More vulnfixes reported by clang-analyzer

2024-11-24 13:49:50 +00:00 · 2015-11-02 12:44:06 +01:00 · 2015-11-02 12:44:06 +01:00 · b0ab964303
commit b0ab964303
parent 75adfec670
5 changed files with 22 additions and 16 deletions
--- a/libr/anal/esil2reil.c
+++ b/libr/anal/esil2reil.c
@ -161,12 +161,14 @@ void reil_cast_size(RAnalEsil *esil, RAnalReilArg *src, RAnalReilArg *dst) {
 	ins->arg[0] = src;
 	ins->arg[1] = reil_pop_arg (esil);
 	ins->arg[2] = R_NEW0(RAnalReilArg);
-	get_next_temp_reg(esil, tmp_buf);
-	reil_make_arg(esil, ins->arg[2], tmp_buf);
-	ins->arg[2]->size = dst->size;
-	reil_print_inst(esil, ins);
-	reil_push_arg(esil, ins->arg[2]);
-	reil_free_inst(ins);
+	get_next_temp_reg (esil, tmp_buf);
+	reil_make_arg (esil, ins->arg[2], tmp_buf);
+	if (ins->arg[2])
+		ins->arg[2]->size = dst->size;
+	reil_print_inst (esil, ins);
+	if (ins->arg[2])
+		reil_push_arg (esil, ins->arg[2]);
+	reil_free_inst (ins);
 }

 // Here start translation functions!
--- a/libr/core/config.c
+++ b/libr/core/config.c
@ -192,7 +192,7 @@ static int cb_asmarch(void *user, void *data) {
 	}
 	snprintf (asmparser, sizeof (asmparser), "%s.pseudo", node->value);
 	r_config_set (core->config, "asm.parser", asmparser);
-	if (!(core->assembler->cur->bits & core->anal->bits)) {
+	if (core->assembler->cur && !(core->assembler->cur->bits & core->anal->bits)) {
 		r_config_set_i (core->config, "asm.bits", bits);
 	}

--- a/libr/core/graph.c
+++ b/libr/core/graph.c
@ -602,7 +602,7 @@ static int dist_nodes (const RAGraph *g, const RGraphNode *a, const RGraphNode *

 	aa = get_anode (a);
 	ab = get_anode (b);
-	if (aa->layer == ab->layer) {
+	if (aa && ab && aa->layer == ab->layer) {
 		int i;

 		res = aa == ab && !aa->is_reversed ? HORIZONTAL_NODE_SPACING : 0;
@ -1082,10 +1082,10 @@ static void collect_changes (const RAGraph *g, int l, const RGraphNode *b,
 		const RListIter *it;
 		int c = 0;

-		if (from_up)
-			neigh = r_graph_innodes (g->graph, vi);
-		else
-			neigh = r_graph_get_neighbours (g->graph, vi);
+		if (!avi) continue;
+		neigh = from_up
+		?	r_graph_innodes (g->graph, vi)
+		:	r_graph_get_neighbours (g->graph, vi);

 		graph_foreach_anode (neigh, it, v, av) {
 			if ((is_left && av->x >= avi->x) || (!is_left && av->x <= avi->x)) {
@ -1104,7 +1104,7 @@ static void collect_changes (const RAGraph *g, int l, const RGraphNode *b,
 			}
 		}

-		cx = R_NEW (struct len_pos_t);
+		cx = R_NEW0 (struct len_pos_t);
 		cx->len = c;
 		cx->pos = avi->x;
 		if (is_left)
--- a/shlr/grub/kern/mm.c
+++ b/shlr/grub/kern/mm.c
@ -216,11 +216,15 @@ grub_real_malloc (grub_mm_header_t *first, grub_size_t n, grub_size_t align)
      if (extra)
 	extra = align - extra;

-      if (! p || !p->magic)
+      if (! p || !p->magic) {
 	grub_fatal ("null in the ring");
+        return NULL;
+      }

-      if (p->magic != GRUB_MM_FREE_MAGIC)
+      if (p->magic != GRUB_MM_FREE_MAGIC) {
 	grub_fatal ("free magic is broken at %p: 0x%x", p, p->magic);
+        return NULL;
+      }

      if (p->size >= n + extra)
 	{
--- a/shlr/tcc/libtcc.c
+++ b/shlr/tcc/libtcc.c
@ -135,7 +135,7 @@ PUB_FUNC char *pstrncpy(char *out, const char *in, size_t num)
 PUB_FUNC char *tcc_basename(const char *name)
 {
    char *p = strchr(name, 0);
-    while (p > name && !IS_DIRSEP(p[-1]))
+    while (p && p > name && !IS_DIRSEP(p[-1]))
        --p;
    return p;
 }