Bug Summary

File:out/../deps/openssl/openssl/crypto/asn1/f_string.c
Warning:line 117, column 28
Array access (from variable 's') results in a null pointer dereference

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name f_string.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/asn1/f_string.c
1/*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "crypto/ctype.h"
12#include "internal/cryptlib.h"
13#include <openssl/buffer.h>
14#include <openssl/asn1.h>
15
16int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
17{
18 int i, n = 0;
19 static const char *h = "0123456789ABCDEF";
20 char buf[2];
21
22 if (a == NULL((void*)0))
23 return 0;
24
25 if (a->length == 0) {
26 if (BIO_write(bp, "0", 1) != 1)
27 goto err;
28 n = 1;
29 } else {
30 for (i = 0; i < a->length; i++) {
31 if ((i != 0) && (i % 35 == 0)) {
32 if (BIO_write(bp, "\\\n", 2) != 2)
33 goto err;
34 n += 2;
35 }
36 buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
37 buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
38 if (BIO_write(bp, buf, 2) != 2)
39 goto err;
40 n += 2;
41 }
42 }
43 return n;
44 err:
45 return -1;
46}
47
48int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
49{
50 int i, j, k, m, n, again, bufsize;
51 unsigned char *s = NULL((void*)0), *sp;
1
's' initialized to a null pointer value
52 unsigned char *bufp;
53 int num = 0, slen = 0, first = 1;
54
55 bufsize = BIO_gets(bp, buf, size);
56 for (;;) {
2
Loop condition is true. Entering loop body
25
Loop condition is true. Entering loop body
57 if (bufsize < 1) {
3
Assuming 'bufsize' is >= 1
4
Taking false branch
26
Assuming 'bufsize' is >= 1
27
Taking false branch
58 if (first)
59 break;
60 else
61 goto err;
62 }
63 first = 0;
64
65 i = bufsize;
66 if (buf[i - 1] == '\n')
5
Assuming the condition is false
6
Taking false branch
28
Assuming the condition is false
29
Taking false branch
67 buf[--i] = '\0';
68 if (i
6.1
'i' is not equal to 0
29.1
'i' is not equal to 0
 == 0)
7
Taking false branch
30
Taking false branch
69 goto err;
70 if (buf[i - 1] == '\r')
8
Assuming the condition is false
9
Taking false branch
31
Assuming the condition is false
32
Taking false branch
71 buf[--i] = '\0';
72 if (i
9.1
'i' is not equal to 0
32.1
'i' is not equal to 0
 == 0)
10
Taking false branch
33
Taking false branch
73 goto err;
74 again = (buf[i - 1] == '\\');
75
76 for (j = i - 1; j > 0; j--) {
11
Assuming 'j' is > 0
12
Loop condition is true. Entering loop body
34
Assuming 'j' is > 0
35
Loop condition is true. Entering loop body
77 if (!ossl_isxdigit(buf[j])(ossl_ctype_check((buf[j]), 0x10))) {
13
Assuming the condition is true
14
Taking true branch
36
Assuming the condition is true
37
Taking true branch
78 i = j;
79 break;
80 }
81 }
82 buf[i] = '\0';
15
 Execution continues on line 82
38
 Execution continues on line 82
83 /*
84 * We have now cleared all the crap off the end of the line
85 */
86 if (i < 2)
16
Assuming 'i' is >= 2
17
Taking false branch
39
Assuming 'i' is >= 2
40
Taking false branch
87 goto err;
88
89 bufp = (unsigned char *)buf;
90
91 k = 0;
92 i -= again;
93 if (i % 2 != 0) {
18
Assuming the condition is false
19
Taking false branch
41
Assuming the condition is false
42
Taking false branch
94 ERR_raise(ERR_LIB_ASN1, ASN1_R_ODD_NUMBER_OF_CHARS)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/f_string.c"
,94,__func__), ERR_set_error)((13),(145),((void*)0));
95 OPENSSL_free(s)CRYPTO_free(s, "../deps/openssl/openssl/crypto/asn1/f_string.c"
, 95);
96 return 0;
97 }
98 i /= 2;
99 if (num + i > slen) {
20
Assuming the condition is false
21
Taking false branch
43
Assuming the condition is false
44
Taking false branch
100 sp = OPENSSL_realloc(s, (unsigned int)num + i * 2)CRYPTO_realloc(s, (unsigned int)num + i * 2, "../deps/openssl/openssl/crypto/asn1/f_string.c"
, 100);
101 if (sp == NULL((void*)0)) {
102 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/f_string.c"
,102,__func__), ERR_set_error)((13),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
103 OPENSSL_free(s)CRYPTO_free(s, "../deps/openssl/openssl/crypto/asn1/f_string.c"
, 103);
104 return 0;
105 }
106 s = sp;
107 slen = num + i * 2;
108 }
109 for (j = 0; j
21.1
'j' is >= 'i'
 < i; j++, k += 2) {
22
Loop condition is false. Execution continues on line 121
45
Assuming 'j' is < 'i'
46
Loop condition is true. Entering loop body
110 for (n = 0; n < 2; n++) {
47
Loop condition is true. Entering loop body
111 m = OPENSSL_hexchar2int(bufp[k + n]);
112 if (m < 0) {
48
Assuming 'm' is >= 0
49
Taking false branch
113 ERR_raise(ERR_LIB_ASN1, ASN1_R_NON_HEX_CHARACTERS)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/f_string.c"
,113,__func__), ERR_set_error)((13),(141),((void*)0));
114 OPENSSL_free(s)CRYPTO_free(s, "../deps/openssl/openssl/crypto/asn1/f_string.c"
, 114);
115 return 0;
116 }
117 s[num + j] <<= 4;
50
Array access (from variable 's') results in a null pointer dereference
118 s[num + j] |= m;
119 }
120 }
121 num += i;
122 if (again)
23
Assuming 'again' is not equal to 0
24
Taking true branch
123 bufsize = BIO_gets(bp, buf, size);
124 else
125 break;
126 }
127 bs->length = num;
128 bs->data = s;
129 return 1;
130
131 err:
132 ERR_raise(ERR_LIB_ASN1, ASN1_R_SHORT_LINE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/f_string.c"
,132,__func__), ERR_set_error)((13),(150),((void*)0));
133 OPENSSL_free(s)CRYPTO_free(s, "../deps/openssl/openssl/crypto/asn1/f_string.c"
, 133);
134 return 0;
135}