Avoid writing through a const pointer in render_xsl()

render_xsl() cast away the const of the static xslmsg stylesheet and
passed it to isc_buffer_reinit(), which memmove()s into the base when
the buffer is non-empty -- a write to read-only memory that -fanalyzer
flags (-Wanalyzer-write-to-const).  It only stayed safe because the
body buffer is always empty here.

Use isc_buffer_constinit(), which never writes to the base, and assert
the empty-buffer contract with REQUIRE(isc_buffer_length(b) == 0).

Assisted-by: Claude:claude-opus-4-8

diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 76b4ef27dd85601bb01fa959c8d657ab414e67be..2e02cde7ad5de97c254574adfacb6fc196673972 100644 (file)
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -3699,14 +3699,13 @@ render_json_traffic(const isc_httpd_t *httpd, const isc_httpdurl_t *urlinfo,
  * neither of libxml2 or json-c is configured.
  */
 static isc_result_t
-render_xsl(const isc_httpd_t *httpd, const isc_httpdurl_t *urlinfo, void *args,
-          unsigned int *retcode, const char **retmsg, const char **mimetype,
-          isc_buffer_t *b, isc_httpdfree_t **freecb, void **freecb_args) {
-       isc_result_t result;
-       char *p = NULL;
+render_xsl(const isc_httpd_t *httpd, const isc_httpdurl_t *urlinfo,
+          void *args ISC_ATTR_UNUSED, unsigned int *retcode,
+          const char **retmsg, const char **mimetype, isc_buffer_t *b,
+          isc_httpdfree_t **freecb, void **freecb_args) {
+       REQUIRE(isc_buffer_length(b) == 0);
 
-       UNUSED(httpd);
-       UNUSED(args);
+       isc_result_t result;
 
        *freecb = NULL;
        *freecb_args = NULL;
@@ -3747,8 +3746,7 @@ render_xsl(const isc_httpd_t *httpd, const isc_httpdurl_t *urlinfo, void *args,
 send:
        *retcode = 200;
        *retmsg = "OK";
-       p = UNCONST(xslmsg);
-       isc_buffer_reinit(b, p, strlen(xslmsg));
+       isc_buffer_constinit(b, xslmsg, strlen(xslmsg));
        isc_buffer_add(b, strlen(xslmsg));
 end:
        return ISC_R_SUCCESS;