scan-build from clang version 9 complains about following:
nl.c:507:9: warning: Use of memory after it is freed
while (nlmsg_ok(hdr, n)) {
^~~~~~~~~~~~~~~~
which seems to be impossible codepath as clang analyzer doesn't somehow
account properly nl_syserr2nlerr(errno) return value:
} else {
free(msg.msg_control);
free(*buf);
return -nl_syserr2nlerr(errno);
}
which should be always < 0, but analyzer is still checking for > 0 code
path as well for some reason. So in order to make the analyzer happy,
set the buf pointer to NULL explicitly and add assert to make it clear,
that this codepath should never happen.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
page_size = getpagesize() * 4;
iov.iov_len = page_size;
- iov.iov_base = *buf = malloc(iov.iov_len);
+ iov.iov_base = *buf = calloc(1, iov.iov_len);
+ if (!*buf)
+ return -nl_syserr2nlerr(errno);
if (sk->s_flags & NL_SOCK_PASSCRED) {
msg.msg_controllen = CMSG_SPACE(sizeof(struct ucred));
} else {
free(msg.msg_control);
free(*buf);
+ *buf = NULL;
return -nl_syserr2nlerr(errno);
}
}
if (msg.msg_namelen != sizeof(struct sockaddr_nl)) {
free(msg.msg_control);
free(*buf);
+ *buf = NULL;
return -NLE_NOADDR;
}
abort:
free(msg.msg_control);
free(*buf);
+ *buf = NULL;
return 0;
}
if (n <= 0)
return n;
+ /* make clang analyzer happy */
+ assert(n > 0 && buf);
+
NL_DBG(3, "recvmsgs(%p): Read %d bytes\n", sk, n);
hdr = (struct nlmsghdr *) buf;