The static analyzer has detected DIVISION_BY_ZERO: variable nbands, whose possible value set allows a zero value at vfs_fruit.c:5191, is used as a denominator at vfs_fruit.c:5261.


The potentially null divisor `nbands` is initialized at vfs_fruit.c:5244:
`ok = fruit_get_num_bands(handle, name, &nbands);`

We see (at vfs_fruit.c:5191-5208) that `nbands`'s value increases (it's initial value zero) at least once in `while`-loop (vfs_fruit.c:5193-5200).

`while`-loop will be executed if:
1) function `Readername` returns `!=NULL`-value
2) `if (ISDOT(dname) || ISDOTDOT(dname))`-condition is true (vfs_fruit.c:5196).

If code at source3/smbd/dir.c:1614-1626 is executed then condition 2) `if (ISDOT(dname) || ISDOTDOT(dname))` is true.

However, if the directory is empty (has nothing except "." and "..") (though this contradicts the logic of the program) then `nbanks` will never increases and we will get a `division by zero`-error.

We created this issue to check with the developers if such situation (an empty dir entailing div by zero) is possible.


GitHub:
1) vfs_fruit.c:5191
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source3/modules/vfs_fruit.c#L5191
2) vfs_fruit.c:5193-5200
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source3/modules/vfs_fruit.c#L5193C1-L5200C3
3) source3/smbd/dir/c:1614-1626
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source3/smbd/dir.c#L1614C2-L1626C3


Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author E. Bykhanova (e.bykhanova@fobos-nt.ru).