[tz] tzcode: uninitialized sp->charcnt gives clang analyzer warning
Guy Harris
gharris at sonic.net
Mon Aug 9 23:12:25 UTC 2021
On Aug 9, 2021, at 3:55 PM, Jan Engelhardt via tz <tz at iana.org> wrote:
> Inside tzload, if malloc fails, then, by POSIX standardese, it ought to set
> errno. However, clang - rightfully, I think - does not make any particular
> assumptions about malloc and has found and reported the case whereby this
> malloc returns with NULL _and_ errno is 0. (The malloc(3) page on Linux systems
> mentions the corner-cases in which errno=0 can happen, namely "private malloc
> implementations".)
>
> tzload then returns errno, which is 0 under these pretenses, thereby signalling
> to its caller that everything was fine, when it fact it wasn't.
Then it should be fixed not to do so, e.g. by returning ENOMEM if errno is 0.
(And, as far as I know, the tzdb code works on at least some non-Unix-like platforms; if so, "POSIX says so" isn't sufficient, as malloc() is a C library function, not solely a POSIX/UN*X function.
C90 says
If the size of the space requested is zero, the behavior is implementation-defined, the value returned shall be either a null pointer or a unique pointer.
However, in this particular case, a sizeof value for a union pointed to by a pointer is passed to malloc(), with none of the union members being zero-sized, so the size of the space requested will not be zero, and thus a null return value should mean "allocation failed".)
More information about the tz
mailing list