sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

libs/libc: fix locale/lib_iconv.c:538:23: warning: dereference of NULL ‘scd’ [CWE-690] [-Wanalyzer-null-dereference] by -fanalyzer

Browse Source 
CC:  signal/sig_queue.c locale/lib_iconv.c: In function ‘iconv’:
locale/lib_iconv.c:538:23: warning: dereference of NULL ‘scd’ [CWE-690] [-Wanalyzer-null-dereference]
  538 |               if (!scd->state)
      |                    ~~~^~~~~~~
  ‘iconv’: events 1-5
    |
    |  413 |   x = 0;
    |      |   ~~^~~
    |      |     |
    |      |     (1) ‘scd’ is NULL
    |  414 |   scd = NULL;
    |  415 |   if (((size_t)cd & 1) == 0)
    |      |      ~
    |      |      |
    |      |      (2) following ‘false’ branch...
    |......
    |  421 |   to = extract_to(cd);
    |      |        ~~~~~~~~~~~~~~
    |      |        |
    |      |        (3) ...to here
    |......
    |  428 |   if (in == NULL || *in == NULL || *inb == 0)
    |      |      ~              ~~~
    |      |      |              |
    |      |      |              (5) ...to here
    |      |      (4) following ‘false’ branch (when ‘in’ is non-NULL)...
    |
  ‘iconv’: events 6-8
    |
    |  428 |   if (in == NULL || *in == NULL || *inb == 0)
    |      |       ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                  |              |  |
    |      |                  |              |  (7) ...to here
    |      |                  |              (8) following ‘false’ branch...
    |      |                  (6) following ‘false’ branch...
    |
  ‘iconv’: event 9
    |
    |cc1:
    | (9): ...to here
    |
  ‘iconv’: events 10-14
    |
    |  433 |   for (; *inb; *in += l, *inb -= l)
    |      |   ^~~
    |      |   |
    |      |   (10) following ‘true’ branch...
    |  434 |     {
    |  435 |       c = *(FAR unsigned char *)*in;
    |      |            ~~~~~~~~~~~~~~~~~~~~~~~~
    |      |            |
    |      |            (11) ...to here
    |......
    |  438 |       switch (type)
    |      |       ~~~~~~
    |      |       |
    |      |       (12) following ‘case 200:’ branch...
    |......
    |  529 |           case UCS2:
    |      |           ~~~~
    |      |           |
    |      |           (13) ...to here
    |......
    |  538 |               if (!scd->state)
    |      |                    ~~~~~~~~~~
    |      |                       |
    |      |                       (14) dereference of NULL ‘scd’
    |
locale/lib_iconv.c:565:23: warning: dereference of NULL ‘scd’ [CWE-690] [-Wanalyzer-null-dereference]
  565 |               if (!scd->state)
      |                    ~~~^~~~~~~
  ‘iconv’: events 1-5
    |
    |  413 |   x = 0;
    |      |   ~~^~~
    |      |     |
    |      |     (1) ‘scd’ is NULL
    |  414 |   scd = NULL;
    |  415 |   if (((size_t)cd & 1) == 0)
    |      |      ~
    |      |      |
    |      |      (2) following ‘false’ branch...
    |......
    |  421 |   to = extract_to(cd);
    |      |        ~~~~~~~~~~~~~~
    |      |        |
    |      |        (3) ...to here
    |......
    |  428 |   if (in == NULL || *in == NULL || *inb == 0)
    |      |      ~              ~~~
    |      |      |              |
    |      |      |              (5) ...to here
    |      |      (4) following ‘false’ branch (when ‘in’ is non-NULL)...
    |
  ‘iconv’: events 6-8
    |
    |  428 |   if (in == NULL || *in == NULL || *inb == 0)
    |      |       ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                  |              |  |
    |      |                  |              |  (7) ...to here
    |      |                  |              (8) following ‘false’ branch...
    |      |                  (6) following ‘false’ branch...
    |
  ‘iconv’: event 9
    |
    |cc1:
    | (9): ...to here
    |
  ‘iconv’: events 10-14
    |
    |  433 |   for (; *inb; *in += l, *inb -= l)
    |      |   ^~~
    |      |   |
    |      |   (10) following ‘true’ branch...
    |  434 |     {
    |  435 |       c = *(FAR unsigned char *)*in;
    |      |            ~~~~~~~~~~~~~~~~~~~~~~~~
    |      |            |
    |      |            (11) ...to here
    |......
    |  438 |       switch (type)
    |      |       ~~~~~~
    |      |       |
    |      |       (12) following ‘case 202:’ branch...
    |......
    |  557 |           case UTF_32:
    |      |           ~~~~
    |      |           |
    |      |           (13) ...to here
    |......
    |  565 |               if (!scd->state)
    |      |                    ~~~~~~~~~~
    |      |                       |
    |      |                       (14) dereference of NULL ‘scd’
    |

Signed-off-by: Junbo Zheng <zhengjunbo1@xiaomi.com>
This commit is contained in:
Junbo Zheng 2023-06-27 20:09:58 +08:00 committed by Xiang Xiao
parent 9861d49cd4
commit 0d3252ba06
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
libs/libc/locale/lib_iconv.c
View File

@ -529,6 +529,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb,
case UCS2: case UCS2:
case UTF_16: case UTF_16:
{ {
if (scd == NULL)
{
goto starved;
}
l = 0; l = 0;
if (!scd->state) if (!scd->state)
{ {
@ -551,6 +556,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb,
case UTF_32: case UTF_32:
{ {
if (scd == NULL)
{
goto starved;
}
l = 0; l = 0;
if (!scd->state) if (!scd->state)
{ {
@ -699,6 +709,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb,
switch (128 * (c == '$') + d) switch (128 * (c == '$') + d)
{ {
if (scd == NULL)
{
goto starved;
}
case 'B': case 'B':
{ {
scd->state = 0; scd->state = 0;
@ -733,6 +748,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb,
goto ilseq; goto ilseq;
} }
if (scd == NULL)
{
goto starved;
}
switch (scd->state) switch (scd->state)
{ {
case 1: case 1: