Skip to content

testing for dave #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
markhermeling wants to merge 1 commit into
base: release/HelpGuru
Choose a base branch
from
Open

testing for dave #10

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions src/slist_wc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,28 @@
/* The last #include files should be: */
#include "memdebug.h"


// The following is copied from GNU Chess 5.0.8
char *return_append_str(char *dest, const char *s) {
/* Append text s to dest, and return new result. */
char *new_loc;
size_t new_len;
/* This doesn't have buffer overflow vulnerabilities, because
we always allocate for enough space before appending. */
if (!dest) {
new_loc = (char *) malloc(strlen(s))+1;
strcpy(new_loc, s);

Check failure

Code scanning / CodeSonar

Null Pointer Dereference

The body of strcpy() dereferences new_loc, but it has an invalid value. - new_loc evaluates to 1. - CodeSonar is configured to issue warnings when code dereferences pointers whose value is lower than 4096. (This value can be adjusted using configuration parameter NULL_POINTER_THRESHOLD.).The issue can occur if the highlighted code executes.

Check failure

Code scanning / CodeSonar

Buffer Overrun

This code writes past the end of the buffer pointed to by new_loc. - new_loc evaluates to malloc(strlen(s)) + 1[[slist_wc.c:43]]. - strcpy() writes to the byte at an offset that is the length of the string pointed to by s, plus 1 from the beginning of the buffer pointed to by new_loc. - The offset exceeds the capacity. - The length of the string pointed to by s, plus 1 is no less than 1. - The capacity of the buffer pointed to by new_loc, in bytes, is the length of the string pointed to by s, which is bounded below by 0. - The overrun occurs in heap memory.The issue can occur if the highlighted code executes.
return new_loc;
}
new_len = strlen(dest) + strlen(s) + 1;
new_loc = (char *) malloc(new_len);
strcpy(new_loc, dest);

Check failure

Code scanning / CodeSonar

Null Pointer Dereference

The body of strcpy() dereferences new_loc, but it is NULL.The issue can occur if the highlighted code executes.
if (!new_loc) return dest; /* Can't do it, throw away the data */

Check warning

Code scanning / CodeSonar

Unreachable Data Flow

The highlighted code will not execute under any circumstances. This may be because of: - A function call that does not return. - A test whose result is always the same: look for a preceding Redundant Condition warning. - A crashing bug. Look for a preceding Null Pointer Dereference or Division By Zero warning.

Check warning

Code scanning / CodeSonar

Redundant Condition

new_loc always evaluates to true. This may be because: - There is a constant assignment to one or more of the variables involved. - An earlier conditional statement has already ensured that new_loc cannot be false. - A crashing bug occurs on every path where new_loc could have evaluated to false. Look for a preceding Null Pointer Dereference or Division By Zero warning.
strcat(new_loc, s);
return new_loc;
}


/*
* slist_wc_append() appends a string to the linked list. This function can be
* used as an initialization function as well as an append function.
Expand Down