diff --git a/src/array.c b/src/array.c index caa8d454..3527684b 100644 --- a/src/array.c +++ b/src/array.c @@ -390,6 +390,9 @@ array_match_key_prefix_nc_klen (const array * const a, const char * const s, con data_unset * array_match_key_prefix (const array * const a, const buffer * const b) { + #ifdef __clang_analyzer__ + force_assert(b); + #endif return array_match_key_prefix_klen(a, CONST_BUF_LEN(b)); } diff --git a/src/configfile.c b/src/configfile.c index 198d6290..99baa79d 100644 --- a/src/configfile.c +++ b/src/configfile.c @@ -1184,6 +1184,9 @@ int config_log_error_open(server *srv) { /* logs are opened after preflight check (srv->srvconf.preflight_check) * and after dropping privileges instead of being opened during config * processing */ + #ifdef __clang_analyzer__ + force_assert(srv->errh); + #endif /* Note: implementation does not de-dup repeated files or pipe commands */ diff --git a/src/data_config.c b/src/data_config.c index 15310b90..1b72ce5d 100644 --- a/src/data_config.c +++ b/src/data_config.c @@ -134,6 +134,7 @@ data_config *data_config_init(void) { data_config *ds; ds = calloc(1, sizeof(*ds)); + force_assert(ds); ds->comp_tag = buffer_init(); ds->comp_key = buffer_init(); diff --git a/src/gw_backend.c b/src/gw_backend.c index b86e2408..ddda45e8 100644 --- a/src/gw_backend.c +++ b/src/gw_backend.c @@ -2376,6 +2376,9 @@ handler_t gw_check_extension(request_st * const r, gw_plugin_data * const p, int /* check if extension matches */ for (uint32_t k = 0; k < exts->used; ++k) { gw_extension *ext = exts->exts+k; + #ifdef __clang_analyzer__ + force_assert(ext); /*(unnecessary; quiet clang analyzer)*/ + #endif size_t ct_len = buffer_string_length(&ext->key); /* check _url_ in the form "/gw_pattern" */ diff --git a/src/mod_extforward.c b/src/mod_extforward.c index cca5c4b9..9c8594d4 100644 --- a/src/mod_extforward.c +++ b/src/mod_extforward.c @@ -501,7 +501,7 @@ static int is_proxy_trusted(plugin_data *p, const char * const ip, size_t iplen) sock_addr addr; /* C funcs inet_aton(), inet_pton() require '\0'-terminated IP str */ char addrstr[64]; /*(larger than INET_ADDRSTRLEN and INET6_ADDRSTRLEN)*/ - if (iplen >= sizeof(addrstr)) return 0; + if (0 == iplen || iplen >= sizeof(addrstr)) return 0; memcpy(addrstr, ip, iplen); addrstr[iplen] = '\0'; @@ -843,6 +843,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c /* parse out params associated with for= addr set above */ oproto = ohost = oby = oremote_user = -1; + UNUSED(oby); j = ofor; if (j > 0) { do { --j; } while (j > 0 && -1 != offsets[j]); } if (-1 == offsets[j]) ++j; diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c index 91e1e092..ed063f23 100644 --- a/src/mod_fastcgi.c +++ b/src/mod_fastcgi.c @@ -348,6 +348,10 @@ static int fastcgi_get_packet(handler_ctx *hctx, fastcgi_response_packet *packet } return -1; } + #ifdef __clang_analyzer__ + /*(unnecessary (length checked above); init to quiet scan-build)*/ + memset(&header, 0, sizeof(FCGI_Header)); + #endif /* get at least the FastCGI header */ for (chunk *c = hctx->rb->first; c; c = c->next) { diff --git a/src/mod_openssl.c b/src/mod_openssl.c index eed6aaa5..4916c5f6 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -884,6 +884,9 @@ mod_wolfssl_load_client_CA_file (const buffer *ssl_ca_file, log_error_st *errh) /* similar to wolfSSL_load_client_CA_file(), plus some processing */ buffer **certs = NULL; if (NULL == mod_wolfssl_load_pem_file(ssl_ca_file->ptr, errh, &certs)) { + #ifdef __clang_analyzer__ + mod_wolfssl_free_der_certs(certs); /*unnecessary; quiet clang analyzer*/ + #endif return NULL; } @@ -929,6 +932,9 @@ mod_wolfssl_load_cacerts (const buffer *ssl_ca_file, log_error_st *errh) /* similar to wolfSSL_load_client_CA_file(), plus some processing */ buffer **certs = NULL; if (NULL == mod_wolfssl_load_pem_file(ssl_ca_file->ptr, errh, &certs)) { + #ifdef __clang_analyzer__ + mod_wolfssl_free_der_certs(certs); /*unnecessary; quiet clang analyzer*/ + #endif return NULL; } diff --git a/src/mod_proxy.c b/src/mod_proxy.c index 80d9a9b4..9a665ed6 100644 --- a/src/mod_proxy.c +++ b/src/mod_proxy.c @@ -786,7 +786,7 @@ static void proxy_set_Forwarded(connection * const con, request_st * const r, co buffer_append_string_backslash_escaped( b, CONST_BUF_LEN(remote_user)); buffer_append_string_len(b, CONST_STR_LEN("\"")); - semicolon = 1; + /*semicolon = 1;*/ } } diff --git a/src/plugin.c b/src/plugin.c index 5ff5a237..ed88ca3a 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -62,6 +62,7 @@ static plugin *plugin_init(void) { } static void plugin_free(plugin *p) { + if (NULL == p) return; /*(should not happen w/ current usage)*/ #if !defined(LIGHTTPD_STATIC) if (p->lib) { #if defined(HAVE_VALGRIND_VALGRIND_H) diff --git a/src/server.c b/src/server.c index 605d005a..e9322713 100644 --- a/src/server.c +++ b/src/server.c @@ -374,6 +374,9 @@ static int server_oneshot_init(server *srv, int fd) { srv_socket = server_oneshot_getsock(srv, &cnt_addr); if (NULL == srv_socket) return 0; + #ifdef __clang_analyzer__ + memset(&cnt_addr, 0, sizeof(cnt_addr)); + #endif cnt_len = sizeof(cnt_addr); if (0 != getpeername(fd, (struct sockaddr *)&cnt_addr, &cnt_len)) { log_perror(srv->errh, __FILE__, __LINE__, "getpeername()"); diff --git a/src/stat_cache.c b/src/stat_cache.c index bfa33a7c..9a38408a 100644 --- a/src/stat_cache.c +++ b/src/stat_cache.c @@ -234,11 +234,17 @@ static void fam_dir_periodic_cleanup() { static void fam_dir_invalidate_tree(splay_tree *t, const char *name, size_t len) { + #ifdef __clang_analyzer__ + force_assert(name); + #endif /*force_assert(t);*/ if (t->left) fam_dir_invalidate_tree(t->left, name, len); if (t->right) fam_dir_invalidate_tree(t->right, name, len); fam_dir_entry * const fam_dir = t->data; + #ifdef __clang_analyzer__ + force_assert(fam_dir); + #endif buffer *b = fam_dir->name; size_t blen = buffer_string_length(b); if (blen > len && b->ptr[len] == '/' && 0 == memcmp(b->ptr, name, len)) diff --git a/src/t/test_burl.c b/src/t/test_burl.c index 7720d492..041a6f4b 100644 --- a/src/t/test_burl.c +++ b/src/t/test_burl.c @@ -141,6 +141,7 @@ static void test_burl_normalize (void) { run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a/b?c=d%20e"), CONST_STR_LEN("/a/b?c=d+e")); flags &= ~HTTP_PARSEOPT_URL_NORMALIZE_QUERY_20_PLUS; + UNUSED(flags); buffer_free(psrc); buffer_free(ptmp); } diff --git a/src/t/test_configfile.c b/src/t/test_configfile.c index 735a7967..7c2c05b5 100644 --- a/src/t/test_configfile.c +++ b/src/t/test_configfile.c @@ -44,6 +44,11 @@ const struct { }; static void test_configfile_addrbuf_eq_remote_ip_mask (void) { + request_st r; + memset(&r, 0, sizeof(request_st)); + r.conf.errh = log_error_st_init(); + r.conf.errh->errorlog_fd = -1; /* (disable) */ + int i, m; buffer * const s = buffer_init(); char *slash; @@ -53,7 +58,7 @@ static void test_configfile_addrbuf_eq_remote_ip_mask (void) { if (1 != sock_addr_inet_pton(&rmt, rmtmask[i].rmtstr, rmtmask[i].rmtfamily, 0)) exit(-1); /*(bad test)*/ buffer_copy_string(s, rmtmask[i].string); slash = strchr(s->ptr,'/'); assert(slash); - m = config_addrbuf_eq_remote_ip_mask(NULL, s, slash, &rmt); + m = config_addrbuf_eq_remote_ip_mask(&r, s, slash, &rmt); if (m != rmtmask[i].expect) { fprintf(stderr, "failed assertion: %s %s %s\n", rmtmask[i].string, @@ -64,6 +69,7 @@ static void test_configfile_addrbuf_eq_remote_ip_mask (void) { } buffer_free(s); + log_error_st_free(r.conf.errh); } int main (void) {