ntpd/ntp_scanner.c:429:55: warning: dereference of possibly-NULL 'baselist'
dereference of possibly-NULL 'baselist'. Found by new gcc option -fanalyzer:
[267/310] Compiling ntpd/ntp_loopfilter.c
../../ntpd/ntp_scanner.c: In function 'lex_push_file':
../../ntpd/ntp_scanner.c:429:55: warning: dereference of possibly-NULL 'baselist' [CWE-690] [-Wanalyzer-possible-null-dereference]
429 | baselist[basecount++] = strdup(dp->d_name);
| ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~
'lex_push_file': events 1-7
|
| 407 | if (NULL != path) {
| | ^
| | |
| | (1) following 'true' branch (when 'path' is non-NULL)...
| 408 | char fullpath[PATH_MAX];
| | ~~~~
| | |
| | (2) ...to here
|......
| 415 | if (is_directory(fullpath)) {
| | ~
| | |
| | (3) following 'true' branch...
| 416 | /* directory scanning */
| 417 | DIR *dfd;
| | ~~~
| | |
| | (4) ...to here
|......
| 421 | if ((dfd = opendir(fullpath)) == NULL)
| | ~
| | |
| | (5) following 'false' branch (when 'dfd' is non-NULL)...
| 422 | return false;
| 423 | baselist = (char **)malloc(sizeof(char *));
| | ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | (6) ...to here (7) this call could return NULL
|
'lex_push_file': events 8-12
|
| 424 | while ((dp = readdir(dfd)) != NULL)
| | ^
| | |
| | (8) following 'true' branch (when 'dp' is non-NULL)...
| 425 | {
| 426 | if (!CONF_ENABLE(dp->d_name)) {
| | ~~ ~
| | | |
| | | (10) following 'false' branch (when the strings are equal)...
| | (9) ...to here
|......
| 429 | baselist[basecount++] = strdup(dp->d_name);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | (11) ...to here (12) 'baselist + (long unsigned int)basecount * 8' could be NULL: unchecked value from (7)
|
../../ntpd/ntp_scanner.c:434:25: warning: use of possibly-NULL 'baselist' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
434 | qsort(baselist, (size_t)basecount, sizeof(char *),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
435 | rcmpstring);
| ~~~~~~~~~~~
'lex_push_file': events 1-8
|
| 407 | if (NULL != path) {
| | ^
| | |
| | (1) following 'true' branch (when 'path' is non-NULL)...
| 408 | char fullpath[PATH_MAX];
| | ~~~~
| | |
| | (2) ...to here
|......
| 415 | if (is_directory(fullpath)) {
| | ~
| | |
| | (3) following 'true' branch...
| 416 | /* directory scanning */
| 417 | DIR *dfd;
| | ~~~
| | |
| | (4) ...to here
|......
| 421 | if ((dfd = opendir(fullpath)) == NULL)
| | ~
| | |
| | (5) following 'false' branch (when 'dfd' is non-NULL)...
| 422 | return false;
| 423 | baselist = (char **)malloc(sizeof(char *));
| | ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | (6) ...to here (7) this call could return NULL
|......
| 434 | qsort(baselist, (size_t)basecount, sizeof(char *),
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) argument 1 ('baselist') from (7) could be NULL where non-null expected
| 435 | rcmpstring);
| | ~~~~~~~~~~~
|
In file included from ../../ntpd/ntp_scanner.c:18:
/usr/include/stdlib.h:830:13: note: argument 1 of 'qsort' must be non-null
830 | extern void qsort (void *__base, size_t __nmemb, size_t __size,
| ^~~~~