From d21015e34af125d6cc2e4d1200e5ca3c76b8de42 Mon Sep 17 00:00:00 2001 From: JL2210 Date: Thu, 9 Apr 2020 09:46:58 -0400 Subject: [PATCH 1/2] Fix use of zero-allocated memory It's possible that the unsigned integer may overflow to zero, and then we might use zero-allocated memory. This is incredibly unlikely, and I would even go so far as to say that this is a false positive. Fix it anyway, to silence this warning: src/link/patch.c:92:24: warning: Use of zero-allocated memory stack.buf[stack.size] = value; ~~~~~~~~~~~~~~~~~~~~~ ^ Deal with overflow, and check for zero to get rid of the warning. Signed-off-by: JL2210 --- src/link/patch.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/link/patch.c b/src/link/patch.c index d9f56cea..5492b5f4 100644 --- a/src/link/patch.c +++ b/src/link/patch.c @@ -82,10 +82,18 @@ static inline void clearRPNStack(void) static void pushRPN(int32_t value) { if (stack.size >= stack.capacity) { - stack.capacity *= 2; + static const size_t increase_factor = 2; + + if (stack.capacity > SIZE_MAX / increase_factor) + err(1, "Overflow in RPN stack resize"); + + stack.capacity *= increase_factor; stack.buf = realloc(stack.buf, sizeof(*stack.buf) * stack.capacity); - if (!stack.buf) + // || !stack.capacity to fix bogus + // zero-size allocation warning from + // scan-build, already caught above + if (!stack.buf || !stack.capacity) err(1, "Failed to resize RPN stack"); } From 57639f37656e5f132a140255579f79230ccdcbee Mon Sep 17 00:00:00 2001 From: ISSOtm Date: Mon, 13 Apr 2020 02:50:11 +0200 Subject: [PATCH 2/2] Change comment style and use errx instead of err --- src/link/patch.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/link/patch.c b/src/link/patch.c index 5492b5f4..1ddb204b 100644 --- a/src/link/patch.c +++ b/src/link/patch.c @@ -85,14 +85,16 @@ static void pushRPN(int32_t value) static const size_t increase_factor = 2; if (stack.capacity > SIZE_MAX / increase_factor) - err(1, "Overflow in RPN stack resize"); + errx(1, "Overflow in RPN stack resize"); stack.capacity *= increase_factor; stack.buf = realloc(stack.buf, sizeof(*stack.buf) * stack.capacity); - // || !stack.capacity to fix bogus - // zero-size allocation warning from - // scan-build, already caught above + /* + * Static analysis tools complain that the capacity might become + * zero due to overflow, but fail to realize that it's caught by + * the overflow check above. Hence the stringent check below. + */ if (!stack.buf || !stack.capacity) err(1, "Failed to resize RPN stack"); }