Bug Summary

File:avers/xdg-user-dir-lookup.c
Warning:line 127, column 11
Potential leak of memory pointed to by 'user_dir'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name xdg-user-dir-lookup.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/rootdir/savers -fcoverage-compilation-dir=/rootdir/savers -resource-dir /usr/lib/llvm-19/lib/clang/19 -D HAVE_CONFIG_H -I . -I .. -I . -I . -I /usr/include/glib-2.0 -I /usr/lib/x86_64-linux-gnu/glib-2.0/include -I /usr/include/sysprof-6 -I /usr/include/ctk-3.0 -I /usr/include/pango-1.0 -I /usr/include/harfbuzz -I /usr/include/freetype2 -I /usr/include/libpng16 -I /usr/include/libmount -I /usr/include/blkid -I /usr/include/fribidi -I /usr/include/cairo -I /usr/include/pixman-1 -I /usr/include/gdk-pixbuf-2.0 -I /usr/include/x86_64-linux-gnu -I /usr/include/webp -I /usr/include/gio-unix-2.0 -I /usr/include/atk-1.0 -I /usr/include/at-spi2-atk/2.0 -I /usr/include/at-spi-2.0 -I /usr/include/dbus-1.0 -I /usr/lib/x86_64-linux-gnu/dbus-1.0/include -D LIBEXECDIR="/usr/libexec" -D CAFELOCALEDIR="/usr/share/locale" -D DATADIR="/usr/share" -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -analyzer-checker deadcode.DeadStores -analyzer-checker alpha.deadcode.UnreachableCode -analyzer-checker alpha.core.CastSize -analyzer-checker alpha.core.CastToStruct -analyzer-checker alpha.core.IdenticalExpr -analyzer-checker alpha.security.ArrayBoundV2 -analyzer-checker alpha.security.MallocOverflow -analyzer-checker alpha.security.ReturnPtrRange -analyzer-checker alpha.unix.SimpleStream -analyzer-checker alpha.unix.cstring.BufferOverlap -analyzer-checker alpha.unix.cstring.NotNullTerminated -analyzer-checker alpha.unix.cstring.OutOfBounds -analyzer-checker alpha.core.FixedAddr -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /rootdir/html-report/2025-01-09-133151-52719-1 -x c xdg-user-dir-lookup.c
1/*
2 This file is not licenced under the GPL like the rest of the code.
3 Its is under the MIT license, to encourage reuse by cut-and-paste.
4
5 Copyright (c) 2007 Red Hat, inc
6
7 Permission is hereby granted, free of charge, to any person
8 obtaining a copy of this software and associated documentation files
9 (the "Software"), to deal in the Software without restriction,
10 including without limitation the rights to use, copy, modify, merge,
11 publish, distribute, sublicense, and/or sell copies of the Software,
12 and to permit persons to whom the Software is furnished to do so,
13 subject to the following conditions:
14
15 The above copyright notice and this permission notice shall be
16 included in all copies or substantial portions of the Software.
17
18 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
20 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
22 BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
23 ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
24 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
25 SOFTWARE.
26*/
27
28#include <stdio.h>
29#include <stdlib.h>
30#include <string.h>
31
32#include "xdg-user-dir-lookup.h"
33
34char *
35xdg_user_dir_lookup (const char *type)
36{
37 FILE *file;
38 char *home_dir, *config_home, *config_file;
39 char buffer[512];
40 char *user_dir;
41 char *p, *d;
42 int len;
43 int relative;
44
45 home_dir = getenv ("HOME");
46
47 if (home_dir
0.1
'home_dir' is not equal to NULL
 == NULL((void*)0))
1
Taking false branch
48 return strdup ("/tmp");
49
50 config_home = getenv ("XDG_CONFIG_HOME");
51 if (config_home
1.1
'config_home' is equal to NULL
 == NULL((void*)0) || config_home[0] == 0)
52 {
53 config_file = malloc (strlen (home_dir) + strlen ("/.config/user-dirs.dirs") + 1);
54 strcpy (config_file, home_dir);
55 strcat (config_file, "/.config/user-dirs.dirs");
56 }
57 else
58 {
59 config_file = malloc (strlen (config_home) + strlen ("/user-dirs.dirs") + 1);
60 strcpy (config_file, config_home);
61 strcat (config_file, "/user-dirs.dirs");
62 }
63
64 file = fopen (config_file, "r");
65 free (config_file);
66 if (file
1.2
'file' is not equal to NULL
 == NULL((void*)0))
2
Taking false branch
67 goto error;
68
69 user_dir = NULL((void*)0);
70 while (fgets (buffer, sizeof (buffer), file))
3
Loop condition is true. Entering loop body
30
Loop condition is true. Entering loop body
71 {
72 /* Remove newline at end */
73 len = strlen (buffer);
74 if (len > 0 && buffer[len-1] == '\n')
4
Assuming 'len' is <= 0
31
Assuming 'len' is <= 0
75 buffer[len-1] = 0;
76
77 p = buffer;
78 while (*p == ' ' || *p == '\t')
5
Assuming the condition is false
6
Assuming the condition is false
7
Loop condition is false. Execution continues on line 81
32
Assuming the condition is false
33
Assuming the condition is false
34
Loop condition is false. Execution continues on line 81
79 p++;
80
81 if (strncmp (p, "XDG_", 4) != 0)
8
Assuming the condition is false
9
Taking false branch
35
Assuming the condition is false
36
Taking false branch
82 continue;
83 p += 4;
84 if (strncmp (p, type, strlen (type)) != 0)
10
Assuming the condition is false
11
Taking false branch
37
Assuming the condition is false
38
Taking false branch
85 continue;
86 p += strlen (type);
87 if (strncmp (p, "_DIR", 4) != 0)
12
Assuming the condition is false
13
Taking false branch
39
Assuming the condition is false
40
Taking false branch
88 continue;
89 p += 4;
90
91 while (*p == ' ' || *p == '\t')
14
Assuming the condition is false
15
Loop condition is false. Execution continues on line 94
41
Assuming the condition is false
42
Loop condition is false. Execution continues on line 94
92 p++;
93
94 if (*p != '=')
16
Assuming the condition is false
17
Taking false branch
43
Assuming the condition is false
44
Taking false branch
95 continue;
96 p++;
97
98 while (*p == ' ' || *p == '\t')
18
Assuming the condition is false
19
Loop condition is false. Execution continues on line 101
45
Assuming the condition is false
46
Loop condition is false. Execution continues on line 101
99 p++;
100
101 if (*p != '"')
20
Assuming the condition is false
21
Taking false branch
47
Assuming the condition is false
48
Taking false branch
102 continue;
103 p++;
104
105 relative = 0;
106 if (strncmp (p, "$HOME/", 6) == 0)
22
Assuming the condition is false
23
Taking false branch
49
Assuming the condition is false
50
Taking false branch
107 {
108 p += 6;
109 relative = 1;
110 }
111 else if (*p != '/')
24
Assuming the condition is false
25
Taking false branch
51
Assuming the condition is false
52
Taking false branch
112 continue;
113
114 if (relative
25.1
'relative' is 0
52.1
'relative' is 0
)
26
Taking false branch
53
Taking false branch
115 {
116 user_dir = malloc (strlen (home_dir) + 1 + strlen (p) + 1);
117 strcpy (user_dir, home_dir);
118 strcat (user_dir, "/");
119 }
120 else
121 {
122 user_dir = malloc (strlen (p) + 1);
27
Memory is allocated
123 *user_dir = 0;
124 }
125
126 d = user_dir + strlen (user_dir);
127 while (*p && *p != '"')
28
Assuming the condition is true
29
Loop condition is false. Execution continues on line 133
54
Potential leak of memory pointed to by 'user_dir'
128 {
129 if ((*p == '\\') && (*(p+1) != 0))
130 p++;
131 *d++ = *p++;
132 }
133 *d = 0;
134 }
135 fclose (file);
136
137 if (user_dir)
138 return user_dir;
139
140error:
141 /* Special case desktop for historical compatibility */
142 if (strcmp (type, "DESKTOP") == 0)
143 {
144 user_dir = malloc (strlen (home_dir) + strlen ("/Desktop") + 1);
145 strcpy (user_dir, home_dir);
146 strcat (user_dir, "/Desktop");
147 return user_dir;
148 }
149 else
150 return strdup (home_dir);
151}
152
153#ifdef STANDALONE
154
155int
156main (int argc, char *argv[])
157{
158 if (argc != 2)
159 {
160 fprintf (stderrstderr, "Usage %s <dir-type>\n", argv[0]);
161 exit (1);
162 }
163
164 printf ("%s\n", xdg_user_dir_lookup (argv[1]));
165 return 0;
166}
167
168#endif