Bug 1277228 - some scan-build fixes to enable it on base/certdb/certh…

…igh, r=ttaubert try: -t all --HG-- extra : rebase_source : f3270633c053e2dd5c54de6ca66d92726e63f68a
sailfishos-mirror · Oct 17, 2016 · 00a9d61 · 00a9d61
1 parent 20ef153
commit 00a9d61
Show file tree

Hide file tree

Showing 12 changed files with 37 additions and 30 deletions.
diff --git a/automation/taskcluster/scripts/run_scan_build.sh b/automation/taskcluster/scripts/run_scan_build.sh
@@ -20,6 +20,9 @@ make nss_build_all
 # key: directory to scan
 # value: number of errors expected in that directory
 declare -A scan=( \
+        [lib/base]=0 \
+        [lib/certdb]=0 \
+        [lib/certhigh]=0 \
         [lib/ssl]=0 \
         [lib/freebl]=0 \
         [lib/util]=0 \
@@ -31,7 +34,7 @@ for i in "${!scan[@]}"; do
 done
 
 # run scan-build (only building affected directories)
-scan-build -o /home/worker/artifacts --use-cc=$(CC) --use-c++=$(CCC) make nss_build_all && cd ..
+scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..
 
 # print errors we found
 set +v +x

diff --git a/build.sh b/build.sh
@@ -13,11 +13,11 @@ fi
 
 # generate NSS build files only if asked for it
 if [ -n "${NSS_GYP_GEN}" -o ! -d out/Debug ]; then
-    PKG_CONFIG_PATH="$CWD/../nspr/$OBJ_DIR/config" gyp -f ninja $GYP_PARAMS --depth=. nss.gyp
+    PKG_CONFIG_PATH="$CWD/../nspr/$OBJ_DIR/config" $SCANBUILD gyp -f ninja $GYP_PARAMS --depth=. nss.gyp
 fi
 # build NSS
 # TODO: only doing this for debug build for now
-ninja -C out/Debug/
+$SCANBUILD ninja -C out/Debug/
 if [ $? != 0 ]; then
     exit 1
 fi

diff --git a/cmd/ecperf/ecperf.c b/cmd/ecperf/ecperf.c
@@ -470,7 +470,7 @@ ectest_curve_pkcs11(ECCurveName curve, int iterations, int numThreads)
     unsigned char digestData[20];
     unsigned char pubKeyData[256];
     PRLock *lock = NULL;
-    double signRate, deriveRate;
+    double signRate, deriveRate = 0;
     CK_ATTRIBUTE template;
     SECStatus rv;
     CK_RV crv;
@@ -595,7 +595,7 @@ ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads,
     SECItem digest;
     unsigned char sigData[256];
     unsigned char digestData[20];
-    double signRate, deriveRate;
+    double signRate, deriveRate = 0;
     char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
     SECStatus rv = SECFailure;
     PLArenaPool *arena;

diff --git a/lib/base/list.c b/lib/base/list.c
@@ -52,20 +52,17 @@ pointer_compare(void *a, void *b)
 static nssListElement *
 nsslist_get_matching_element(nssList *list, void *data)
 {
-    PRCList *link;
     nssListElement *node;
     node = list->head;
     if (!node) {
         return NULL;
     }
-    link = &node->link;
     while (node) {
         /* using a callback slows things down when it's just compare ... */
         if (list->compareFunc(node->data, data)) {
             break;
         }
-        link = &node->link;
-        if (link == PR_LIST_TAIL(&list->head->link)) {
+        if (&node->link == PR_LIST_TAIL(&list->head->link)) {
             node = NULL;
             break;
         }

diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c
@@ -1295,12 +1295,16 @@ CERT_AddOKDomainName(CERTCertificate *cert, const char *hn)
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
-    domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(
-        cert->arena, (sizeof *domainOK) + newNameLen);
-    if (!domainOK)
+    domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(cert->arena, sizeof(*domainOK));
+    if (!domainOK) {
         return SECFailure; /* error code is already set. */
+    }
+    domainOK->name = (char *)PORT_ArenaZAlloc(cert->arena, newNameLen + 1);
+    if (!domainOK->name) {
+        return SECFailure; /* error code is already set. */
+    }
 
-    PORT_Strcpy(domainOK->name, hn);
+    PORT_Strncpy(domainOK->name, hn, newNameLen + 1);
     sec_lower_string(domainOK->name);
 
     /* put at head of list. */
@@ -1402,7 +1406,6 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
         goto fail;
     }
     isIPaddr = (PR_SUCCESS == PR_StringToNetAddr(hn, &netAddr));
-    rv = SECFailure;
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
         goto fail;

diff --git a/lib/certdb/certt.h b/lib/certdb/certt.h
@@ -733,7 +733,7 @@ struct CERTVerifyLogStr {
 
 struct CERTOKDomainNameStr {
     CERTOKDomainName *next;
-    char name[1]; /* actual length may be longer. */
+    char *name;
 };
 
 typedef SECStatus(PR_CALLBACK *CERTStatusChecker)(CERTCertDBHandle *handle,

diff --git a/lib/certdb/crl.c b/lib/certdb/crl.c
@@ -2782,7 +2782,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
     rv = cert_FindCRLByGeneralName(ncc, canonicalizedName, &oldEntry);
     PORT_Assert(SECSuccess == rv);
     if (SECSuccess != rv) {
-        rv = cert_ReleaseNamedCRLCache(ncc);
+        (void)cert_ReleaseNamedCRLCache(ncc);
         SECITEM_ZfreeItem(crl, PR_TRUE);
         return SECFailure;
     }

diff --git a/lib/certdb/genname.c b/lib/certdb/genname.c
@@ -303,7 +303,7 @@ CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
     const SEC_ASN1Template *template;
 
     PORT_Assert(arena);
-    if (arena == NULL) {
+    if (arena == NULL || !genName) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
@@ -376,16 +376,17 @@ cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names)
 {
     CERTGeneralName *current_name;
     SECItem **items = NULL;
-    int count = 0;
+    int count = 1;
     int i;
     PRCList *head;
 
+    if (!names) {
+        return NULL;
+    }
+
     PORT_Assert(arena);
     /* TODO: mark arena */
     current_name = names;
-    if (names != NULL) {
-        count = 1;
-    }
     head = &(names->l);
     while (current_name->l.next != head) {
         current_name = CERT_GetNextGeneralName(current_name);
@@ -1069,7 +1070,7 @@ cert_ExtractDNEmailAddrs(CERTGeneralName *name, PLArenaPool *arena)
         }     /* loop over AVAs */
     }         /* loop over RDNs */
     /* combine new names with old one. */
-    name = cert_CombineNamesLists(name, nameList);
+    (void)cert_CombineNamesLists(name, nameList);
     /* TODO: unmark arena */
     return SECSuccess;
 

diff --git a/lib/certdb/secname.c b/lib/certdb/secname.c
@@ -588,8 +588,11 @@ CERT_CompareName(const CERTName *a, const CERTName *b)
         return SECGreaterThan;
 
     for (;;) {
-        ardn = *ardns++;
-        brdn = *brdns++;
+        if (!ardns++ || !brdns++) {
+            break;
+        }
+        ardn = *ardns;
+        brdn = *brdns;
         if (!ardn) {
             break;
         }

diff --git a/lib/certdb/stanpcertdb.c b/lib/certdb/stanpcertdb.c
@@ -158,8 +158,6 @@ CERT_MapStanError()
     int secError;
     int i;
 
-    error = 0;
-
     errorStack = NSS_GetErrorStack();
     if (errorStack == 0) {
         PORT_SetError(0);
@@ -859,7 +857,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
 
     if (saveit) {
         if (cc) {
-            if (stanProfile) {
+            if (stanProfile && profileTime && emailProfile) {
                 /* stanProfile is already stored in the crypto context,
                  * overwrite the data
                  */

diff --git a/lib/certhigh/certhigh.c b/lib/certhigh/certhigh.c
@@ -147,6 +147,10 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
             goto loser;
         }
 
+        if (!certList) {
+            goto loser;
+        }
+
         node = CERT_LIST_HEAD(certList);
 
         /* treverse all certs in the list */

diff --git a/lib/certhigh/ocsp.c b/lib/certhigh/ocsp.c
@@ -4128,9 +4128,7 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
      * Just because we have a cert does not mean it is any good; check
      * it for validity, trust and usage.
      */
-    if (ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
-        rv = SECSuccess;
-    } else {
+    if (!ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
         SECCertUsage certUsage;
         if (CERT_IsCACert(signerCert, NULL)) {
             certUsage = certUsageAnyCA;