Bug 8587 - Useless comparison in talloc_chunk_from_ptr()
Summary: Useless comparison in talloc_chunk_from_ptr()
Status: RESOLVED FIXED
Alias: None
Product: TALLOC
Classification: Unclassified
Component: libtalloc (show other bugs)
Version: unspecified
Hardware: All All
: P5 trivial
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-08 18:45 UTC by Stephen Gallagher
Modified: 2020-10-01 09:35 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Gallagher 2011-11-08 18:45:21 UTC
Detected by Coverity 5.5.1 running against current master branch (2011-11-08) of samba


 344/* panic if we get a bad magic value */
 345static inline struct talloc_chunk *talloc_chunk_from_ptr(const void *ptr)
 346{
 347        const char *pp = (const char *)ptr;
 348        struct talloc_chunk *tc = discard_const_p(struct talloc_chunk, pp - TC_HDR_SIZE);
 349        if (unlikely((tc->flags & (TALLOC_FLAG_FREE | ~0xF)) != TALLOC_MAGIC)) { 
CID 10924: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)(tc->flags & 4294963200U /* ~0xfff */) == 0xe814ec70U is always false regardless of the values of its operands. This occurs as the logical operand of if.
 350                if ((tc->flags & (~0xFFF)) == TALLOC_MAGIC_BASE) {
 351                        talloc_abort_magic(tc->flags & (~0xF));
 352                        return NULL;
 353                }
 354
 355                if (tc->flags & TALLOC_FLAG_FREE) {
 356                        talloc_log("talloc: access after free error - first free may be at %s\n", tc->name);
 357                        talloc_abort_access_after_free();
 358                        return NULL;
 359                } else {
 360                        talloc_abort_unknown_value();
 361                        return NULL;
 362                }
 363        }
 364        return tc;
 365}
Comment 1 Douglas Bagnall 2020-10-01 09:35:18 UTC
Made invalid/fixed by commit 30ea897194c68c149d4986b22a5d964454bec258