From d48abb9a846f710420beff7ec154984af84ee197 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 24 Jan 2019 11:55:10 +0000
Subject: [PATCH] clang analysis fixes, assert arc4random buffer in init, no
 check for already checked delegation pointer in iterator, in testcode check
 for NULL packet matches, in perf do not copy from NULL start list when
 growing capacity.  Adjust host and file only when present in test header read
 to please checker.  In testcode for unknown macro operand give zero result.
 Initialise the passed argv array in test code.  In test code add EDNS data
 segment copy only when nonempty.

git-svn-id: file:///svn/unbound/trunk@5070 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 compat/arc4random.c   |  1 +
 doc/Changelog         |  8 ++++++++
 iterator/iterator.c   |  2 +-
 testcode/fake_event.c |  4 ++--
 testcode/perf.c       | 10 ++++++----
 testcode/petal.c      | 14 +++++++++++---
 testcode/replay.c     |  1 +
 testcode/testbound.c  |  1 +
 testcode/testpkts.c   |  3 ++-
 9 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/compat/arc4random.c b/compat/arc4random.c
index bcef0ec90..b536d3143 100644
--- a/compat/arc4random.c
+++ b/compat/arc4random.c
@@ -140,6 +140,7 @@ nodevrandom:
 static inline void
 _rs_init(u_char *buf, size_t n)
 {
+	assert(buf);
 	if (n < KEYSZ + IVSZ)
 		return;
 
diff --git a/doc/Changelog b/doc/Changelog
index b3fd66c14..3bd7d86c4 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,14 @@
 	- Newer aclocal and libtoolize used for generating configure scripts,
 	  aclocal 1.16.1 and libtoolize 2.4.6.
 	- Fix unit test for python 3.7 new keyword 'async'.
+	- clang analysis fixes, assert arc4random buffer in init,
+	  no check for already checked delegation pointer in iterator,
+	  in testcode check for NULL packet matches, in perf do not copy
+	  from NULL start list when growing capacity.  Adjust host and file
+	  only when present in test header read to please checker.  In
+	  testcode for unknown macro operand give zero result. Initialise the
+	  passed argv array in test code.  In test code add EDNS data
+	  segment copy only when nonempty.
 
 23 January 2018: Wouter
 	- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
diff --git a/iterator/iterator.c b/iterator/iterator.c
index 7a62e1281..a3b52806a 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2299,7 +2299,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 		errinf(qstate, "auth zone lookup failed, fallback is off");
 		return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
 	}
-	if(iq->dp && iq->dp->auth_dp) {
+	if(iq->dp->auth_dp) {
 		/* we wanted to fallback, but had no delegpt, only the
 		 * auth zone generated delegpt, create an actual one */
 		iq->auth_zone_avoid = 1;
diff --git a/testcode/fake_event.c b/testcode/fake_event.c
index 016f70e3d..4fb9bc8ed 100644
--- a/testcode/fake_event.c
+++ b/testcode/fake_event.c
@@ -385,7 +385,7 @@ answer_callback_from_entry(struct replay_runtime* runtime,
 	repinfo.addrlen = pend->addrlen;
 	memcpy(&repinfo.addr, &pend->addr, pend->addrlen);
 	if(!pend->serviced) {
-		if(entry->reply_list->next &&
+		if(entry && entry->reply_list->next &&
 			pend->tcp_pkt_counter < count_reply_packets(entry)) {
 			/* go to next packet next time */
 			pend->tcp_pkt_counter++;
@@ -509,7 +509,7 @@ fake_pending_callback(struct replay_runtime* runtime,
 	repinfo.addrlen = p->addrlen;
 	memcpy(&repinfo.addr, &p->addr, p->addrlen);
 	if(!p->serviced) {
-		if(todo->match->reply_list->next && !error &&
+		if(todo->match && todo->match->reply_list->next && !error &&
 			p->tcp_pkt_counter < count_reply_packets(todo->match)) {
 			/* go to next packet next time */
 			p->tcp_pkt_counter++;
diff --git a/testcode/perf.c b/testcode/perf.c
index 32a5307ed..8e4c5fe91 100644
--- a/testcode/perf.c
+++ b/testcode/perf.c
@@ -513,10 +513,12 @@ qlist_grow_capacity(struct perfinfo* info)
 	uint8_t** d = (uint8_t**)calloc(sizeof(uint8_t*), newcap);
 	size_t* l = (size_t*)calloc(sizeof(size_t), newcap);
 	if(!d || !l) fatal_exit("out of memory");
-	memcpy(d, info->qlist_data, sizeof(uint8_t*)*
-		info->qlist_capacity);
-	memcpy(l, info->qlist_len, sizeof(size_t)*
-		info->qlist_capacity);
+	if(info->qlist_data)
+		memcpy(d, info->qlist_data, sizeof(uint8_t*)*
+			info->qlist_capacity);
+	if(info->qlist_len)
+		memcpy(l, info->qlist_len, sizeof(size_t)*
+			info->qlist_capacity);
 	free(info->qlist_data);
 	free(info->qlist_len);
 	info->qlist_data = d;
diff --git a/testcode/petal.c b/testcode/petal.c
index e1f5f4341..a733017a4 100644
--- a/testcode/petal.c
+++ b/testcode/petal.c
@@ -323,9 +323,9 @@ file_name_is_safe(char* s)
 	return 1;
 }
 
-/** adjust host and filename */
+/** adjust host */
 static void
-adjust_host_file(char* host, char* file)
+adjust_host(char* host)
 {
 	size_t i, len;
 	/* remove a port number if present */
@@ -335,6 +335,13 @@ adjust_host_file(char* host, char* file)
 	len = strlen(host);
 	for(i=0; i<len; i++)
 		host[i] = tolower((unsigned char)host[i]);
+}
+
+/** adjust filename */
+static void
+adjust_file(char* file)
+{
+	size_t i, len;
 	len = strlen(file);
 	for(i=0; i<len; i++)
 		file[i] = tolower((unsigned char)file[i]);
@@ -534,7 +541,8 @@ service_ssl(SSL* ssl, struct sockaddr_storage* from, socklen_t falen)
 	if(!read_http_headers(ssl, file, sizeof(file), host, sizeof(host),
 		&vs))
 		return;
-	adjust_host_file(host, file);
+	if(host[0] != 0) adjust_host(host);
+	if(file[0] != 0) adjust_file(file);
 	if(host[0] == 0 || !host_name_is_safe(host))
 		(void)strlcpy(host, "default", sizeof(host));
 	if(!file_name_is_safe(file)) {
diff --git a/testcode/replay.c b/testcode/replay.c
index 93a600425..84ce50441 100644
--- a/testcode/replay.c
+++ b/testcode/replay.c
@@ -715,6 +715,7 @@ perform_arith(double x, char op, double y, double* res)
 		*res = x*y;
 		break;
 	default:
+		*res = 0;
 		return 0;
 	}
 
diff --git a/testcode/testbound.c b/testcode/testbound.c
index cea74c593..246bc6735 100644
--- a/testcode/testbound.c
+++ b/testcode/testbound.c
@@ -344,6 +344,7 @@ main(int argc, char* argv[])
 
 	/* we do not want the test to depend on the timezone */
 	(void)putenv("TZ=UTC");
+	memset(pass_argv, 0, sizeof(pass_argv));
 
 	log_init(NULL, 0, NULL);
 	/* determine commandline options for the daemon */
diff --git a/testcode/testpkts.c b/testcode/testpkts.c
index 1d89c38fc..6c90567aa 100644
--- a/testcode/testpkts.c
+++ b/testcode/testpkts.c
@@ -513,7 +513,8 @@ add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata,
 	if(*pktlen + sizeof(edns) + ednslen > pktsize)
 		error("not enough space for EDNS OPT record");
 	memmove(pktbuf+*pktlen, edns, sizeof(edns));
-	memmove(pktbuf+*pktlen+sizeof(edns), ednsdata, ednslen);
+	if(ednsdata && ednslen)
+		memmove(pktbuf+*pktlen+sizeof(edns), ednsdata, ednslen);
 	sldns_write_uint16(pktbuf+10, LDNS_ARCOUNT(pktbuf)+1);
 	*pktlen += (sizeof(edns) + ednslen);
 }
-- 
2.47.3