clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name tvbuff_brotli.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-19/lib/clang/19 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /builds/wireshark/wireshark/epan -isystem /builds/wireshark/wireshark/build/epan -isystem /usr/include/libxml2 -isystem /usr/include/lua5.4 -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -D epan_EXPORTS -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -I /builds/wireshark/wireshark/wiretap -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-truncation -Wno-format-nonliteral -Wno-pointer-sign -std=gnu11 -ferror-limit 19 -fvisibility=hidden -fwrapv -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2025-07-08-100254-3847-1 -x c /builds/wireshark/wireshark/epan/tvbuff_brotli.c
| 1 | |
| 2 | |
| 3 | |
| 4 | |
| 5 | |
| 6 | |
| 7 | |
| 8 | |
| 9 | |
| 10 | #include <config.h> |
| 11 | |
| 12 | #include <glib.h> |
| 13 | |
| 14 | #include <string.h> |
| 15 | |
| 16 | #ifdef HAVE_BROTLI |
| 17 | #include <brotli/decode.h> |
| 18 | #endif |
| 19 | |
| 20 | #include "tvbuff.h" |
| 21 | |
| 22 | #ifdef HAVE_BROTLI |
| 23 | |
| 24 | |
| 25 | |
| 26 | |
| 27 | |
| 28 | #define TVB_BROTLI_BUFSIZ (1 << 19) |
| 29 | |
| 30 | static void* |
| 31 | brotli_g_malloc_wrapper(void *opaque _U_, size_t size) |
| 32 | { |
| 33 | return g_malloc(size); |
| 34 | } |
| 35 | |
| 36 | static void |
| 37 | brotli_g_free_wrapper(void *opaque _U_, void *address) |
| 38 | { |
| 39 | g_free(address); |
| 40 | } |
| 41 | |
| 42 | |
| 43 | |
| 44 | |
| 45 | |
| 46 | |
| 47 | |
| 48 | tvbuff_t * |
| 49 | tvb_uncompress_brotli(tvbuff_t *tvb, const int offset, int comprlen) |
| 50 | { |
| 51 | uint8_t *compr; |
| 52 | uint8_t *uncompr = NULL; |
| 53 | tvbuff_t *uncompr_tvb; |
| 54 | BrotliDecoderState *decoder; |
| 55 | uint8_t *strmbuf; |
| 56 | const size_t bufsiz = TVB_BROTLI_BUFSIZ; |
| 57 | size_t available_in; |
| 58 | const uint8_t *next_in; |
| 59 | size_t available_out; |
| 60 | uint8_t *next_out; |
| 61 | size_t total_out; |
| 62 | unsigned needs_more_output; |
| 63 | unsigned finished; |
| 64 | |
| 65 | if (tvb == NULL || comprlen <= 0) { |
| 2 | | Assuming 'tvb' is not equal to NULL | |
|
| 3 | | Assuming 'comprlen' is > 0 | |
|
| |
| 66 | return NULL; |
| 67 | } |
| 68 | |
| 69 | compr = (uint8_t *)tvb_memdup(NULL, tvb, offset, comprlen); |
| 70 | if (compr == NULL) { |
| 5 | | Assuming 'compr' is not equal to NULL | |
|
| |
| 71 | return NULL; |
| 72 | } |
| 73 | |
| 74 | decoder = BrotliDecoderCreateInstance( |
| 75 | &brotli_g_malloc_wrapper , |
| 76 | &brotli_g_free_wrapper , |
| 77 | NULL ); |
| 78 | if (decoder == NULL) { |
| 7 | | Assuming 'decoder' is not equal to NULL | |
|
| |
| 79 | wmem_free(NULL, compr); |
| 80 | return NULL; |
| 81 | } |
| 82 | strmbuf = (uint8_t *)g_malloc(bufsiz); |
| 83 | |
| 84 | available_in = comprlen; |
| 85 | next_in = compr; |
| 86 | total_out = 0; |
| 87 | needs_more_output = 0; |
| 88 | finished = 0; |
| 89 | while (available_in > 0 || needs_more_output) { |
| 16 | | Assuming 'available_in' is <= 0 | |
|
| 17 | | Loop condition is false. Execution continues on line 137 | |
|
| 90 | needs_more_output = 0; |
| 91 | available_out = bufsiz; |
| 92 | next_out = strmbuf; |
| 93 | |
| 94 | BrotliDecoderResult result = BrotliDecoderDecompressStream( |
| 95 | decoder, &available_in, &next_in, &available_out, &next_out, &total_out); |
| 96 | switch (result) { |
| 9 | | Control jumps to 'case BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT:' at line 106 | |
|
| 97 | case BROTLI_DECODER_RESULT_SUCCESS: |
| 98 | if (available_in > 0) { |
| 99 | goto cleanup; |
| 100 | } |
| 101 | finished = 1; |
| 102 | break; |
| 103 | case BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT: |
| 104 | needs_more_output = 1; |
| 105 | break; |
| 106 | case BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT: |
| 107 | |
| 108 | |
| 109 | |
| 110 | |
| 111 | |
| 112 | break; |
| 113 | case BROTLI_DECODER_RESULT_ERROR: |
| 114 | default: |
| 115 | goto cleanup; |
| 116 | } |
| 117 | |
| 118 | |
| 119 | |
| 120 | |
| 121 | if (total_out > INT_MAX) { |
| 10 | | Execution continues on line 121 | |
|
| 11 | | Assuming 'total_out' is <= INT_MAX | |
|
| |
| 122 | goto cleanup; |
| 123 | } |
| 124 | |
| 125 | |
| 126 | |
| 127 | |
| 128 | |
| 129 | |
| 130 | size_t pass_out = bufsiz - available_out; |
| 131 | if (pass_out > 0) { |
| 13 | | Assuming 'pass_out' is > 0 | |
|
| |
| 132 | uncompr = (uint8_t *)g_realloc(uncompr, total_out); |
| |
| 133 | memcpy(uncompr + (total_out - pass_out), strmbuf, pass_out); |
| 134 | } |
| 135 | } |
| 136 | |
| 137 | if (uncompr == NULL) { |
| |
| 138 | |
| 139 | |
| 140 | |
| 141 | |
| 142 | if (finished) { |
| 143 | uncompr = (uint8_t *)g_strdup(""); |
| 144 | } else { |
| 145 | goto cleanup; |
| 146 | } |
| 147 | } |
| 148 | |
| 149 | uncompr_tvb = tvb_new_real_data((uint8_t *)uncompr, (unsigned)total_out, (int)total_out); |
| 19 | | Potential leak of memory pointed to by 'uncompr' |
|
| 150 | tvb_set_free_cb(uncompr_tvb, g_free); |
| 151 | |
| 152 | g_free(strmbuf); |
| 153 | wmem_free(NULL, compr); |
| 154 | BrotliDecoderDestroyInstance(decoder); |
| 155 | return uncompr_tvb; |
| 156 | |
| 157 | cleanup: |
| 158 | g_free(strmbuf); |
| 159 | g_free(uncompr); |
| 160 | wmem_free(NULL, compr); |
| 161 | BrotliDecoderDestroyInstance(decoder); |
| 162 | return NULL; |
| 163 | } |
| 164 | #else |
| 165 | tvbuff_t * |
| 166 | tvb_uncompress_brotli(tvbuff_t *tvb _U_, const int offset _U_, int comprlen _U_) |
| 167 | { |
| 168 | return NULL; |
| 169 | } |
| 170 | #endif |
| 171 | |
| 172 | tvbuff_t * |
| 173 | tvb_child_uncompress_brotli(tvbuff_t *parent, tvbuff_t *tvb, const int offset, int comprlen) |
| 174 | { |
| 175 | tvbuff_t *new_tvb = tvb_uncompress_brotli(tvb, offset, comprlen); |
| 1 | Calling 'tvb_uncompress_brotli' | |
|
| 176 | if (new_tvb) |
| 177 | tvb_set_child_real_data_tvbuff(parent, new_tvb); |
| 178 | return new_tvb; |
| 179 | } |
| 180 | |
| 181 | |
| 182 | |
| 183 | |
| 184 | |
| 185 | |
| 186 | |
| 187 | |
| 188 | |
| 189 | |
| 190 | |
| 191 | |
| 192 | |