Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 531
    • Issues 531
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 101
    • Merge requests 101
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #2702

Closed
Open
Created May 17, 2021 by Ondřej Surý@ondrejOwner

gcc-10+ -fanalyzer reports:

rbtdb.c: In function ‘previous_closest_nsec’:
rbtdb.c:3714:21: error: dereference of NULL ‘firstp’ [CWE-476] [-Werror=analyzer-null-dereference]
 3714 |                 if (*firstp) {
      |                     ^~~~~~~
  ‘find_closest_nsec’: events 1-2
    |
    | 3805 | find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
    |      | ^~~~~~~~~~~~~~~~~
    |      | |
    |      | (1) entry to ‘find_closest_nsec’
    |......
    | 3842 |         if (result != ISC_R_SUCCESS) {
    |      |            ~
    |      |            |
    |      |            (2) following ‘false’ branch (when ‘result == 0’)...
    |
  ‘find_closest_nsec’: event 3
    |
    |cc1:
    | (3): ...to here
    |
  ‘find_closest_nsec’: event 4
    |
    |../../lib/isc/include/isc/util.h:322:26:
    |  322 | #define RUNTIME_CHECK(e) assert(e)
    |      |                          ^~~~~~
    |      |                          |
    |      |                          (4) following ‘true’ branch...
../../lib/isc/include/isc/util.h:162:17: note: in expansion of macro ‘RUNTIME_CHECK’
    |  162 |                 RUNTIME_CHECK(isc_rwlock_lock((lp), (t)) == ISC_R_SUCCESS);   \
    |      |                 ^~~~~~~~~~~~~
rbtdb.c:167:29: note: in expansion of macro ‘RWLOCK’
    |  167 | #define NODE_LOCK(l, t)     RWLOCK((l), (t))
    |      |                             ^~~~~~
rbtdb.c:3846:17: note: in expansion of macro ‘NODE_LOCK’
    | 3846 |                 NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
    |      |                 ^~~~~~~~~
    |
  ‘find_closest_nsec’: event 5
    |
    |../../lib/isc/include/isc/util.h:164:71:
    |  164 |                                        (lp), (t), __FILE__, __LINE__));       \
    |      |                                                                       ^
    |      |                                                                       |
    |      |                                                                       (5) ...to here
rbtdb.c:167:29: note: in expansion of macro ‘RWLOCK’
    |  167 | #define NODE_LOCK(l, t)     RWLOCK((l), (t))
    |      |                             ^~~~~~
rbtdb.c:3846:17: note: in expansion of macro ‘NODE_LOCK’
    | 3846 |                 NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
    |      |                 ^~~~~~~~~
    |
  ‘find_closest_nsec’: events 6-14
    |
    | 3851 |                 for (header = node->data; header != NULL; header = header_next)
    |      |                                                  ^
    |      |                                                  |
    |      |                                                  (6) following ‘true’ branch (when ‘header’ is non-NULL)...
    | 3852 |                 {
    | 3853 |                         header_next = header->next;
    |      |                         ~~~~~~~~~~~
    |      |                         |
    |      |                         (7) ...to here
    |......
    | 3864 |                                         if (NONEXISTENT(header)) {
    |      |                                            ~
    |      |                                            |
    |      |                                            (8) following ‘false’ branch...
    |......
    | 3872 |                         if (header != NULL) {
    |      |                         ~~ ~
    |      |                         |  |
    |      |                         |  (10) following ‘true’ branch (when ‘header’ is non-NULL)...
    |      |                         (9) ...to here
    |......
    | 3877 |                                 empty_node = false;
    |      |                                 ~~~~~~~~~~
    |      |                                 |
    |      |                                 (11) ...to here
    | 3878 |                                 if (header->type == type) {
    |      |                                    ~
    |      |                                    |
    |      |                                    (12) following ‘true’ branch...
    | 3879 |                                         found = header;
    |      |                                         ~~~~~
    |      |                                         |
    |      |                                         (13) ...to here
    | 3880 |                                         if (foundsig != NULL) {
    |      |                                            ~
    |      |                                            |
    |      |                                            (14) following ‘false’ branch (when ‘foundsig’ is NULL)...
    |
  ‘find_closest_nsec’: event 15
    |
    |cc1:
    | (15): ...to here
    |
  ‘find_closest_nsec’: events 16-20
    |
    | 3891 |                 if (!empty_node) {
    |      |                    ^
    |      |                    |
    |      |                    (16) following ‘false’ branch (when ‘empty_node == 0’)...
    | 3892 |                         if (found != NULL && search->rbtversion->havensec3 &&
    |      |                         ~~ ~
    |      |                         |  |
    |      |                         |  (18) following ‘true’ branch...
    |      |                         (17) ...to here
    | 3893 |                             found->type == dns_rdatatype_nsec3 &&
    | 3894 |                             !matchparams(found, search))
    |      |                              ~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                              |
    |      |                              (19) ...to here
    |      |                              (20) calling ‘matchparams’ from ‘find_closest_nsec’
    |
    +--> ‘matchparams’: event 21
           |
           | 3649 | matchparams(rdatasetheader_t *header, rbtdb_search_t *search) {
           |      | ^~~~~~~~~~~
           |      | |
           |      | (21) entry to ‘matchparams’
           |
         ‘matchparams’: event 22
           |
           |../../lib/isc/include/isc/util.h:287:20:
           |  287 | #define REQUIRE(e) assert(e)
           |      |                    ^~~~~~
           |      |                    |
           |      |                    (22) following ‘true’ branch...
rbtdb.c:3657:9: note: in expansion of macro ‘REQUIRE’
           | 3657 |         REQUIRE(header->type == dns_rdatatype_nsec3);
           |      |         ^~~~~~~
           |
         ‘matchparams’: event 23
           |
           | 3659 |         raw = (unsigned char *)header + sizeof(*header);
           |      |         ^~~
           |      |         |
           |      |         (23) ...to here
           |
    <------+
    |
  ‘find_closest_nsec’: events 24-27
    |
    | 3892 |                         if (found != NULL && search->rbtversion->havensec3 &&
    |      |                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | 3893 |                             found->type == dns_rdatatype_nsec3 &&
    |      |                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                                                                |
    |      |                                                                (25) following ‘false’ branch...
    | 3894 |                             !matchparams(found, search))
    |      |                             ~^~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                              |
    |      |                              (24) returning to ‘find_closest_nsec’ from ‘matchparams’
    | 3895 |                         {
    | 3896 |                                 empty_node = true;
    |      |                                 ~~~~~~~~~~
    |      |                                 |
    |      |                                 (26) ...to here
    |......
    | 3899 |                                 result = previous_closest_nsec(
    |      |                                          ~~~~~~~~~~~~~~~~~~~~~~
    |      |                                          |
    |      |                                          (27) calling ‘previous_closest_nsec’ from ‘find_closest_nsec’
    | 3900 |                                         type, search, name, origin, &prevnode,
    |      |                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | 3901 |                                         NULL, NULL);
    |      |                                         ~~~~~~~~~~~
    |
    +--> ‘previous_closest_nsec’: event 28
           |
           | 3690 | previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
           |      | ^~~~~~~~~~~~~~~~~~~~~
           |      | |
           |      | (28) entry to ‘previous_closest_nsec’
           |
         ‘previous_closest_nsec’: event 29
           |
           |../../lib/isc/include/isc/util.h:287:20:
           |  287 | #define REQUIRE(e) assert(e)
           |      |                    ^~~~~~
           |      |                    |
           |      |                    (29) following ‘true’ branch...
rbtdb.c:3699:9: note: in expansion of macro ‘REQUIRE’
           | 3699 |         REQUIRE(nodep != NULL && *nodep == NULL);
           |      |         ^~~~~~~
           |
         ‘previous_closest_nsec’: events 30-33
           |
           | 3701 |         if (type == dns_rdatatype_nsec3) {
           |      |         ^~ ~
           |      |         |  |
           |      |         |  (31) following ‘false’ branch (when ‘type != 50’)...
           |      |         (30) ...to here
           |......
           | 3711 |         target = dns_fixedname_initname(&ftarget);
           |      |         ~~~~~~
           |      |         |
           |      |         (32) ...to here
           |......
           | 3714 |                 if (*firstp) {
           |      |                     ~~~~~~~
           |      |                     |
           |      |                     (33) dereference of NULL ‘firstp’
           |
rbtdb.c: In function ‘update_recordsandxfrsize’:
rbtdb.c:6100:37: error: dereference of NULL ‘rbtversion’ [CWE-476] [-Werror=analyzer-null-dereference]
 6100 |                 rbtversion->records += dns_rdataslab_count(hdr, hdrsize);
      |                                     ^~
  ‘add32’: events 1-5
    |
    | 6113 | add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
    |      | ^~~~~
    |      | |
    |      | (1) entry to ‘add32’
    |......
    | 6151 |         if (rbtversion != NULL && !loading) {
    |      |            ~
    |      |            |
    |      |            (2) following ‘false’ branch...
    |......
    | 6164 |         newheader_nx = NONEXISTENT(newheader) ? true : false;
    |      |         ~~~~~~~~~~~~
    |      |         |
    |      |         (3) ...to here
    |......
    | 6168 |         if (rbtversion == NULL && !newheader_nx) {
    |      |            ~
    |      |            |
    |      |            (4) following ‘true’ branch...
    | 6169 |                 rdtype = RBTDB_RDATATYPE_BASE(newheader->type);
    |      |                 ~~~~~~
    |      |                 |
    |      |                 (5) ...to here
    |
  ‘add32’: events 6-7
    |
    | 6187 |                                      topheader != NULL;
    |      |                                                ^
    |      |                                                |
    |      |                                                (6) following ‘false’ branch (when ‘topheader’ is NULL)...
    |......
    | 6192 |                                 goto find_header;
    |      |                                 ~~~~
    |      |                                 |
    |      |                                 (7) ...to here
    |
  ‘add32’: events 8-20
    |
    | 6275 |         while (header != NULL && IGNORE(header)) {
    |      |                               ^
    |      |                               |
    |      |                               (8) following ‘false’ branch (when ‘header’ is NULL)...
    |......
    | 6278 |         if (header != NULL) {
    |      |         ~~ ~
    |      |         |  |
    |      |         |  (10) following ‘false’ branch (when ‘header’ is NULL)...
    |      |         (9) ...to here
    |......
    | 6584 |                 if (newheader_nx) {
    |      |                 ~~ ~
    |      |                 |  |
    |      |                 |  (12) following ‘false’ branch...
    |      |                 (11) ...to here
    |......
    | 6589 |                 idx = newheader->node->locknum;
    |      |                 ~~~
    |      |                 |
    |      |                 (13) ...to here
    |......
    | 6604 |                 } else if (RESIGN(newheader)) {
    |      |                           ~
    |      |                           |
    |      |                           (14) following ‘false’ branch...
    |......
    | 6614 |                 if (topheader != NULL) {
    |      |                 ~~ ~
    |      |                 |  |
    |      |                 |  (16) following ‘false’ branch (when ‘topheader’ is NULL)...
    |      |                 (15) ...to here
    |......
    | 6642 |                         newheader->next = rbtnode->data;
    |      |                         ~~~~~~~~~
    |      |                         |
    |      |                         (17) ...to here
    |......
    | 6648 |         if (rbtversion != NULL && !newheader_nx) {
    |      |            ~
    |      |            |
    |      |            (18) following ‘true’ branch...
    | 6649 |                 update_recordsandxfrsize(true, rbtversion, newheader,
    |      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                 |
    |      |                 (19) ...to here
    |      |                 (20) calling ‘update_recordsandxfrsize’ from ‘add32’
    | 6650 |                                          nodename->length);
    |      |                                          ~~~~~~~~~~~~~~~~~
    |
    +--> ‘update_recordsandxfrsize’: event 21
           |
           | 6093 | update_recordsandxfrsize(bool add, rbtdb_version_t *rbtversion,
           |      | ^~~~~~~~~~~~~~~~~~~~~~~~
           |      | |
           |      | (21) entry to ‘update_recordsandxfrsize’
           |
         ‘update_recordsandxfrsize’: event 22
           |
           |../../lib/isc/include/isc/util.h:322:26:
           |  322 | #define RUNTIME_CHECK(e) assert(e)
           |      |                          ^~~~~~
           |      |                          |
           |      |                          (22) following ‘true’ branch...
../../lib/isc/include/isc/util.h:162:17: note: in expansion of macro ‘RUNTIME_CHECK’
           |  162 |                 RUNTIME_CHECK(isc_rwlock_lock((lp), (t)) == ISC_R_SUCCESS);   \
           |      |                 ^~~~~~~~~~~~~
rbtdb.c:6098:9: note: in expansion of macro ‘RWLOCK’
           | 6098 |         RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
           |      |         ^~~~~~
           |
         ‘update_recordsandxfrsize’: event 23
           |
           |../../lib/isc/include/isc/util.h:164:71:
           |  164 |                                        (lp), (t), __FILE__, __LINE__));       \
           |      |                                                                       ^
           |      |                                                                       |
           |      |                                                                       (23) ...to here
rbtdb.c:6098:9: note: in expansion of macro ‘RWLOCK’
           | 6098 |         RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
           |      |         ^~~~~~
           |
         ‘update_recordsandxfrsize’: events 24-26
           |
           | 6099 |         if (add) {
           |      |            ^
           |      |            |
           |      |            (24) following ‘true’ branch (when ‘add != 0’)...
           | 6100 |                 rbtversion->records += dns_rdataslab_count(hdr, hdrsize);
           |      |                 ~~~~~~~~~~          ~~
           |      |                 |                   |
           |      |                 |                   (26) dereference of NULL ‘rbtversion’
           |      |                 (25) ...to here
           |
In file included from ../../lib/isc/include/isc/util.h:14,
                 from rbtdb.c:40:
rbtdb.c: In function ‘add32’:
rbtdb.c:6321:42: error: dereference of NULL ‘rbtversion’ [CWE-476] [-Werror=analyzer-null-dereference]
 6321 |                         INSIST(rbtversion->serial >= header->serial);
      |                                ~~~~~~~~~~^~~~~~~~
rbtdb.c:6321:25: note: in expansion of macro ‘INSIST’
 6321 |                         INSIST(rbtversion->serial >= header->serial);
      |                         ^~~~~~
  ‘add32’: events 1-8
    |
    | 6151 |         if (rbtversion != NULL && !loading) {
    |      |            ^
    |      |            |
    |      |            (1) following ‘false’ branch...
    |......
    | 6164 |         newheader_nx = NONEXISTENT(newheader) ? true : false;
    |      |         ~~~~~~~~~~~~
    |      |         |
    |      |         (2) ...to here
    |......
    | 6168 |         if (rbtversion == NULL && !newheader_nx) {
    |      |            ~
    |      |            |
    |      |            (3) following ‘true’ branch...
    | 6169 |                 rdtype = RBTDB_RDATATYPE_BASE(newheader->type);
    |      |                 ~~~~~~
    |      |                 |
    |      |                 (4) ...to here
    |......
    | 6172 |                 if (NEGATIVE(newheader)) {
    |      |                    ~
    |      |                    |
    |      |                    (5) following ‘true’ branch...
    |......
    | 6176 |                         if (covers == dns_rdatatype_any) {
    |      |                         ~~ ~
    |      |                         |  |
    |      |                         |  (7) following ‘false’ branch (when ‘covers != 255’)...
    |      |                         (6) ...to here
    |......
    | 6198 |                         for (topheader = rbtnode->data; topheader != NULL;
    |      |                         ~~~
    |      |                         |
    |      |                         (8) ...to here
    |
  ‘add32’: events 9-10
    |
    | 6198 |                         for (topheader = rbtnode->data; topheader != NULL;
    |      |                                                                   ^
    |      |                                                                   |
    |      |                                                                   (9) following ‘true’ branch (when ‘topheader’ is non-NULL)...
    | 6199 |                              topheader = topheader->next) {
    | 6200 |                                 if (topheader->type == sigtype) {
    |      |                                 ~~
    |      |                                 |
    |      |                                 (10) ...to here
    |
  ‘add32’: events 11-20
    |
    | 6275 |         while (header != NULL && IGNORE(header)) {
    |      |                               ^
    |      |                               |
    |      |                               (11) following ‘false’ branch...
    |......
    | 6278 |         if (header != NULL) {
    |      |         ~~ ~
    |      |         |  |
    |      |         |  (13) following ‘true’ branch (when ‘header’ is non-NULL)...
    |      |         (12) ...to here
    | 6279 |                 header_nx = NONEXISTENT(header) ? true : false;
    |      |                 ~~~~~~~~~
    |      |                 |
    |      |                 (14) ...to here
    |......
    | 6284 |                 if (header_nx && newheader_nx) {
    |      |                    ~
    |      |                    |
    |      |                    (15) following ‘false’ branch...
    |......
    | 6296 |                 if (rbtversion == NULL && trust < header->trust &&
    |      |                 ~~ ~                              ~~~~~~~~~~~~~
    |      |                 |  |                                    |
    |      |                 |  |                                    (18) ...to here
    |      |                 |  (17) following ‘true’ branch (when ‘rbtversion’ is NULL)...
    |      |                 (16) ...to here
    |......
    | 6319 |                 if (merge) {
    |      |                    ~
    |      |                    |
    |      |                    (19) following ‘true’ branch (when ‘merge != 0’)...
    | 6320 |                         unsigned int flags = 0;
    |      |                         ~~~~~~~~
    |      |                         |
    |      |                         (20) ...to here
    |
  ‘add32’: event 21
    |
    | 6321 |                         INSIST(rbtversion->serial >= header->serial);
    |      |                                ~~~~~~~~~~^~~~~~~~
    |      |                                          |
    |      |                                          (21) dereference of NULL ‘rbtversion’
rbtdb.c:6321:25: note: in expansion of macro ‘INSIST’
    | 6321 |                         INSIST(rbtversion->serial >= header->serial);
    |      |                         ^~~~~~
    |
Assignee
Assign to
Time tracking