Clear up another clangalyzer issue

"The NULL pointer warnings on the return value of tor_addr_to_in6_addr32() are incorrect. But clang can't work this out itself due to limited analysis depth. To teach the analyser that the return value is safe to dereference, I applied tor_assert to the return value." Patch from teor. Part of 13157.
2024-11-27 22:03:31 +01:00 · 2014-09-15 13:52:13 -04:00 · 2014-09-15 13:52:13 -04:00 · 53a94c4b4b
commit 53a94c4b4b
parent d6b2a1709d
3 changed files with 23 additions and 2 deletions
--- a/src/common/address.c
+++ b/src/common/address.c
@ -332,8 +332,15 @@ tor_addr_is_internal_(const tor_addr_t *addr, int for_listening,
    iph4 = tor_addr_to_ipv4h(addr);
  } else if (v_family == AF_INET6) {
    if (tor_addr_is_v4(addr)) { /* v4-mapped */
+      uint32_t *addr32 = NULL;
      v_family = AF_INET;
-      iph4 = ntohl(tor_addr_to_in6_addr32(addr)[3]);
+      // Work around an incorrect NULL pointer dereference warning in
+      // "clang --analyze" due to limited analysis depth
+      addr32 = tor_addr_to_in6_addr32(addr);
+      // To improve performance, wrap this assertion in:
+      // #if !defined(__clang_analyzer__) || PARANOIA
+      tor_assert(addr32);
+      iph4 = ntohl(addr32[3]);
    }
  }

--- a/src/common/address.h
+++ b/src/common/address.h
@ -103,7 +103,18 @@ tor_addr_to_ipv4h(const tor_addr_t *a)
 static INLINE uint32_t
 tor_addr_to_mapped_ipv4h(const tor_addr_t *a)
 {
-  return a->family == AF_INET6 ? ntohl(tor_addr_to_in6_addr32(a)[3]) : 0;
+  if (a->family == AF_INET6) {
+    uint32_t *addr32 = NULL;
+    // Work around an incorrect NULL pointer dereference warning in
+    // "clang --analyze" due to limited analysis depth
+    addr32 = tor_addr_to_in6_addr32(a);
+    // To improve performance, wrap this assertion in:
+    // #if !defined(__clang_analyzer__) || PARANOIA
+    tor_assert(addr32);
+    return ntohl(addr32[3]);
+  } else {
+    return 0;
+  }
 }
 /** Return the address family of <b>a</b>.  Possible values are:
 * AF_INET6, AF_INET, AF_UNSPEC. */
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@ -2910,6 +2910,9 @@ test_util_spawn_background_fail(void *ptr)
  const int expected_status = PROCESS_STATUS_RUNNING;
 #endif

+  memset(expected_out, 0xf0, sizeof(expected_out));
+  memset(code, 0xf0, sizeof(code));
+
  (void)ptr;

  tor_snprintf(code, sizeof(code), "%x/%x",