[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
problem report #103
From: |
Dan Nicolaescu |
Subject: |
problem report #103 |
Date: |
Mon, 1 Dec 2008 09:02:25 -0800 (PST) |
CID: 103
Checker: NEGATIVE_RETURNS (help)
File: base/src/emacs/src/process.c
Function: procfs_system_process_attributes
Description: Tracked variable "cmdline_size" was passed to a negative sink.
Event negative_return_fn: Called negative-returning function "read"
Event var_assign: NEGATIVE return value of "read" assigned to signed variable
"nread"
Also see events: [var_assign][alias_assign][negative_returns]
At conditional (1): "nread = read >= 0" taking false path
7434 if ((nread = read (fd, cmdline, cmdline_size)) >= 0)
7435 cmdline[nread++] = '\0';
7436 /* We don't want trailing null characters. */
At conditional (2): "p > cmdline" taking true path
At conditional (3): "*p == 0" taking true path
At conditional (4): "p > cmdline" taking true path
At conditional (5): "*p == 0" taking true path
At conditional (6): "p > cmdline" taking true path
At conditional (7): "*p == 0" taking true path
At conditional (8): "p > cmdline" taking false path
7437 for (p = cmdline + nread - 1; p > cmdline && !*p; p--)
7438 nread--;
At conditional (9): "p < (cmdline + nread)" taking true path
At conditional (13): "p < (cmdline + nread)" taking true path
At conditional (17): "p < (cmdline + nread)" taking false path
7439 for (p = cmdline; p < cmdline + nread; p++)
7440 {
7441 /* Escape-quote whitespace and backslashes. */
At conditional (10): "*(*__ctype_b_loc + (*p * 2)) & 8192 != 0" taking false
path
At conditional (11): "*p == 92" taking false path
At conditional (14): "*(*__ctype_b_loc + (*p * 2)) & 8192 != 0" taking false
path
At conditional (15): "*p == 92" taking false path
7442 if (isspace (*p) || *p == '\\')
7443 {
7444 memmove (p + 1, p, nread - (p - cmdline));
7445 nread++;
7446 *p++ = '\\';
7447 }
At conditional (12): "*p == 0" taking true path
At conditional (16): "*p == 0" taking true path
7448 else if (*p == '\0')
7449 *p = ' ';
7450 }
Event alias_assign: Variable "nread" aliased to variable "cmdline_size"
Also see events: [negative_return_fn][var_assign][negative_returns]
7451 cmdline_size = nread;
7452 }
7453 else
7454 {
7455 cmdline_size = cmdsize + 2;
7456 cmdline = xmalloc (cmdline_size + 1);
7457 strcpy (cmdline, "[");
7458 strcat (strncat (cmdline, cmd, cmdsize), "]");
7459 }
7460 emacs_close (fd);
7461 /* Command line is encoded in locale-coding-system; decode it. */
Event negative_returns: Tracked variable "cmdline_size" was passed to a
negative sink. [model]
Also see events: [negative_return_fn][var_assign][alias_assign]
7462 cmd_str = make_unibyte_string (cmdline, cmdline_size);
7463 decoded_cmd = code_convert_string_norecord (cmd_str,
- problem report #103,
Dan Nicolaescu <=