From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Mon, 29 Apr 2024 07:46:24 +0000 (+0200)
Subject: MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx
X-Git-Tag: v3.0-dev10~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9bdea51;p=thirdparty%2Fhaproxy.git

MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx

As shown in GH #2550, Coverity is tempted to think that NULL-dereference
can occur in _lf_cbor_encode_byte() due to user-ctx being dereferenced
from cbor_ctx, while coverity thinks that cbor_ctx may be NULL.

In practise this cannot happen, because _lf_cbor_encode_byte() is
only leveraged through a function pointer that is set in conjunction with
the function pointer ctx (which ain't NULL). All this logic is done inside
lf_buildctx_prepare() when LOG_OPT_ENCODE_CBOR is set.

Since coverity doesn't seem to understand the logic properly, then it
might as well confuse humans, so let's make it clear in
_lf_cbor_encode_byte() that we expect non-NULL ctx by adding a BUG_ON()
---

diff --git a/src/log.c b/src/log.c
index 68399a1e06..e3ab29a503 100644
--- a/src/log.c
+++ b/src/log.c
@@ -1768,13 +1768,19 @@ static char *_encode_byte_hex(char *start, char *stop, unsigned char byte)
  *
  * for now only hex form is supported.
  *
+ * The function may only be called under CBOR context (that is when
+ * LOG_OPT_ENCODE_CBOR option is set).
+ *
  * Returns the position of the last written byte on success and NULL on
  * error.
  */
 static char *_lf_cbor_encode_byte(struct cbor_encode_ctx *cbor_ctx,
                                   char *start, char *stop, unsigned char byte)
 {
-	struct lf_buildctx *ctx = cbor_ctx->e_fct_ctx;
+	struct lf_buildctx *ctx;
+
+	BUG_ON(!cbor_ctx);
+	ctx = cbor_ctx->e_fct_ctx;
 
 	if (ctx->options & LOG_OPT_BIN) {
 		/* raw output */