From a995b1e68129a0bb3928625c4f5a7bcb24893d75 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
Date: Mon, 16 Dec 2019 21:52:55 +0100
Subject: [PATCH] lua: workaround false positive dereference of null pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

scan-build from clang-9 has reported following:

 ubus.c:837:16: warning: Access to field 'rnotify' results in a dereference of a null pointer (loaded from variable 'sub')
                 sub->rnotify = luaL_ref(L, -2);

Which is false positive as the lua_error() does a long jump and
therefore never returns and this long jump probably confuses the static
analyzer. So this patch workarounds this false positive by helping
static analyzer by using common Lua idiom which is to return
lua_error()'s return value.

Ref: https://www.lua.org/manual/5.1/manual.html#lua_error
Addresses-Coverity-ID: 1412355 ("Dereference after null check")
Signed-off-by: Petr Å tetiar <ynezz@true.cz>
---
 lua/ubus.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/lua/ubus.c b/lua/ubus.c
index 6fbbc06..fb50418 100644
--- a/lua/ubus.c
+++ b/lua/ubus.c
@@ -557,8 +557,7 @@ static int ubus_lua_add(lua_State *L)
 	/* verify top level object */
 	if (lua_istable(L, 1)) {
 		lua_pushstring(L, "you need to pass a table");
-		lua_error(L);
-		return 0;
+		return lua_error(L);
 	}
 
 	/* scan each object */
@@ -598,7 +597,7 @@ ubus_lua_notify( lua_State *L )
 
 	if( !lua_islightuserdata( L, 2 ) ){
 		lua_pushfstring( L, "Invald 2nd parameter, expected ubus obj ref" );
-		lua_error( L );
+		return lua_error( L );
 	}
 	obj = lua_touserdata( L, 2 );
 
@@ -606,7 +605,7 @@ ubus_lua_notify( lua_State *L )
 	blob_buf_init(&c->buf, 0);
 	if( !ubus_lua_format_blob_array( L, &c->buf, true ) ){
 		lua_pushfstring( L, "Invalid 4th parameter, expected table of arguments" );
-		lua_error( L );
+		return lua_error( L );
 	}
 
 	ubus_notify( c->ctx, obj, method, c->buf.head, -1 );
@@ -812,7 +811,7 @@ ubus_sub_notify_handler(struct ubus_context *ctx, struct ubus_object *obj,
 
 
 
-static void
+static int
 ubus_lua_do_subscribe( struct ubus_context *ctx, lua_State *L, const char* target,
                         int idxnotify, int idxremove )
 {
@@ -822,13 +821,13 @@ ubus_lua_do_subscribe( struct ubus_context *ctx, lua_State *L, const char* targe
 
 	if( ( status = ubus_lookup_id( ctx, target, &id ) ) ){
 		lua_pushfstring( L, "Unable find target, status=%d", status );
-		lua_error( L );
+		return lua_error( L );
 	}
 
 	sub = calloc( 1, sizeof( struct ubus_lua_subscriber ) );
 	if( !sub ){
 		lua_pushstring( L, "Out of memory" );
-		lua_error( L );
+		return lua_error( L );
 	}
 
 	if( idxnotify ){
@@ -849,13 +848,15 @@ ubus_lua_do_subscribe( struct ubus_context *ctx, lua_State *L, const char* targe
 
 	if( ( status = ubus_register_subscriber( ctx, &sub->s ) ) ){
 		lua_pushfstring( L, "Failed to register subscriber, status=%d", status );
-		lua_error( L );
+		return lua_error( L );
 	}
 
 	if( ( status = ubus_subscribe( ctx, &sub->s, id) ) ){
 		lua_pushfstring( L, "Failed to register subscriber, status=%d", status );
-		lua_error( L );
+		return lua_error( L );
 	}
+
+	return 0;
 }
 
 static int
-- 
2.25.1