[tz] tzcode: uninitialized sp->charcnt gives clang analyzer warning

Jan Engelhardt jengelh at inai.de
Mon Aug 9 11:47:36 UTC 2021 


When building tzcode commit 7f74206b39673b1a110285c6992f70507e211060
with -DALL_STATE, clang reports a loop with a undefined
termination condition because sp->charcnt is not set before its
use. There should probably be a sp->charcnt=0 in zoneinit.


>> clang --analyze -Xanalyzer -analyzer-output=text localtime.c -DALL_STATE
localtime.c:321:16: warning: The right operand of '<' is a garbage value [core.UndefinedBinaryOperatorResult]
        for (i = 0; i < sp->charcnt; ++i)
                      ^
localtime.c:2210:7: note: 'err' is 0
  if (err) {
      ^~~
localtime.c:2210:3: note: Taking false branch
  if (err) {
  ^
localtime.c:2214:3: note: Calling 'tzset_unlocked'
  tzset_unlocked();
  ^~~~~~~~~~~~~~~~
localtime.c:1383:13: note: Assuming 'name' is null
  int lcl = name ? strlen(name) < sizeof lcl_TZname : -1;
            ^~~~
localtime.c:1383:13: note: '?' condition is false
localtime.c:1384:7: note: 'lcl' is < 0
  if (lcl < 0
      ^~~
localtime.c:1384:7: note: '?' condition is true
localtime.c:1385:9: note: Assuming 'lcl_is_set' is >= 0
      ? lcl_is_set < 0
        ^~~~~~~~~~~~~~
localtime.c:1384:3: note: Taking false branch
  if (lcl < 0
  ^
localtime.c:1389:7: note: Assuming 'sp' is null
  if (! sp)
      ^~~~
localtime.c:1389:3: note: Taking true branch
  if (! sp)
  ^
localtime.c:1390:19: note: Uninitialized value stored to field 'charcnt'
    lclptr = sp = malloc(sizeof *lclptr);
                  ^~~~~~~~~~~~~~~~~~~~~~
localtime.c:1392:7: note: Assuming 'sp' is non-null
  if (sp) {
      ^~
localtime.c:1392:3: note: Taking true branch
  if (sp) {
  ^
localtime.c:1393:9: note: Calling 'zoneinit'
    if (zoneinit(sp, name) != 0)
        ^~~~~~~~~~~~~~~~~~
localtime.c:1355:7: note: 'name' is null
  if (name && ! name[0]) {
      ^~~~
localtime.c:1355:12: note: Left side of '&&' is false
  if (name && ! name[0]) {
           ^
localtime.c:1369:15: note: Calling 'tzload'
    int err = tzload(name, sp, true);
              ^~~~~~~~~~~~~~~~~~~~~~
localtime.c:739:7: note: Assuming 'lsp' is null
  if (!lsp)
      ^~~~
localtime.c:739:3: note: Taking true branch
  if (!lsp)
  ^
localtime.c:740:5: note: Returning without writing to 'sp->charcnt'
    return errno;
    ^
localtime.c:1369:15: note: Returning from 'tzload'
    int err = tzload(name, sp, true);
              ^~~~~~~~~~~~~~~~~~~~~~
localtime.c:1370:9: note: Assuming 'err' is equal to 0
    if (err != 0 && name && name[0] != ':' && tzparse(name, sp, NULL))
        ^~~~~~~~
localtime.c:1370:18: note: Left side of '&&' is false
    if (err != 0 && name && name[0] != ':' && tzparse(name, sp, NULL))
                 ^
localtime.c:1372:9: note: 'err' is equal to 0
    if (err == 0)
        ^~~
localtime.c:1372:5: note: Taking true branch
    if (err == 0)
    ^
localtime.c:1373:7: note: Calling 'scrub_abbrs'
      scrub_abbrs(sp);
      ^~~~~~~~~~~~~~~
localtime.c:321:16: note: The right operand of '<' is a garbage value
        for (i = 0; i < sp->charcnt; ++i)
                      ^ ~~~~~~~~~~~
localtime.c:1277:4: warning: Value stored to 'theiroffset' is never read [deadcode.DeadStores]
                        theiroffset = theirstdoffset;
                        ^             ~~~~~~~~~~~~~~
localtime.c:1277:4: note: Value stored to 'theiroffset' is never read
                        theiroffset = theirstdoffset;
                        ^             ~~~~~~~~~~~~~~
2 warnings generated.

More information about the tz mailing list