silence use after the free clang analyzer warning

scan-build from clang version 9 complains about following:

 nl.c:507:9: warning: Use of memory after it is freed
        while (nlmsg_ok(hdr, n)) {
               ^~~~~~~~~~~~~~~~

which seems to be impossible codepath as clang analyzer doesn't somehow
account properly nl_syserr2nlerr(errno) return value:

 } else {
    free(msg.msg_control);
    free(*buf);
    return -nl_syserr2nlerr(errno);
 }

which should be always < 0, but analyzer is still checking for > 0 code
path as well for some reason. So in order to make the analyzer happy,
set the buf pointer to NULL explicitly and add assert to make it clear,
that this codepath should never happen.

Signed-off-by: Petr Štetiar <ynezz@true.cz>

1 files changed, 9 insertions, 1 deletions

diff --git a/nl.c b/nl.c
index 2649470..505965f 100644
--- a/nl.c
+++ b/nl.c
@@ -400,7 +400,9 @@ int nl_recv(struct nl_sock *sk, struct sockaddr_nl *nla,
 		page_size = getpagesize() * 4;
 
 	iov.iov_len = page_size;
-	iov.iov_base = *buf = malloc(iov.iov_len);
+	iov.iov_base = *buf = calloc(1, iov.iov_len);
+	if (!*buf)
+		return -nl_syserr2nlerr(errno);
 
 	if (sk->s_flags & NL_SOCK_PASSCRED) {
 		msg.msg_controllen = CMSG_SPACE(sizeof(struct ucred));
@@ -421,6 +423,7 @@ retry:
 		} else {
 			free(msg.msg_control);
 			free(*buf);
+			*buf = NULL;
 			return -nl_syserr2nlerr(errno);
 		}
 	}
@@ -445,6 +448,7 @@ retry:
 	if (msg.msg_namelen != sizeof(struct sockaddr_nl)) {
 		free(msg.msg_control);
 		free(*buf);
+		*buf = NULL;
 		return -NLE_NOADDR;
 	}
 
@@ -463,6 +467,7 @@ retry:
 abort:
 	free(msg.msg_control);
 	free(*buf);
+	*buf = NULL;
 	return 0;
 }
 
@@ -501,6 +506,9 @@ continue_reading:
 	if (n <= 0)
 		return n;
 
+	/* make clang analyzer happy */
+	assert(n > 0 && buf);
+
 	NL_DBG(3, "recvmsgs(%p): Read %d bytes\n", sk, n);
 
 	hdr = (struct nlmsghdr *) buf;