mpi-bit: numerous potential null pointer dereferences
Closed, WontfixPublic

Description

I think these are issues where the mpi is assumed never to be NULL. I'm not sure
how its enforced, though.

I believe you can use an assert() and Clang will deduce its never NULL. See
http://clang-analyzer.llvm.org/faq.html. Asserts won't affect release builds
because they are built with NDEBUG, which removes them from the code base.

libtool: compile: /usr/local/bin/scan-build/ccc-analyzer -DHAVE_CONFIG_H -I.
-I.. -I../src -I../src -I/usr/local/include -g3 -O1 -fvisibility=hidden -Wall
-MT mpi-bit.lo -MD -MP -MF .deps/mpi-bit.Tpo -c mpi-bit.c -o mpi-bit.o

mpi-bit.c:61:12: warning: Access to field 'nlimbs' results in a dereference of a
null pointer (loaded from variable 'a')

for( ; a->nlimbs && !a->d[a->nlimbs-1]; a->nlimbs-- )
       ^~~~~~~~~

mpi-bit.c:130:18: warning: Access to field 'nlimbs' results in a dereference of
a null pointer (loaded from variable 'a')

if ( limbno >= a->nlimbs )
               ^~~~~~~~~

mpi-bit.c:157:18: warning: Access to field 'nlimbs' results in a dereference of
a null pointer (loaded from variable 'a')

if ( limbno >= a->nlimbs )
               ^~~~~~~~~

mpi-bit.c:187:17: warning: Access to field 'nlimbs' results in a dereference of
a null pointer (loaded from variable 'a')

if( limbno >= a->nlimbs )
              ^~~~~~~~~

mpi-bit.c:212:17: warning: Access to field 'nlimbs' results in a dereference of
a null pointer (loaded from variable 'a')

if (limbno >= a->nlimbs)
              ^~~~~~~~~

mpi-bit.c:268:22: warning: Access to field 'nlimbs' results in a dereference of
a null pointer (loaded from variable 'x')

if ( nlimbs >= x->nlimbs )
               ^~~~~~~~~

mpi-bit.c:289:15: warning: Access to field 'sign' results in a dereference of a
null pointer (loaded from variable 'x')

x->sign = a->sign;
~       ^

mpi-bit.c:317:15: warning: Access to field 'sign' results in a dereference of a
null pointer (loaded from variable 'x')

x->sign = a->sign;
~       ^

mpi-bit.c:346:11: warning: Access to field 'nlimbs' results in a dereference of
a null pointer (loaded from variable 'a')

int n = a->nlimbs;
        ^~~~~~~~~

mpi-bit.c:388:7: warning: Access to field 'alloced' results in a dereference of
a null pointer (loaded from variable 'x')

RESIZE_IF_NEEDED (x, alimbs+nlimbs+1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

./mpi-internal.h:79:6: note: expanded from macro 'RESIZE_IF_NEEDED'

if( (a)->alloced < (b) )   \
    ^~~~~~~~~~~~

10 warnings generated.

Details

Version
1.6.3
JW set Version to 1.6.3.
JW added a subscriber: JW.
werner added a subscriber: werner.

No c+p of warnings please! Use gnupg-devel for such things.

BTW: Anyone using -DNDEBUG should be punished by having to read BIND 4 code for
the next 3 months.

marcus closed this task as Wontfix.Jul 17 2017, 5:31 PM
marcus claimed this task.