Ticket #9871: report-mq2NP5.html

File report-mq2NP5.html, 14.4 KB (added by mt, 11 years ago)

Report by Clang Static Analyzer

Line 
1<!doctype html>
2<html>
3<head>
4<title>/boot/home/haiku/haiku/src/add-ons/kernel/file_systems/btrfs/Chunk.cpp</title>
5<style type="text/css">
6 body { color:#000000; background-color:#ffffff }
7 body { font-family:Helvetica, sans-serif; font-size:10pt }
8 h1 { font-size:14pt }
9 .code { border-collapse:collapse; width:100%; }
10 .code { font-family: "Monospace", monospace; font-size:10pt }
11 .code { line-height: 1.2em }
12 .comment { color: green; font-style: oblique }
13 .keyword { color: blue }
14 .string_literal { color: red }
15 .directive { color: darkmagenta }
16 .expansion { display: none; }
17 .macro:hover .expansion { display: block; border: 2px solid #FF0000; padding: 2px; background-color:#FFF0F0; font-weight: normal; -webkit-border-radius:5px; -webkit-box-shadow:1px 1px 7px #000; position: absolute; top: -1em; left:10em; z-index: 1 }
18 .macro { color: darkmagenta; background-color:LemonChiffon; position: relative }
19 .num { width:2.5em; padding-right:2ex; background-color:#eeeeee }
20 .num { text-align:right; font-size:8pt }
21 .num { color:#444444 }
22 .line { padding-left: 1ex; border-left: 3px solid #ccc }
23 .line { white-space: pre }
24 .msg { -webkit-box-shadow:1px 1px 7px #000 }
25 .msg { -webkit-border-radius:5px }
26 .msg { font-family:Helvetica, sans-serif; font-size:8pt }
27 .msg { float:left }
28 .msg { padding:0.25em 1ex 0.25em 1ex }
29 .msg { margin-top:10px; margin-bottom:10px }
30 .msg { font-weight:bold }
31 .msg { max-width:60em; word-wrap: break-word; white-space: pre-wrap }
32 .msgT { padding:0x; spacing:0x }
33 .msgEvent { background-color:#fff8b4; color:#000000 }
34 .msgControl { background-color:#bbbbbb; color:#000000 }
35 .mrange { background-color:#dfddf3 }
36 .mrange { border-bottom:1px solid #6F9DBE }
37 .PathIndex { font-weight: bold; padding:0px 5px; margin-right:5px; }
38 .PathIndex { -webkit-border-radius:8px }
39 .PathIndexEvent { background-color:#bfba87 }
40 .PathIndexControl { background-color:#8c8c8c }
41 .PathNav a { text-decoration:none; font-size: larger }
42 .CodeInsertionHint { font-weight: bold; background-color: #10dd10 }
43 .CodeRemovalHint { background-color:#de1010 }
44 .CodeRemovalHint { border-bottom:1px solid #6F9DBE }
45 table.simpletable {
46 padding: 5px;
47 font-size:12pt;
48 margin:20px;
49 border-collapse: collapse; border-spacing: 0px;
50 }
51 td.rowname {
52 text-align:right; font-weight:bold; color:#444444;
53 padding-right:2ex; }
54</style>
55</head>
56<body>
57<!-- BUGDESC Null pointer argument in call to memory copy function -->
58
59<!-- BUGTYPE Unix API -->
60
61<!-- BUGCATEGORY Logic error -->
62
63<!-- BUGFILE /boot/home/haiku/haiku/src/add-ons/kernel/file_systems/btrfs/Chunk.cpp -->
64
65<!-- BUGLINE 35 -->
66
67<!-- BUGPATHLENGTH 4 -->
68
69<!-- BUGMETAEND -->
70<!-- REPORTHEADER -->
71<h3>Bug Summary</h3>
72<table class="simpletable">
73<tr><td class="rowname">File:</td><td>/boot/home/haiku/haiku/src/add-ons/kernel/file_systems/btrfs/Chunk.cpp</td></tr>
74<tr><td class="rowname">Location:</td><td><a href="#EndPath">line 35, column 2</a></td></tr>
75<tr><td class="rowname">Description:</td><td>Null pointer argument in call to memory copy function</td></tr>
76</table>
77<!-- REPORTSUMMARYEXTRA -->
78<h3>Annotated Source Code</h3>
79<table class="code">
80<tr><td class="num" id="LN1">1</td><td class="line"><span class='comment'>/*</span></td></tr>
81<tr><td class="num" id="LN2">2</td><td class="line"> <span class='comment'>* Copyright 2011, Haiku Inc. All rights reserved.</span></td></tr>
82<tr><td class="num" id="LN3">3</td><td class="line"> <span class='comment'>* This file may be used under the terms of the MIT License.</span></td></tr>
83<tr><td class="num" id="LN4">4</td><td class="line"> <span class='comment'>*</span></td></tr>
84<tr><td class="num" id="LN5">5</td><td class="line"> <span class='comment'>* Authors:</span></td></tr>
85<tr><td class="num" id="LN6">6</td><td class="line"> <span class='comment'>* Jérôme Duval</span></td></tr>
86<tr><td class="num" id="LN7">7</td><td class="line"> <span class='comment'>*/</span></td></tr>
87<tr><td class="num" id="LN8">8</td><td class="line"> </td></tr>
88<tr><td class="num" id="LN9">9</td><td class="line"> </td></tr>
89<tr><td class="num" id="LN10">10</td><td class="line"><span class='directive'>#include "Chunk.h"</span></td></tr>
90<tr><td class="num" id="LN11">11</td><td class="line"> </td></tr>
91<tr><td class="num" id="LN12">12</td><td class="line"><span class='directive'>#include &lt;stdlib.h&gt;</span></td></tr>
92<tr><td class="num" id="LN13">13</td><td class="line"><span class='directive'>#include &lt;string.h&gt;</span></td></tr>
93<tr><td class="num" id="LN14">14</td><td class="line"> </td></tr>
94<tr><td class="num" id="LN15">15</td><td class="line"> </td></tr>
95<tr><td class="num" id="LN16">16</td><td class="line"><span class='comment'>//#define TRACE_BTRFS</span></td></tr>
96<tr><td class="num" id="LN17">17</td><td class="line"><span class='directive'>#ifdef TRACE_BTRFS</span></td></tr>
97<tr><td class="num" id="LN18">18</td><td class="line"><span class='directive'># define <span class='macro'>TRACE(x...)<span class='expansion'>;</span></span> dprintf("\33[34mbtrfs:\33[0m " x)</span></td></tr>
98<tr><td class="num" id="LN19">19</td><td class="line"><span class='directive'>#else</span></td></tr>
99<tr><td class="num" id="LN20">20</td><td class="line"><span class='directive'># define <span class='macro'>TRACE(x...)<span class='expansion'>;</span></span> ;</span></td></tr>
100<tr><td class="num" id="LN21">21</td><td class="line"><span class='directive'>#endif</span></td></tr>
101<tr><td class="num" id="LN22">22</td><td class="line"><span class='directive'># define <span class='macro'>FATAL(x...)<span class='expansion'>dprintf("\33[34mbtrfs:\33[0m " x...)</span></span> dprintf("\33[34mbtrfs:\33[0m " x)</span></td></tr>
102<tr><td class="num" id="LN23">23</td><td class="line"> </td></tr>
103<tr><td class="num" id="LN24">24</td><td class="line"> </td></tr>
104<tr><td class="num" id="LN25">25</td><td class="line">Chunk::Chunk(<span class='keyword'>struct</span> btrfs_chunk* chunk, fsblock_t offset)</td></tr>
105<tr><td class="num" id="LN26">26</td><td class="line"> :</td></tr>
106<tr><td class="num" id="LN27">27</td><td class="line"> fChunk(<span class='macro'>NULL<span class='expansion'>__null</span></span>),</td></tr>
107<tr><td class="num" id="LN28">28</td><td class="line"> fInitStatus(<span class='macro'>B_OK<span class='expansion'>((int)0)</span></span>)</td></tr>
108<tr><td class="num" id="LN29">29</td><td class="line">{</td></tr>
109<tr><td class="num" id="LN30">30</td><td class="line"> fChunkOffset = offset;</td></tr>
110<tr><td class="num" id="LN31">31</td><td class="line"> <span class="mrange">fChunk = (<span class='keyword'>struct</span> btrfs_chunk*)malloc(<span class='keyword'>sizeof</span>(<span class='keyword'>struct</span> btrfs_chunk)</td></tr></span>
111<tr><td class="num"></td><td class="line"><div id="Path1" class="msg msgEvent" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">1</div></td><td>Value assigned to field 'fChunk'</td><td><div class="PathNav"><a href="#Path2" title="Next event (2)">&#x2192;</a></div></td></tr></table></div></td></tr>
112<tr><td class="num" id="LN32">32</td><td class="line"> <span class="mrange">+ chunk-&gt;StripeCount() * <span class='keyword'>sizeof</span>(<span class='keyword'>struct</span> btrfs_stripe))</span>;</td></tr>
113<tr><td class="num" id="LN33">33</td><td class="line"> <span class='keyword'>if</span> (<span class="mrange">fChunk == <span class='macro'>NULL<span class='expansion'>__null</span></span></span>)</td></tr>
114<tr><td class="num"></td><td class="line"><div id="Path2" class="msg msgEvent" style="margin-left:13ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">2</div></td><td><div class="PathNav"><a href="#Path1" title="Previous event (1)">&#x2190;</a></div></td></td><td>Assuming pointer value is null</td><td><div class="PathNav"><a href="#Path3" title="Next event (3)">&#x2192;</a></div></td></tr></table></div></td></tr>
115<tr><td class="num"></td><td class="line"><div id="Path3" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">3</div></td><td><div class="PathNav"><a href="#Path2" title="Previous event (2)">&#x2190;</a></div></td></td><td>Taking true branch</td><td><div class="PathNav"><a href="#EndPath" title="Next event (4)">&#x2192;</a></div></td></tr></table></div></td></tr>
116<tr><td class="num" id="LN34">34</td><td class="line"> fInitStatus = <span class='macro'>B_NO_MEMORY<span class='expansion'>((-2147483647 - 1) + 0)</span></span>;</td></tr>
117<tr><td class="num" id="LN35">35</td><td class="line"> memcpy(<span class="mrange">fChunk</span>, chunk, <span class='keyword'>sizeof</span>(<span class='keyword'>struct</span> btrfs_chunk)</td></tr>
118<tr><td class="num"></td><td class="line"><div id="EndPath" class="msg msgEvent" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">4</div></td><td><div class="PathNav"><a href="#Path3" title="Previous event (3)">&#x2190;</a></div></td></td><td>Null pointer argument in call to memory copy function</td></tr></table></div></td></tr>
119<tr><td class="num" id="LN36">36</td><td class="line"> + chunk-&gt;StripeCount() * <span class='keyword'>sizeof</span>(<span class='keyword'>struct</span> btrfs_stripe));</td></tr>
120<tr><td class="num" id="LN37">37</td><td class="line"> </td></tr>
121<tr><td class="num" id="LN38">38</td><td class="line"> <span class='macro'>TRACE(<span class='string_literal'>"chunk[0] length %"</span> B_PRIu64 <span class='string_literal'>" owner %"</span> B_PRIu64 <span class='string_literal'>" stripe_length %"<span class='expansion'>;</span></span></span></td></tr>
122<tr><td class="num" id="LN39">39</td><td class="line"> <span class='macro'>B_PRIu64 <span class='string_literal'>" type %"</span> B_PRIu64 <span class='string_literal'>" stripe_count %u sub_stripes %u "<span class='expansion'>;</span></span></span></td></tr>
123<tr><td class="num" id="LN40">40</td><td class="line"> <span class='string_literal'><span class='macro'>"sector_size %"</span> B_PRIu32 <span class='string_literal'>"\n"</span>, chunk-&gt;Length(), chunk-&gt;Owner(),<span class='expansion'>;</span></span> </td></tr>
124<tr><td class="num" id="LN41">41</td><td class="line"> <span class='macro'>chunk-&gt;StripeLength(), chunk-&gt;Type(), chunk-&gt;StripeCount(),<span class='expansion'>;</span></span> </td></tr>
125<tr><td class="num" id="LN42">42</td><td class="line"> <span class='macro'>chunk-&gt;SubStripes(), chunk-&gt;SectorSize())<span class='expansion'>;</span></span>;</td></tr>
126<tr><td class="num" id="LN43">43</td><td class="line"> <span class='keyword'>for</span>(int32 i = 0; i &lt; chunk-&gt;StripeCount(); i++) {</td></tr>
127<tr><td class="num" id="LN44">44</td><td class="line"> <span class='macro'>TRACE(<span class='string_literal'>"chunk.stripe[%"</span> B_PRId32 <span class='string_literal'>"].physical %"</span> B_PRId64 <span class='string_literal'>" deviceid %"<span class='expansion'>;</span></span></span></td></tr>
128<tr><td class="num" id="LN45">45</td><td class="line"> <span class='macro'>B_PRId64 <span class='string_literal'>"\n"</span>, i, chunk-&gt;stripes[i].Offset(),<span class='expansion'>;</span></span></td></tr>
129<tr><td class="num" id="LN46">46</td><td class="line"> <span class='macro'>chunk-&gt;stripes[i].DeviceID())<span class='expansion'>;</span></span>;</td></tr>
130<tr><td class="num" id="LN47">47</td><td class="line"> }</td></tr>
131<tr><td class="num" id="LN48">48</td><td class="line">}</td></tr>
132<tr><td class="num" id="LN49">49</td><td class="line"> </td></tr>
133<tr><td class="num" id="LN50">50</td><td class="line"> </td></tr>
134<tr><td class="num" id="LN51">51</td><td class="line">Chunk::~Chunk()</td></tr>
135<tr><td class="num" id="LN52">52</td><td class="line">{</td></tr>
136<tr><td class="num" id="LN53">53</td><td class="line"> free(fChunk);</td></tr>
137<tr><td class="num" id="LN54">54</td><td class="line">}</td></tr>
138<tr><td class="num" id="LN55">55</td><td class="line"> </td></tr>
139<tr><td class="num" id="LN56">56</td><td class="line"> </td></tr>
140<tr><td class="num" id="LN57">57</td><td class="line">uint32</td></tr>
141<tr><td class="num" id="LN58">58</td><td class="line">Chunk::Size() <span class='keyword'>const</span></td></tr>
142<tr><td class="num" id="LN59">59</td><td class="line">{</td></tr>
143<tr><td class="num" id="LN60">60</td><td class="line"> <span class='keyword'>return</span> <span class='keyword'>sizeof</span>(<span class='keyword'>struct</span> btrfs_chunk) </td></tr>
144<tr><td class="num" id="LN61">61</td><td class="line"> + fChunk-&gt;StripeCount() * <span class='keyword'>sizeof</span>(<span class='keyword'>struct</span> btrfs_stripe);</td></tr>
145<tr><td class="num" id="LN62">62</td><td class="line">}</td></tr>
146<tr><td class="num" id="LN63">63</td><td class="line"> </td></tr>
147<tr><td class="num" id="LN64">64</td><td class="line"> </td></tr>
148<tr><td class="num" id="LN65">65</td><td class="line">status_t</td></tr>
149<tr><td class="num" id="LN66">66</td><td class="line">Chunk::FindBlock(off_t logical, off_t &amp;physical)</td></tr>
150<tr><td class="num" id="LN67">67</td><td class="line">{</td></tr>
151<tr><td class="num" id="LN68">68</td><td class="line"> <span class='keyword'>if</span> (fChunk == <span class='macro'>NULL<span class='expansion'>__null</span></span>)</td></tr>
152<tr><td class="num" id="LN69">69</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_NO_INIT<span class='expansion'>((-2147483647 - 1) + 13)</span></span>;</td></tr>
153<tr><td class="num" id="LN70">70</td><td class="line"> </td></tr>
154<tr><td class="num" id="LN71">71</td><td class="line"> <span class='keyword'>if</span> (logical &lt; (off_t)fChunkOffset</td></tr>
155<tr><td class="num" id="LN72">72</td><td class="line"> || logical &gt; (off_t)(fChunkOffset + fChunk-&gt;Length()))</td></tr>
156<tr><td class="num" id="LN73">73</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_BAD_VALUE<span class='expansion'>((-2147483647 - 1) + 5)</span></span>;</td></tr>
157<tr><td class="num" id="LN74">74</td><td class="line"> </td></tr>
158<tr><td class="num" id="LN75">75</td><td class="line"> <span class='comment'>// only one stripe</span></td></tr>
159<tr><td class="num" id="LN76">76</td><td class="line"> physical = logical + fChunk-&gt;stripes[0].Offset() - fChunkOffset;</td></tr>
160<tr><td class="num" id="LN77">77</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_OK<span class='expansion'>((int)0)</span></span>;</td></tr>
161<tr><td class="num" id="LN78">78</td><td class="line">}</td></tr>
162<tr><td class="num" id="LN79">79</td><td class="line"> </td></tr>
163</table></body></html>