Bug Summary

File:backend/dvi/mdvi-lib/common.c
Warning:line 109, column 5
The 1st argument to 'fread' is a buffer with size 0 but should be a buffer with size equal to or greater than the value of the 2nd argument (which is 18446744073709551615) times the 3rd argument (which is 1)

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name common.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/rootdir/backend/dvi/mdvi-lib -fcoverage-compilation-dir=/rootdir/backend/dvi/mdvi-lib -resource-dir /usr/lib/llvm-19/lib/clang/19 -D HAVE_CONFIG_H -I . -I ../../.. -D PIC -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -analyzer-checker deadcode.DeadStores -analyzer-checker alpha.deadcode.UnreachableCode -analyzer-checker alpha.core.CastSize -analyzer-checker alpha.core.CastToStruct -analyzer-checker alpha.core.IdenticalExpr -analyzer-checker alpha.security.ArrayBoundV2 -analyzer-checker alpha.security.MallocOverflow -analyzer-checker alpha.security.ReturnPtrRange -analyzer-checker alpha.unix.SimpleStream -analyzer-checker alpha.unix.cstring.BufferOverlap -analyzer-checker alpha.unix.cstring.NotNullTerminated -analyzer-checker alpha.unix.cstring.OutOfBounds -analyzer-checker alpha.core.FixedAddr -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /rootdir/html-report/2025-08-13-131048-52863-1 -x c common.c
1/*
2 * Copyright (C) 2000, Matias Atria
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 */
18
19#include <config.h>
20#include <stdlib.h>
21#include <string.h>
22
23#include "common.h"
24
25long fsgetn(FILE *p, size_t n)
26{
27 long v;
28
29 v = fgetbyte(p)((unsigned)getc(p));
30 if(v & 0x80)
31 v -= 0x100;
32 while(--n > 0)
33 v = (v << 8) | fgetbyte(p)((unsigned)getc(p));
34 return v;
35}
36
37Ulong fugetn(FILE *p, size_t n)
38{
39 Ulong v;
40
41 v = fgetbyte(p)((unsigned)getc(p));
42 while(--n > 0)
43 v = (v << 8) | fgetbyte(p)((unsigned)getc(p));
44 return v;
45}
46
47long msgetn(const Uchar *p, size_t n)
48{
49 long v = (long)*p++;
50
51 if(v & 0x80)
52 v -= 0x100;
53 while(--n > 0)
54 v = (v << 8) | *p++;
55 return v;
56}
57
58Ulong mugetn(const Uchar *p, size_t n)
59{
60 Ulong v = (Ulong)*p++;
61
62 while(--n > 0)
63 v = (v << 8) | *p++;
64 return v;
65}
66
67char *read_string(FILE *in, int s, char *buffer, size_t len)
68{
69 int n;
70 char *str;
71
72 n = fugetn(in, s ? s : 1);
73 if((str = buffer) == NULL((void*)0) || n + 1 > len)
74 str = mdvi_malloc(n + 1);
75 if(fread(str, 1, n, in) != n) {
76 if(str != buffer) mdvi_free(str);
77 return NULL((void*)0);
78 }
79 str[n] = 0;
80 return str;
81}
82
83size_t read_bcpl(FILE *in, char *buffer, size_t maxlen, size_t wanted)
84{
85 size_t i;
86
87 i = (int)fuget1(in)((unsigned)getc(in));
88 if(maxlen && i > maxlen)
89 i = maxlen;
90 if(fread(buffer, i, 1, in) != 1)
91 return -1;
92 buffer[i] = '\0';
93 while(wanted-- > i)
94 (void)fgetc(in);
95 return i;
96}
97
98char *read_alloc_bcpl(FILE *in, size_t maxlen, size_t *size)
99{
100 size_t i;
101 char *buffer;
102
103 i = (size_t)fuget1(in)((unsigned)getc(in));
1
Assuming that 'getc' fails
2
Value assigned to 'i'
104 if(maxlen && i > maxlen)
3
Assuming 'maxlen' is 0
105 i = maxlen;
106 buffer = (char *)malloc(i + 1);
4
Value assigned to 'buffer'
107 if(buffer == NULL((void*)0))
5
Assuming 'buffer' is not equal to NULL
6
Taking false branch
108 return NULL((void*)0);
109 if(fread(buffer, i, 1, in) != 1) {
7
The 1st argument to 'fread' is a buffer with size 0 but should be a buffer with size equal to or greater than the value of the 2nd argument (which is 18446744073709551615) times the 3rd argument (which is 1)
110 free(buffer);
111 return NULL((void*)0);
112 }
113 buffer[i] = '\0';
114 if(size) *size = i;
115 return buffer;
116}
117
118/* buffers */
119
120void buff_free(Buffer *buf)
121{
122 if(buf->data)
123 mdvi_free(buf->data);
124 buff_init(buf);
125}
126
127void buff_init(Buffer *buf)
128{
129 buf->data = NULL((void*)0);
130 buf->size = 0;
131 buf->length = 0;
132}
133
134size_t buff_add(Buffer *buf, const char *data, size_t len)
135{
136 if(!len && data)
137 len = strlen(data);
138 if(buf->length + len + 1 > buf->size) {
139 buf->size = buf->length + len + 256;
140 buf->data = mdvi_realloc(buf->data, buf->size);
141 }
142 memcpy(buf->data + buf->length, data, len);
143 buf->length += len;
144 return buf->length;
145}
146
147char *buff_gets(Buffer *buf, size_t *length)
148{
149 char *ptr;
150 char *ret;
151 size_t len;
152
153 ptr = strchr(buf->data, '\n');
154 if(ptr == NULL((void*)0))
155 return NULL((void*)0);
156 ptr++; /* include newline */
157 len = ptr - buf->data;
158 ret = mdvi_malloc(len + 1);
159 if(len > 0) {
160 memcpy(ret, buf->data, len);
161 memmove(buf->data, buf->data + len, buf->length - len);
162 buf->length -= len;
163 }
164 ret[len] = 0;
165 if(length) *length = len;
166 return ret;
167}
168