eggdrop icon indicating copy to clipboard operation
eggdrop copied to clipboard
verified publisher icon eggheads

GCC 10 -fanalyzer warning: userent.c:838:14: dereference of NULL ‘old’

Open michaelortmann opened this issue 5 years ago • 0 comments

Sure, gcc 10 isn't final yet, but i looked at userent.c:838 and the compiler is right, that old may be NULL there. I digged into xtra_set() and its callers, but couldn't produce a real problem. Needs some more analysis.

/home/michael/opt/gcc-10-20200322/bin/gcc -fanalyzer -g -O2 -pipe -Wall -I.. -I..  -DHAVE_CONFIG_H -I/usr/include -g3 -DDEBUG -DDEBUG_ASSERT -DDEBUG_MEM -DDEBUG_DNS  -c userent.c
In file included from main.h:90,
                 from userent.c:24:
userent.c: In function ‘xtra_set’:
userent.c:838:14: warning: dereference of NULL ‘old’ [CWE-690] [-Wanalyzer-null-dereference]
  838 |     nfree(old->key);
eggdrop.h:274:31: note: in definition of macro ‘nfree’
  274 | #define nfree(x)      n_free((x),__FILE__,__LINE__)
      |                               ^
  ‘xtra_set’: events 1-14
    |
    |userent.c:815:3:
    |  815 |   for (curr = e->u.extra; curr; curr = curr->next) {
    |      |   ^~~
    |      |   |
    |      |   (1) following ‘false’ branch (when ‘curr’ is NULL)...
    |......
    |  821 |   if (!old && (!new->data || !new->data[0])) {
    |      |   ~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |   |  |     |       |      |            |
    |      |   |  |     |       |      |            (6) ...to here
    |      |   |  |     |       |      (7) following ‘false’ branch...
    |      |   |  |     |       (4) ...to here
    |      |   |  |     (5) following ‘false’ branch...
    |      |   |  (3) following ‘true’ branch (when ‘old’ is NULL)...
    |      |   (2) ...to here
    |......
    |  833 |   if (!noshare && !(u->flags & (USER_BOT | USER_UNSHARED)))
    |      |   ~~ ~
    |      |   |  |
    |      |   |  (9) following ‘false’ branch...
    |      |   (8) ...to here
    |......
    |  836 |   if ((old && old != new) || !new->data || !new->data[0]) {
    |      |   ~~ ~
    |      |   |  |
    |      |   |  (11) following ‘true’ branch...
    |      |   (10) ...to here
    |  837 |     egg_list_delete(&e->u.list, (struct list_type *) old);
    |      |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |     |
    |      |     (12) ...to here
    |      |     (14) ...to here
    |......
    | 1346 |   for (; *h; h = &((*h)->next))
    |      |   ~~~
    |      |   |
    |      |   (13) following ‘false’ branch...
    |
  ‘xtra_set’: event 15
    |
    |  838 |     nfree(old->key);
eggdrop.h:274:31: note: in definition of macro ‘nfree’
    |  274 | #define nfree(x)      n_free((x),__FILE__,__LINE__)
    |      |                               ^
    |

michaelortmann avatar Mar 27 '20 20:03 michaelortmann