[OpenWrt-Devel,libnl-tiny,2/3] silence use after the free clang analyzer warning
diff mbox series

Message ID 20191106164120.5329-2-ynezz@true.cz
State Accepted
Delegated to: Petr Štetiar
Headers show
Series
  • Untitled series #141126
Related show

Commit Message

Petr Štetiar Nov. 6, 2019, 4:41 p.m. UTC
scan-build from clang version 9 complains about following:

 nl.c:507:9: warning: Use of memory after it is freed
        while (nlmsg_ok(hdr, n)) {
               ^~~~~~~~~~~~~~~~

which seems to be impossible codepath as clang analyzer doesn't somehow
account properly nl_syserr2nlerr(errno) return value:

 } else {
    free(msg.msg_control);
    free(*buf);
    return -nl_syserr2nlerr(errno);
 }

which should be always < 0, but analyzer is still checking for > 0 code
path as well for some reason. So in order to make the analyzer happy,
set the buf pointer to NULL explicitly and add assert to make it clear,
that this codepath should never happen.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
---
 nl.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

Patch
diff mbox series

diff --git a/nl.c b/nl.c
index 2649470f542f..505965fd16aa 100644
--- a/nl.c
+++ b/nl.c
@@ -400,7 +400,9 @@  int nl_recv(struct nl_sock *sk, struct sockaddr_nl *nla,
 		page_size = getpagesize() * 4;
 
 	iov.iov_len = page_size;
-	iov.iov_base = *buf = malloc(iov.iov_len);
+	iov.iov_base = *buf = calloc(1, iov.iov_len);
+	if (!*buf)
+		return -nl_syserr2nlerr(errno);
 
 	if (sk->s_flags & NL_SOCK_PASSCRED) {
 		msg.msg_controllen = CMSG_SPACE(sizeof(struct ucred));
@@ -421,6 +423,7 @@  retry:
 		} else {
 			free(msg.msg_control);
 			free(*buf);
+			*buf = NULL;
 			return -nl_syserr2nlerr(errno);
 		}
 	}
@@ -445,6 +448,7 @@  retry:
 	if (msg.msg_namelen != sizeof(struct sockaddr_nl)) {
 		free(msg.msg_control);
 		free(*buf);
+		*buf = NULL;
 		return -NLE_NOADDR;
 	}
 
@@ -463,6 +467,7 @@  retry:
 abort:
 	free(msg.msg_control);
 	free(*buf);
+	*buf = NULL;
 	return 0;
 }
 
@@ -501,6 +506,9 @@  continue_reading:
 	if (n <= 0)
 		return n;
 
+	/* make clang analyzer happy */
+	assert(n > 0 && buf);
+
 	NL_DBG(3, "recvmsgs(%p): Read %d bytes\n", sk, n);
 
 	hdr = (struct nlmsghdr *) buf;