bug-texinfo
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Static code-checking observations


From: Hans-Bernhard Bröker
Subject: Re: Static code-checking observations
Date: Sat, 4 Feb 2017 18:42:39 +0100
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

Am 04.02.2017 um 02:02 schrieb Gavin Smith:

I've worked through the set of patches you sent and tried to
understand what they were meant to fix. This is what I have left:

Index: infodoc.c
===================================================================
--- infodoc.c   (Revision 7649)
+++ infodoc.c   (Arbeitskopie)
@@ -372,7 +372,7 @@
   /* If there is more than one window on the screen, check if the user typed
      "H" for help message before typing "h" for tutorial.  If so, close help
      message so the tutorial will not be in a small window. */
-  if (windows->next)
+  if (windows && windows->next)
     {
       WINDOW *help_window = get_internal_info_window (info_help_nodename);
       if (help_window && help_window == active_window)

I think this flagged up as a problem because of this loop earlier:

for (win = windows; win; win = win->next)

I don't think so. I see it as being flagged simply because the checker didn't see anything to guarantee that 'windows' itself isn't NULL. Now that might be ensured by code elsewhere (e.g. this function might never even be called if windows were 0), but the checker saw no such guarantee.

Index: tilde.c
===================================================================
--- tilde.c     (Revision 7649)
+++ tilde.c     (Arbeitskopie)
@@ -114,16 +114,13 @@
 char *
 tilde_expand (char *string)
 {
-  char *result;
-  int result_size, result_index;
+  char *result = NULL;
+  unsigned int result_size = 0, result_index = 0;

-  result_size = result_index = 0;
-  result = NULL;
-
   /* Scan through STRING expanding tildes as we come to them. */
   while (1)
     {
-      register int start, end;
+      unsigned int start, end;
       char *tilde_word, *expansion;
       int len;

@@ -132,7 +129,10 @@

       /* Copy the skipped text into the result. */
       if ((result_index + start + 1) > result_size)
-        result = xrealloc (result, 1 + (result_size += (start + 20)));
+        {
+          result_size += start + 20;
+          result = xrealloc (result, 1 + result_size);
+        }

       strncpy (result + result_index, string, start);
       result_index += start;

I don't know what this is supposed to fix. The line in the log

Logic error     Unix API
 info/tilde.c                            tilde_expand
  137     3

refers to the line with "strncpy" on it.

Exactly, and the trouble is that the checker sees a possiblity that strncpy's argument might be NULL.

The trouble here is that `result' is NULL until the branch doing that xrealloc has taken place. The changes to unsigned are (failed) attempts to allow the checker to see through those calculations more easily and realize that the condition will always be true on the first pass, and therefore the xrealloc would always make result non-NULL.

The ultimate obstacle may be xrealloc() here, though. Its purpose is to never return unless it managed to make its output non-NULL. But it's hard for the checker to figure that out cross-module.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]