#30 nsd/set.c:1385: error: Null Dereference pointer `new->fields` last assigned on line 1380 could be null and is dereferenced by call to `Ns_SetPut()` at line 1385, column 19. nsd/set.c:1370:1: start of procedure Ns_SetCopy() 1368. */ 1369. 1370. Ns_Set * ^ 1371. Ns_SetCopy(const Ns_Set *old) 1372. { nsd/set.c:1375:9: Taking false branch 1373. Ns_Set *new; 1374. 1375. if (old == NULL) { ^ 1376. new = NULL; 1377. } else { nsd/set.c:1380:9: 1378. size_t i; 1379. 1380. new = SetCreate(old->name, old->size + 1); /* maybe maxSize? */ ^ 1381. #ifdef NS_SET_DSTRING 1382. Ns_SetDataPrealloc(new, old->data.length + 1); nsd/set.c:325:1: start of procedure SetCreate() 323. */ 324. static long createdSets = 0; 325. static Ns_Set * ^ 326. SetCreate(const char *name, size_t size) 327. { nsd/set.c:330:5: 328. Ns_Set *setPtr; 329. 330. createdSets++; ^ 331. setPtr = ns_malloc(sizeof(Ns_Set)); 332. setPtr->size = 0u; nsd/set.c:331:5: 329. 330. createdSets++; 331. setPtr = ns_malloc(sizeof(Ns_Set)); ^ 332. setPtr->size = 0u; 333. setPtr->maxSize = size; nsthread/memory.c:72:1: start of procedure ns_malloc() 70. return result; 71. } 72. void *ns_malloc(size_t size) { ^ 73. void *result; 74. #ifdef NS_VERBOSE_MALLOC nsthread/memory.c:83:5: 81. * in general, that a malloc() result of NULL means out of memory. 82. */ 83. result = malloc(size); ^ 84. /*if (size == 0u) { 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); nsthread/memory.c:87:9: Condition is false 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); 86. }*/ 87. if (unlikely(result == NULL && size > 0u)) { ^ 88. fprintf(stderr, "Fatal: failed to allocate %" PRIuz " bytes.\n", size); 89. abort(); nsthread/memory.c:87:9: Taking false branch 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); 86. }*/ 87. if (unlikely(result == NULL && size > 0u)) { ^ 88. fprintf(stderr, "Fatal: failed to allocate %" PRIuz " bytes.\n", size); 89. abort(); nsthread/memory.c:91:5: 89. abort(); 90. } 91. return result; ^ 92. } 93. void ns_free(void *ptr) { nsthread/memory.c:92:1: return from a call to ns_malloc 90. } 91. return result; 92. } ^ 93. void ns_free(void *ptr) { 94. free(ptr); nsd/set.c:332:5: 330. createdSets++; 331. setPtr = ns_malloc(sizeof(Ns_Set)); 332. setPtr->size = 0u; ^ 333. setPtr->maxSize = size; 334. setPtr->name = ns_strcopy(name); nsd/set.c:333:5: 331. setPtr = ns_malloc(sizeof(Ns_Set)); 332. setPtr->size = 0u; 333. setPtr->maxSize = size; ^ 334. setPtr->name = ns_strcopy(name); 335. setPtr->fields = ns_malloc(sizeof(Ns_SetField) * setPtr->maxSize); nsd/set.c:334:5: 332. setPtr->size = 0u; 333. setPtr->maxSize = size; 334. setPtr->name = ns_strcopy(name); ^ 335. setPtr->fields = ns_malloc(sizeof(Ns_SetField) * setPtr->maxSize); 336. #ifdef NS_SET_DSTRING nsthread/memory.c:148:1: start of procedure ns_strcopy() 146. #endif 147. 148. char * ^ 149. ns_strcopy(const char *old) 150. { nsthread/memory.c:151:13: Condition is false 149. ns_strcopy(const char *old) 150. { 151. return (old == NULL ? NULL : ns_strdup(old)); ^ 152. } 153. nsthread/memory.c:174:1: start of procedure ns_strdup() 172. } 173. 174. char * ^ 175. ns_strdup(const char *old) 176. { nsthread/memory.c:180:5: 178. char *p; 179. 180. NS_NONNULL_ASSERT(old != NULL); ^ 181. 182. length = strlen(old) + 1u; nsthread/memory.c:182:5: 180. NS_NONNULL_ASSERT(old != NULL); 181. 182. length = strlen(old) + 1u; ^ 183. p = ns_malloc(length); 184. if (p != NULL) { nsthread/memory.c:183:5: 181. 182. length = strlen(old) + 1u; 183. p = ns_malloc(length); ^ 184. if (p != NULL) { 185. memcpy(p, old, length); nsthread/memory.c:72:1: start of procedure ns_malloc() 70. return result; 71. } 72. void *ns_malloc(size_t size) { ^ 73. void *result; 74. #ifdef NS_VERBOSE_MALLOC nsthread/memory.c:83:5: 81. * in general, that a malloc() result of NULL means out of memory. 82. */ 83. result = malloc(size); ^ 84. /*if (size == 0u) { 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); nsthread/memory.c:87:9: Condition is false 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); 86. }*/ 87. if (unlikely(result == NULL && size > 0u)) { ^ 88. fprintf(stderr, "Fatal: failed to allocate %" PRIuz " bytes.\n", size); 89. abort(); nsthread/memory.c:87:9: Taking false branch 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); 86. }*/ 87. if (unlikely(result == NULL && size > 0u)) { ^ 88. fprintf(stderr, "Fatal: failed to allocate %" PRIuz " bytes.\n", size); 89. abort(); nsthread/memory.c:91:5: 89. abort(); 90. } 91. return result; ^ 92. } 93. void ns_free(void *ptr) { nsthread/memory.c:92:1: return from a call to ns_malloc 90. } 91. return result; 92. } ^ 93. void ns_free(void *ptr) { 94. free(ptr); nsthread/memory.c:184:9: Taking true branch 182. length = strlen(old) + 1u; 183. p = ns_malloc(length); 184. if (p != NULL) { ^ 185. memcpy(p, old, length); 186. } else { nsthread/memory.c:185:9: 183. p = ns_malloc(length); 184. if (p != NULL) { 185. memcpy(p, old, length); ^ 186. } else { 187. #if defined(ENOMEM) nsthread/memory.c:192:5: 190. } 191. 192. return p; ^ 193. } 194. nsthread/memory.c:193:1: return from a call to ns_strdup 191. 192. return p; 193. } ^ 194. 195. nsthread/memory.c:151:5: 149. ns_strcopy(const char *old) 150. { 151. return (old == NULL ? NULL : ns_strdup(old)); ^ 152. } 153. nsthread/memory.c:152:1: return from a call to ns_strcopy 150. { 151. return (old == NULL ? NULL : ns_strdup(old)); 152. } ^ 153. 154. char * nsd/set.c:335:5: 333. setPtr->maxSize = size; 334. setPtr->name = ns_strcopy(name); 335. setPtr->fields = ns_malloc(sizeof(Ns_SetField) * setPtr->maxSize); ^ 336. #ifdef NS_SET_DSTRING 337. Tcl_DStringInit(&setPtr->data); nsthread/memory.c:72:1: start of procedure ns_malloc() 70. return result; 71. } 72. void *ns_malloc(size_t size) { ^ 73. void *result; 74. #ifdef NS_VERBOSE_MALLOC nsthread/memory.c:83:5: 81. * in general, that a malloc() result of NULL means out of memory. 82. */ 83. result = malloc(size); ^ 84. /*if (size == 0u) { 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); nsthread/memory.c:87:9: Condition is true 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); 86. }*/ 87. if (unlikely(result == NULL && size > 0u)) { ^ 88. fprintf(stderr, "Fatal: failed to allocate %" PRIuz " bytes.\n", size); 89. abort(); nsthread/memory.c:87:9: Condition is false 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); 86. }*/ 87. if (unlikely(result == NULL && size > 0u)) { ^ 88. fprintf(stderr, "Fatal: failed to allocate %" PRIuz " bytes.\n", size); 89. abort(); nsthread/memory.c:87:9: Taking false branch 85. fprintf(stderr, "ZERO ns_malloc size=%lu ptr %p\n", size, result); 86. }*/ 87. if (unlikely(result == NULL && size > 0u)) { ^ 88. fprintf(stderr, "Fatal: failed to allocate %" PRIuz " bytes.\n", size); 89. abort(); nsthread/memory.c:91:5: 89. abort(); 90. } 91. return result; ^ 92. } 93. void ns_free(void *ptr) { nsthread/memory.c:92:1: return from a call to ns_malloc 90. } 91. return result; 92. } ^ 93. void ns_free(void *ptr) { 94. free(ptr); nsd/set.c:345:5: 343. #endif 344. 345. return setPtr; ^ 346. } 347. nsd/set.c:346:1: return from a call to SetCreate 344. 345. return setPtr; 346. } ^ 347. 348. Ns_Set * nsd/set.c:1384:14: 1382. Ns_SetDataPrealloc(new, old->data.length + 1); 1383. #endif 1384. for (i = 0u; i < old->size; ++i) { ^ 1385. (void)Ns_SetPut(new, old->fields[i].name, old->fields[i].value); 1386. } nsd/set.c:1384:22: Loop condition is true. Entering loop body 1382. Ns_SetDataPrealloc(new, old->data.length + 1); 1383. #endif 1384. for (i = 0u; i < old->size; ++i) { ^ 1385. (void)Ns_SetPut(new, old->fields[i].name, old->fields[i].value); 1386. } nsd/set.c:1385:19: 1383. #endif 1384. for (i = 0u; i < old->size; ++i) { 1385. (void)Ns_SetPut(new, old->fields[i].name, old->fields[i].value); ^ 1386. } 1387. #ifdef NS_SET_DSTRING nsd/set.c:454:1: start of procedure Ns_SetPut() 452. } 453. 454. size_t ^ 455. Ns_SetPut(Ns_Set *set, const char *key, const char *value) 456. { nsd/set.c:457:5: 455. Ns_SetPut(Ns_Set *set, const char *key, const char *value) 456. { 457. NS_NONNULL_ASSERT(set != NULL); ^ 458. NS_NONNULL_ASSERT(key != NULL); 459. nsd/set.c:458:5: 456. { 457. NS_NONNULL_ASSERT(set != NULL); 458. NS_NONNULL_ASSERT(key != NULL); ^ 459. 460. return Ns_SetPutSz(set, key, -1, value, -1); nsd/set.c:460:5: 458. NS_NONNULL_ASSERT(key != NULL); 459. 460. return Ns_SetPutSz(set, key, -1, value, -1); ^ 461. } 462. nsd/set.c:422:1: start of procedure Ns_SetPutSz() 420. */ 421. 422. size_t ^ 423. Ns_SetPutSz(Ns_Set *set, const char *keyString, ssize_t keyLength, const char *valueString, ssize_t valueLength) 424. { nsd/set.c:427:5: 425. size_t idx; 426. 427. NS_NONNULL_ASSERT(set != NULL); ^ 428. NS_NONNULL_ASSERT(keyString != NULL); 429. nsd/set.c:428:5: 426. 427. NS_NONNULL_ASSERT(set != NULL); 428. NS_NONNULL_ASSERT(keyString != NULL); ^ 429. 430. assert(set->size <= set->maxSize); nsd/set.c:430:5: 428. NS_NONNULL_ASSERT(keyString != NULL); 429. 430. assert(set->size <= set->maxSize); ^ 431. idx = set->size; 432. set->size++; nsd/set.c:431:5: 429. 430. assert(set->size <= set->maxSize); 431. idx = set->size; ^ 432. set->size++; 433. nsd/set.c:432:5: 430. assert(set->size <= set->maxSize); 431. idx = set->size; 432. set->size++; ^ 433. 434. if (set->size >= set->maxSize) { nsd/set.c:434:9: Taking false branch 432. set->size++; 433. 434. if (set->size >= set->maxSize) { ^ 435. size_t oldSize = set->size; 436. nsd/set.c:448:5: 446. set->fields[idx].value = AppendData(set, idx, valueString, valueLength); 447. #else 448. set->fields[idx].name = ns_strncopy(keyString, keyLength); ^ 449. set->fields[idx].value = ns_strncopy(valueString, valueLength); 450. #endif