Open
Description
Consider the following code snippet:
struct sockaddr_in addr;
socklen_t addrlen = sizeof(addr);
sock = accept (fd, (struct sockaddr*) &addr, &addrlen);
if (sock < 0) {
// 14←Assuming 'sock' is >= 0
return False;
}
... /* nothing touches "addr" in the interim */
host = addr.sin_addr.s_addr;
// 18←Assigned value is garbage or undefined
At "18" a bogus report is flagged. Even if code analyzer did not know what the accept() syscall does, giving the function (which can't be previewed at the source code level) a benefit of the doubt, it should be considered that the call did initialize its argument addr passed by the pointer, thus validating the entire contents of it. No garbage.
The same happens for the recvfrom() call:
if (recvfrom(s_Sock[0], buf, sizeof(buf), 0, (struct sockaddr*) &sin, &sinlen) > 0) {
...
from = sin.sin_addr.s_addr;
// 13←Assigned value is garbage or undefined
}
BTW, using a different technique of dealing with accept() peculiarity, causes the same bogus report:
union {
struct sockaddr sa;
struct sockaddr_in in;
struct sockaddr_in6 in6;
struct sockaddr_un un;
} u;
...
fd = accept (sock, &u.sa, &addrlen);
...
assert(u.un.sun_family == AF_UNIX);
// 28←The left operand of '==' is a garbage value