From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-34095-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 13935 invoked by alias); 5 Jan 2015 14:34:10 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 34095
Received: (qmail 22327 invoked from network); 5 Jan 2015 14:34:07 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW autolearn=ham
	version=3.3.2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=dDU6iw2Sh4D1FbGouJucHT2IBDfwQXN2zsmBhCFnn1A=;
        b=YKWeV9eNyXlMWVoqkKqp52UBTyBflq0VceFrrbZ2FqmfYqa1UE5xXePY54UL6nC17m
         PoOQohWVTAlDijot2U8ptjImwg8ScTiAaIXg1pyXhl7pIW23HuUrYCo9wpckPs567efs
         ccIuF5SvsBggnX606LhzsnW9wwCbk1Uu3kMJhSwTVJOs50Lrt9f9InVt25t+WhK17V9r
         hUeE1Oi3DUBhRXYskVff2+HcX20tWnthUX+/AU/jV58GV2lrFS3HWKlqPcHMKvzN7kXY
         GwOkOqO6UxH5GDjiBc/fUIUFTAF6ogLnaWKo2S7hIwSgMvsBxGk89cmfSxpTK+gdWQHi
         GqYg==
MIME-Version: 1.0
X-Received: by 10.50.117.41 with SMTP id kb9mr11045128igb.37.1420468440121;
 Mon, 05 Jan 2015 06:34:00 -0800 (PST)
Date: Mon, 5 Jan 2015 15:34:00 +0100
Message-ID: <CAHYJk3SjCocOpnoS5K_N=J7CWKmVBTgrUtryLLf+cu6xLqxZ8w@mail.gmail.com>
Subject: Fishy code in sticky emulation?
From: Mikael Magnusson <mikachu@gmail.com>
To: zsh workers <zsh-workers@zsh.org>
Content-Type: text/plain; charset=UTF-8

I'm looking through Coverity issues (some patches to come later), and
it flagged this in builtin.c that I can't quite say for sure if it's
right or wrong about.

int
bin_emulate(UNUSED(char *nam), char **argv, Options ops, UNUSED(int func))
{
...
    if (sticky->n_on_opts)
      on_ptr = sticky->on_opts =
        zhalloc(sticky->n_on_opts * sizeof(*sticky->on_opts));
    else
      on_ptr = NULL;
    if (sticky->n_off_opts)
      off_ptr = sticky->off_opts = zhalloc(sticky->n_off_opts *
                                   sizeof(*sticky->off_opts));
    else
      off_ptr = NULL;
    for (optnode = firstnode(optlist); optnode; incnode(optnode)) {
      /* Data is index into new_opts */
      char *optptr = (char *)getdata(optnode);
      int optno = optptr - new_opts;
      if (*optptr)
        *on_ptr++ = optno;
      else
        *off_ptr++ = optno;
      }
...

In particular, on_ptr and off_ptr can be NULL, but unconditionally one
of them is always incremented in the for loop, which isn't very well
defined for a NULL pointer. Am I missing something, or are these
n_*_opts simply never 0?

-- 
Mikael Magnusson