I looked at this report for a while. My current understanding:
* its detection was triggered by including rs/move-array,
f331ab9d4c (use MOVE_ARRAY, 2017-07-15)
* But it is harmless, because the scan logic does not understand
how ALLOC_GROW works. It assumes that
done_pbase_paths_alloc can be larger
than done_pbase_paths_num + 1, while done_pbase_paths
is NULL, such that the memory allocation is not triggered.
If that were the case, then we have 2 subsequent dereferences
of a NULL pointer right after that. But by inspecting the use
of _alloc and _num the initial assumption does not seem possible.
Stefan
---------- Forwarded message ----------
From: <scan-admin@xxxxxxxxxxxx>
Date: Tue, Jul 18, 2017 at 2:53 AM
Subject: New Defects reported by Coverity Scan for git
To: sbeller@xxxxxxxxxx
Hi,
Please find the latest report on new defect(s) introduced to git found
with Coverity Scan.
2 new defect(s) introduced to git found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1415508: Null pointer dereferences (FORWARD_NULL)
/builtin/pack-objects.c: 1292 in check_pbase_path()
________________________________________________________________________________________________________
*** CID 1415508: Null pointer dereferences (FORWARD_NULL)
/builtin/pack-objects.c: 1292 in check_pbase_path()
1286 }
1287 return -lo-1;
1288 }
1289
1290 static int check_pbase_path(unsigned hash)
1291 {
>>> CID 1415508: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "done_pbase_paths" to null implies that "done_pbase_paths" might be null.
1292 int pos = (!done_pbase_paths) ? -1 : done_pbase_path_pos(hash);
1293 if (0 <= pos)
1294 return 1;
1295 pos = -pos - 1;
1296 ALLOC_GROW(done_pbase_paths,
1297 done_pbase_paths_num + 1,
** CID 1415507: Null pointer dereferences (FORWARD_NULL)
/builtin/pack-objects.c: 1303 in check_pbase_path()
________________________________________________________________________________________________________
*** CID 1415507: Null pointer dereferences (FORWARD_NULL)
/builtin/pack-objects.c: 1303 in check_pbase_path()
1297 done_pbase_paths_num + 1,
1298 done_pbase_paths_alloc);
1299 done_pbase_paths_num++;
1300 if (pos < done_pbase_paths_num)
1301 MOVE_ARRAY(done_pbase_paths + pos + 1,
done_pbase_paths + pos,
1302 done_pbase_paths_num - pos - 1);
>>> CID 1415507: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "done_pbase_paths".
1303 done_pbase_paths[pos] = hash;
1304 return 0;
1305 }
1306
1307 static void add_preferred_base_object(const char *name)
1308 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb8HAP5hlBzHe8sORKm64S-2F81GsNbRdSrOteP-2FXoviMkw-3D-3D_PwiGIFugGOKqSZ6DZhASdI2SvWKInry4kHBXrJUc9pnRRRwN8fPiR-2BR4LTK2qB-2F8DwbeZJjY7Zg2FBdb8jgiAk7m6rh1YdNCvPYCPUewgRcPRcmkOFDltPB2GLYjg5Pl86kCKSRkx6inI-2BuknVr53Cjba4HgtlWmCuW5A0WMiIFvSKDW3-2BKYfPjiZDMCOFSGSLivQrUyaTeOHAHjl-2FNvbw-3D-3D
To manage Coverity Scan email notifications for "sbeller@xxxxxxxxxx",
click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rtNFBzV5kav4CghkcEfRxSYnY6rsKHvgCYp1ThXvyV0VWbGuKIDENjx2sj6ivdYZu-2BNbJM6lgB1oY5D28iuW580xRVIt7xUSma4mf0o8-2BwE-3D_PwiGIFugGOKqSZ6DZhASdI2SvWKInry4kHBXrJUc9pnRRRwN8fPiR-2BR4LTK2qB-2F8ec7P8LTccgviKTLC0eUY7vUYOHaxCJX7GTQpS8ooD-2BtrxVu-2BilxPyHEoqsJLDaUcr6ObouH5nHR8K0ccYTKk6yC1yT-2BgMwWml4OIILno46DqjVrTy1kpeg4B-2BRv4QBTs54v6KZ4s-2FPtTLU3-2BsF7qgg-3D-3D
