Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD

cvs-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD

From:	Mark D. Baushke
Subject:	Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD
Date:	Thu, 11 May 2006 11:35:20 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Folks,

I just noticed something when I put in some assert () statements instead
of checking arguments to xstdup in my last change. The asserts started
aborting the 'make check' regression tests.

It seems that the mode Coverity is using for xstrdup() is from the
NetBSD src/usr.bin/xlint/common/mem.c file:

84      char *
85      xstrdup(const char *s)
86      {
87              char    *s2;
88      

Event deref_parm_in_call: Dereferenced parameter "s" in the function "strdup"

89              if ((s2 = strdup(s)) == NULL)
90                      nomem();
91              return (s2);
92      }

This is NOT the same function provided by cvs 1.11.x in src/subr.c

/*
 * Duplicate a string, calling xmalloc to allocate some dynamic space
 */
char *
xstrdup (str)
    const char *str;
{
    char *s;

    if (str == NULL)
        return ((char *) NULL);
    s = xmalloc (strlen (str) + 1);
    (void) strcpy (s, str);
    return (s);
}


The interesting thing is that in cvs 1.12.x, the xstrdup () is the one
- From GNULIB xmalloc.c which does NOT properly handle NULL (the one that
properly handles a NULL argument is now called Xstrdup()).

/* Clone an object P of size S, with error checking.  There's no need
   for xnmemdup (P, N, S), since xmemdup (P, N * S) works without any
   need for an arithmetic overflow check.  */

void *
xmemdup (void const *p, size_t s)
{
  return memcpy (xmalloc (s), p, s);
}

/* Clone STRING.  */

char *
xstrdup (char const *string)
{
  return xmemdup (string, strlen (string) + 1);
}


So, many of my recent changes are protecting an xstrdup from a NULL
argument that is not a problem in cvs 1.11.x in any case. However, it is
not clear that the same holds true of the cvs 1.12.x merged code.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFEY4PoCg7APGsDnFERAnnoAJ9UH6mNS8cRW+P6FCeNiNQ6jlW0aQCeOwv/
I9lwYNMczSya7EKzRDMoO7U=
=Ju44
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD, (continued)
- RE: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD, address@hidden, 2006/05/11
  - Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD, Mark D. Baushke, 2006/05/11
    - Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD, Larry Jones, 2006/05/12
  - Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD, Mark D. Baushke <=
- Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD, address@hidden, 2006/05/11

Prev by Date: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD
Next by Date: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD
Previous by thread: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD
Next by thread: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD
Index(es):
- Date
- Thread