sticky->n_off_opts)
>>       off_ptr = sticky->off_opts = zhalloc(sticky->n_off_opts *
>>                                    sizeof(*sticky->off_opts));
>>     else
>>       off_ptr = NULL;
>>     for (optnode = firstnode(optlist); optnode; incnode(optnode)) {
>>       /* Data is index into new_opts */
>>       char *optptr = (char *)getdata(optnode);
>>       int optno = optptr - new_opts;
>>       if (*optptr)
>>         *on_ptr++ = optno;
>>       else
>>         *off_ptr++ = optno;
>>       }
>> ...
>>
>> In particular, on_ptr and off_ptr can be NULL, but unconditionally one
>> of them is always incremented in the for loop, which isn't very well
>> defined for a NULL pointer. Am I missing something, or are these
>> n_*_opts simply never 0?
>
> You missed out the previous loop which is exactly parallel to the second
> one you quoted:
>
>     for (optnode = firstnode(optlist); optnode; incnode(optnode)) {
>         /* Data is index into new_opts */
>         char *optptr = (char *)getdata(optnode);
>         if (*optptr)
>             sticky->n_on_opts++;
>         else
>             sticky->n_off_opts++;
>     }
>
> This means that in the second loop on_ptr must be non-NULL whenever
> *optptr is non-NULL and off_ptr must be non-NULL whenever it's NULL.
>
> However, it would be fine to make the test for the pointers more
> explicit; it's not going to make any noticeable difference even if you
> run emulate very frequently.

Ah, oops. I guess the getdata() functions are too involved for
coverity to follow (it gets confused by way easier things than that
too), and for me too :). Thanks, I'll mark it as a false positive.

-- 
Mikael Magnusson

References:
- Fishy code in sticky emulation?
  - From: Mikael Magnusson
- Re: Fishy code in sticky emulation?
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author