xdiff-interface.c

Bug Summary

File:	xdiff-interface.c
Location:	line 267, column 18
Description:	Dereference of null pointer (loaded from variable 'value')

Annotated Source Code

#include "cache.h"

#include "xdiff-interface.h"

#include "xdiff/xtypes.h"

#include "xdiff/xdiffi.h"

#include "xdiff/xemit.h"

#include "xdiff/xmacros.h"

struct xdiff_emit_state {

xdiff_emit_consume_fn consume;

void *consume_callback_data;

struct strbuf remainder;

};

static int parse_num(char **cp_p, int *num_p)

{

char *cp = *cp_p;

int num = 0;

while ('0' <= *cp && *cp <= '9')

num = num * 10 + *cp++ - '0';

if (!(cp - *cp_p))

return -1;

*cp_p = cp;

*num_p = num;

return 0;

}

int parse_hunk_header(char *line, int len,

int *ob, int *on,

int *nb, int *nn)

{

char *cp;

cp = line + 4;

if (parse_num(&cp, ob)) {

bad_line:

return error("malformed diff output: %s", line)(error("malformed diff output: %s", line), const_error());

}

if (*cp == ',') {

cp++;

if (parse_num(&cp, on))

goto bad_line;

}

else

*on = 1;

if (*cp++ != ' ' || *cp++ != '+')

goto bad_line;

if (parse_num(&cp, nb))

goto bad_line;

if (*cp == ',') {

cp++;

if (parse_num(&cp, nn))

goto bad_line;

}

else

*nn = 1;

return -!!memcmp(cp, " @@", 3);

}

static void consume_one(void *priv_, char *s, unsigned long size)

{

struct xdiff_emit_state *priv = priv_;

char *ep;

while (size) {

unsigned long this_size;

ep = memchr(s, '\n', size);

this_size = (ep == NULL((void*)0)) ? size : (ep - s + 1);

priv->consume(priv->consume_callback_data, s, this_size);

size -= this_size;

s += this_size;

}

static int xdiff_outf(void *priv_, mmbuffer_t *mb, int nbuf)

{

struct xdiff_emit_state *priv = priv_;

int i;

for (i = 0; i < nbuf; i++) {

if (mb[i].ptr[mb[i].size-1] != '\n') {

/* Incomplete line */

strbuf_add(&priv->remainder, mb[i].ptr, mb[i].size);

continue;

}

/* we have a complete line */

if (!priv->remainder.len) {

consume_one(priv, mb[i].ptr, mb[i].size);

continue;

}

strbuf_add(&priv->remainder, mb[i].ptr, mb[i].size);

consume_one(priv, priv->remainder.buf, priv->remainder.len);

strbuf_reset(&priv->remainder)strbuf_setlen(&priv->remainder, 0);

}

if (priv->remainder.len) {

consume_one(priv, priv->remainder.buf, priv->remainder.len);

strbuf_reset(&priv->remainder)strbuf_setlen(&priv->remainder, 0);

}

return 0;

}

100

101

102

* Trim down common substring at the end of the buffers,

103

* but end on a complete line.

104

105

static void trim_common_tail(mmfile_t *a, mmfile_t *b)

106

{

107

const int blk = 1024;

108

long trimmed = 0, recovered = 0;

109

char *ap = a->ptr + a->size;

110

char *bp = b->ptr + b->size;

111

long smaller = (a->size < b->size) ? a->size : b->size;

112

113

while (blk + trimmed <= smaller && !memcmp(ap - blk, bp - blk, blk)) {

114

trimmed += blk;

115

ap -= blk;

116

bp -= blk;

117

}

118

119

while (recovered < trimmed)

120

if (ap[recovered++] == '\n')

121

break;

122

a->size -= trimmed - recovered;

123

b->size -= trimmed - recovered;

124

}

125

126

int xdi_diff(mmfile_t *mf1, mmfile_t *mf2, xpparam_t const *xpp, xdemitconf_t const *xecfg, xdemitcb_t *xecb)

127

{

128

mmfile_t a = *mf1;

129

mmfile_t b = *mf2;

130

131

if (mf1->size > MAX_XDIFF_SIZE(1024UL * 1024 * 1023) || mf2->size > MAX_XDIFF_SIZE(1024UL * 1024 * 1023))

132

return -1;

133

134

if (!xecfg->ctxlen && !(xecfg->flags & XDL_EMIT_FUNCCONTEXT(1 << 2)))

135

trim_common_tail(&a, &b);

136

137

return xdl_diff(&a, &b, xpp, xecfg, xecb);

138

}

139

140

int xdi_diff_outf(mmfile_t *mf1, mmfile_t *mf2,

141

xdiff_emit_consume_fn fn, void *consume_callback_data,

142

xpparam_t const *xpp, xdemitconf_t const *xecfg)

143

{

144

int ret;

145

struct xdiff_emit_state state;

146

xdemitcb_t ecb;

147

148

memset(&state, 0, sizeof(state))__builtin___memset_chk (&state, 0, sizeof(state), __builtin_object_size
(&state, 0));

149

state.consume = fn;

150

state.consume_callback_data = consume_callback_data;

151

memset(&ecb, 0, sizeof(ecb))__builtin___memset_chk (&ecb, 0, sizeof(ecb), __builtin_object_size
(&ecb, 0));

152

ecb.outf = xdiff_outf;

153

ecb.priv = &state;

154

strbuf_init(&state.remainder, 0);

155

ret = xdi_diff(mf1, mf2, xpp, xecfg, &ecb);

156

strbuf_release(&state.remainder);

157

return ret;

158

}

159

160

int read_mmfile(mmfile_t *ptr, const char *filename)

161

{

162

struct stat st;

163

FILE *f;

164

size_t sz;

165

166

if (stat(filename, &st))

167

return error("Could not stat %s", filename)(error("Could not stat %s", filename), const_error());

168

if ((f = fopen(filename, "rb")) == NULL((void*)0))

169

return error("Could not open %s", filename)(error("Could not open %s", filename), const_error());

170

sz = xsize_t(st.st_size);

171

ptr->ptr = xmalloc(sz ? sz : 1);

172

if (sz && fread(ptr->ptr, sz, 1, f) != 1) {

173

fclose(f);

174

return error("Could not read %s", filename)(error("Could not read %s", filename), const_error());

175

}

176

fclose(f);

177

ptr->size = sz;

178

return 0;

179

}

180

181

void read_mmblob(mmfile_t *ptr, const struct object_id *oid)

182

{

183

unsigned long size;

184

enum object_type type;

185

186

if (!oidcmp(oid, &null_oid)) {

187

ptr->ptr = xstrdup("");

188

ptr->size = 0;

189

return;

190

}

191

192

ptr->ptr = read_sha1_file(oid->hash, &type, &size);

193

if (!ptr->ptr || type != OBJ_BLOB)

194

die("unable to read blob object %s", oid_to_hex(oid));

195

ptr->size = size;

196

}

197

198

#define FIRST_FEW_BYTES8000 8000

199

int buffer_is_binary(const char *ptr, unsigned long size)

200

{

201

if (FIRST_FEW_BYTES8000 < size)

202

size = FIRST_FEW_BYTES8000;

203

return !!memchr(ptr, 0, size);

204

}

205

206

struct ff_regs {

207

int nr;

208

struct ff_reg {

209

regex_t re;

210

int negate;

211

} *array;

212

};

213

214

static long ff_regexp(const char *line, long len,

215

char *buffer, long buffer_size, void *priv)

216

{

217

struct ff_regs *regs = priv;

218

regmatch_t pmatch[2];

219

int i;

220

int result;

221

222

/* Exclude terminating newline (and cr) from matching */

223

if (len > 0 && line[len-1] == '\n') {

224

if (len > 1 && line[len-2] == '\r')

225

len -= 2;

226

else

227

len--;

228

}

229

230

for (i = 0; i < regs->nr; i++) {

231

struct ff_reg *reg = regs->array + i;

232

if (!regexec_buf(&reg->re, line, len, 2, pmatch, 0)) {

233

if (reg->negate)

234

return -1;

235

break;

236

}

237

}

238

if (regs->nr <= i)

239

return -1;

240

i = pmatch[1].rm_so >= 0 ? 1 : 0;

241

line += pmatch[i].rm_so;

242

result = pmatch[i].rm_eo - pmatch[i].rm_so;

243

if (result > buffer_size)

244

result = buffer_size;

245

while (result > 0 && (isspace(line[result - 1])((sane_ctype[(unsigned char)(line[result - 1])] & (0x01))
!= 0)))

246

result--;

247

memcpy(buffer, line, result)__builtin___memcpy_chk (buffer, line, result, __builtin_object_size
(buffer, 0));

248

return result;

249

}

250

251

void xdiff_set_find_func(xdemitconf_t *xecfg, const char *value, int cflags)

252

{

253

int i;

254

struct ff_regs *regs;

255

256

xecfg->find_func = ff_regexp;

257

regs = xecfg->find_func_priv = xmalloc(sizeof(struct ff_regs));

258

for (i = 0, regs->nr = 1; value[i]; i++)

Loop condition is true. Entering loop body

→

←

Loop condition is false. Execution continues on line 261

→

259

if (value[i] == '\n')

←

Taking true branch

→

260

regs->nr++;

261

ALLOC_ARRAY(regs->array, regs->nr)(regs->array) = xmalloc(st_mult(sizeof(*(regs->array)),
(regs->nr)));

262

for (i = 0; i < regs->nr; i++) {

←

Loop condition is true. Entering loop body

→

←

Loop condition is true. Entering loop body

→

263

struct ff_reg *reg = regs->array + i;

264

const char *ep = strchr(value, '\n'), *expression;

265

char *buffer = NULL((void*)0);

266

267

reg->negate = (*value == '!');

←

Dereference of null pointer (loaded from variable 'value')

268

if (reg->negate && i == regs->nr - 1)

269

die("Last expression must not be negated: %s", value);

270

if (*value == '!')

←

Taking false branch

→

271

value++;

272

if (ep)

←

Assuming 'ep' is null

→

←

Taking false branch

→

273

expression = buffer = xstrndup(value, ep - value);

274

else

275

expression = value;

276

if (regcomp(&reg->re, expression, cflags))

←

Taking false branch

→

277

die("Invalid regexp to look for hunk header: %s", expression);

278

free(buffer);

279

value = ep + 1;

←

Null pointer value stored to 'value'

→

280

}

281

}

282

283

void xdiff_clear_find_func(xdemitconf_t *xecfg)

284

{

285

if (xecfg->find_func) {

286

int i;

287

struct ff_regs *regs = xecfg->find_func_priv;

288

289

for (i = 0; i < regs->nr; i++)

290

regfree(&regs->array[i].re);

291

free(regs->array);

292

free(regs);

293

xecfg->find_func = NULL((void*)0);

294

xecfg->find_func_priv = NULL((void*)0);

295

}

296

}

297

298

int git_xmerge_style = -1;

299

300

int git_xmerge_config(const char *var, const char *value, void *cb)

301

{

302

if (!strcmp(var, "merge.conflictstyle")) {

303

if (!value)

304

die("'%s' is not a boolean", var);

305

if (!strcmp(value, "diff3"))

306

git_xmerge_style = XDL_MERGE_DIFF31;

307

else if (!strcmp(value, "merge"))

308

git_xmerge_style = 0;

309

else

310

die("unknown style '%s' given for '%s'",

311

value, var);

312

return 0;

313

}

314

return git_default_config(var, value, cb);

315

}