Fix Coverity issues: CID 900601-900620

src/cplusplus/v2/v2.c

@@ -902,8 +902,10 @@ static CpDem *match_type(CpDem *dem, Param *param, ParamVec *params, bool *match
 		});
 
 		/* HACK: to remove last two extraneous ":" (colon) symbols */
-		param->name.buf[--param->name.len] = 0;
-		param->name.buf[--param->name.len] = 0;
+		if (param->name.buf && param->name.len >= 2) {
+			param->name.buf[--param->name.len] = 0;
+			param->name.buf[--param->name.len] = 0;
+		}
 		VecDemString_deinit(&qualifiers);
 
 		VecParam_append(params, param);
@@ -1183,17 +1185,19 @@ CpDem *cpdem_param_type(CpDem *dem, ParamVec *params) {
 
 			/* HACK: if return type is a function pointer itself, split it and patch it here
 			 * there may be a better way to do it, but it works for now. */
-			if (strstr(return_type.buf, "(*)")) {
+			if (return_type.buf && strstr(return_type.buf, "(*)")) {
 				char *pivot = strstr(return_type.buf, "(*)");
 
 				/* get return type of functor */
 				char *ftor_ret_type = return_type.buf;
-				ut64 ftor_ret_type_len = pivot - ftor_ret_type - 1;
+				ut64 ftor_ret_type_len = (pivot > ftor_ret_type) ? (ut64)(pivot - ftor_ret_type - 1) : 0;
 
 				/* get param list of functor */
 				char *ftor_param_list = pivot + 3;
 				ut64 ftor_param_list_len =
-					return_type.buf + return_type.len - ftor_param_list;
+					(ftor_param_list <= return_type.buf + return_type.len)
+					? (ut64)(return_type.buf + return_type.len - ftor_param_list)
+					: 0;
 
 				dem_string_append_n(&param.name, ftor_ret_type, ftor_ret_type_len);
 				dem_string_append_n(&param.name, " (*(*)", 6);
@@ -1352,10 +1356,12 @@ CpDem *cpdem_param_type(CpDem *dem, ParamVec *params) {
 			});
 
 			/* HACK: to remove extraneous "::" */
-			tname.buf[--tname.len] = 0;
-			tname.buf[--tname.len] = 0;
+			if (tname.buf && tname.len >= 2) {
+				tname.buf[--tname.len] = 0;
+				tname.buf[--tname.len] = 0;
+			}
 
-			base_typename = dem_str_ndup(tname.buf, tname.len);
+			base_typename = tname.buf ? dem_str_ndup(tname.buf, tname.len) : NULL;
 			dem_string_deinit(&tname);
 		}
 
@@ -1390,7 +1396,12 @@ CpDem *cpdem_param_type(CpDem *dem, ParamVec *params) {
 			/* for each rep, make clone of a type at previous index and put it at the end in the param vec */
 			for (ut64 r = 0; r < (ut64)num_reps; r++) {
 				Param p = { 0 };
-				param_init_clone(&p, VecParam_at(params, typeidx));
+				Param *src = VecParam_at(params, typeidx);
+				if (!src) {
+					free(base_typename);
+					return NULL;
+				}
+				param_init_clone(&p, src);
 
 				/* if we fell down from R */
 				if (is_ref) {
@@ -1579,6 +1590,8 @@ CpDem *cpdem_template_function_keep_parsing(CpDem *dem) {
 	/* get all template paramter types */
 	ParamVec tparams = { 0 };
 	VecParam_init(&tparams);
+	ParamVec tpf_ret_type = { 0 };
+	VecParam_init(&tpf_ret_type);
 	while (tparam_count-- && cpdem_template_param_type(dem, &tparams)) {
 	}
 	if (tparam_count > 0) {
@@ -1620,7 +1633,11 @@ CpDem *cpdem_template_function_keep_parsing(CpDem *dem) {
 					free(idx_str);
 					if (tparam_idx >= 0) {
 						Param tp_clone = { 0 };
-						param_init_clone(&tp_clone, VecParam_at(&tparams, tparam_idx));
+						Param *tp_src = VecParam_at(&tparams, tparam_idx);
+						if (!tp_src) {
+							goto cleanup_and_return;
+						}
+						param_init_clone(&tp_clone, tp_src);
 						VecParam_append(&dem->func_params, &tp_clone);
 					} else {
 						goto cleanup_and_return;
@@ -1644,8 +1661,6 @@ CpDem *cpdem_template_function_keep_parsing(CpDem *dem) {
 		goto cleanup_and_return;
 	}
 
-	ParamVec tpf_ret_type = { 0 };
-	VecParam_init(&tpf_ret_type);
 	if (cpdem_param_type(dem, &tpf_ret_type) && tpf_ret_type.length) {
 		Param *return_type = VecParam_at(&tpf_ret_type, 0);
 		param_append_to_dem_string(return_type, &dem->prefix);

src/cplusplus/v3/parser_combinator.c

@@ -34,7 +34,9 @@ bool match_many(
 	const char *sep,
 	const char stop) {
 	if (!rule || !r || !p) {
-		r->error = DEM_ERR_INVALID_SYNTAX;
+		if (r) {
+			r->error = DEM_ERR_INVALID_SYNTAX;
+		}
 		return false;
 	}
 

src/cplusplus/v3/v3.c

@@ -1419,7 +1419,7 @@ void ast_pp(DemNode *node, DemString *out, PPContext *ctx) {
 			dem_string_append(out, ".");
 			ast_pp(node->braced_expr.elem, out, ctx);
 		}
-		if (node->braced_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_EXPRESSION && node->braced_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_RANGE_EXPRESSION) {
+		if (node->braced_expr.init && node->braced_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_EXPRESSION && node->braced_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_RANGE_EXPRESSION) {
 			dem_string_append(out, " = ");
 		}
 		ast_pp(node->braced_expr.init, out, ctx);
@@ -1431,7 +1431,7 @@ void ast_pp(DemNode *node, DemString *out, PPContext *ctx) {
 		dem_string_append(out, " ... ");
 		ast_pp(node->braced_range_expr.last, out, ctx);
 		dem_string_append(out, "]");
-		if (node->braced_range_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_EXPRESSION && node->braced_range_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_RANGE_EXPRESSION) {
+		if (node->braced_range_expr.init && node->braced_range_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_EXPRESSION && node->braced_range_expr.init->tag != CP_DEM_TYPE_KIND_BRACED_RANGE_EXPRESSION) {
 			dem_string_append(out, " = ");
 		}
 		ast_pp(node->braced_range_expr.init, out, ctx);
@@ -1847,6 +1847,7 @@ bool parse_module_name(DemParser *p, PDemNode *pmodule) {
 		result.output = NULL;
 		DemNode *sub_module = DemNode_ctor(CP_DEM_TYPE_KIND_MODULE_NAME, ctx.saved_pos, CUR() - ctx.saved_pos);
 		if (!sub_module) {
+			DemNode_dtor(Sub);
 			DemResult_deinit(&result);
 			return false;
 		}
@@ -1865,11 +1866,11 @@ PDemNode parse_abi_tags(DemParser *p, PDemNode node) {
 	while (READ('B')) {
 		DemStringView tag = { 0 };
 		if (!parse_base_source_name(p, &tag.buf, &tag.len)) {
-			return NULL;
+			return node;
 		}
 		PDemNode tagged = DemNode_ctor(CP_DEM_TYPE_KIND_ABI_TAG_TY, tag.buf, tag.len);
 		if (!tagged) {
-			return NULL;
+			return node;
 		}
 		tagged->abi_tag_ty.tag = tag;
 		tagged->abi_tag_ty.ty = node;
@@ -3197,8 +3198,8 @@ bool rule_function_type(DemParser *p, DemResult *r) {
 	RULE_HEAD(FUNCTION_TYPE);
 	// This rule only handles F...E (bare function type)
 	// P prefix is handled in the type rule, which properly inserts * for function pointers
-	parse_cv_qualifiers(p, &node->fn_ty.cv_qualifiers);
-	parse_ref_qualifiers(p, &node->fn_ty.ref_qualifiers);
+	(void)parse_cv_qualifiers(p, &node->fn_ty.cv_qualifiers);
+	(void)parse_ref_qualifiers(p, &node->fn_ty.ref_qualifiers);
 
 	if (READ_STR("Do")) {
 		node->fn_ty.exception_spec = MAKE_PRIMITIVE_TYPE(CUR() - 2, CUR(), "noexcept");
@@ -3223,9 +3224,9 @@ bool rule_function_type(DemParser *p, DemResult *r) {
 		node->fn_ty.exception_spec->child = spec;
 	}
 
-	READ_STR("Dx");
+	(void)READ_STR("Dx");
 	MUST_MATCH(READ('F'));
-	READ('Y');
+	(void)READ('Y');
 	MUST_MATCH(CALL_RULE_N(node->fn_ty.ret, rule_type));
 
 	node->fn_ty.params = DemNode_ctor(CP_DEM_TYPE_KIND_MANY, CUR(), 0);
@@ -3382,9 +3383,13 @@ bool rule_source_name(DemParser *p, DemResult *r) {
 		TRACE_RETURN_FAILURE();
 	}
 	if (strncmp(name, "_GLOBAL__N", sizeof("_GLOBAL__N") - 1) == 0) {
-		node = PRIMITIVE_TYPE("(anonymous namespace)");
+		if (!PRIMITIVE_TYPE("(anonymous namespace)")) {
+			TRACE_RETURN_FAILURE();
+		}
 	} else {
-		PRIMITIVE_TYPEN(name, name_len);
+		if (!PRIMITIVE_TYPEN(name, name_len)) {
+			TRACE_RETURN_FAILURE();
+		}
 	}
 	TRACE_RETURN_SUCCESS;
 }
@@ -3655,7 +3660,7 @@ bool rule_base_unresolved_name(DemParser *p, DemResult *r) {
 		MUST_MATCH(CALL_RULE(rule_destructor_name));
 		TRACE_RETURN_SUCCESS;
 	}
-	READ_STR("on");
+	(void)READ_STR("on");
 	MUST_MATCH(CALL_RULE_VA(rule_operator_name, NULL));
 	if (PEEK() == 'I') {
 		MUST_MATCH(CALL_RULE(rule_template_args));
@@ -4307,7 +4312,7 @@ bool rule_unnamed_type_name(DemParser *p, DemResult *r) {
 	}
 	if (READ_STR("Ub")) {
 		// Ub <number> _ — block literal (Apple/Objective-C extension)
-		parse_non_neg_integer(p, NULL);
+		(void)parse_non_neg_integer(p, NULL);
 		MUST_MATCH(READ('_'));
 		AST_APPEND_STR("'block-literal'");
 		TRACE_RETURN_SUCCESS;
@@ -4556,6 +4561,9 @@ bool parse_rule(DemContext *ctx, const char *mangled, DemRule rule, CpDemOptions
 		free(buf_str);
 	}
 	DemNode *output_node = ctx->result.output;
+	if (!output_node) {
+		return false;
+	}
 	PPContext_init(&pp_ctx, opts);
 	ast_pp(output_node, &ctx->output, &pp_ctx);
 	if (ctx->parser.options & DEM_OPT_SIMPLE) {

src/cplusplus/vec.h

@@ -95,6 +95,9 @@
 		return VecF(T, at)(self, 0); \
 	} \
 	__attribute__((unused)) static inline T *VecF(T, tail)(Vec##T * self) { \
+		if (VecF(T, empty)(self)) { \
+			return NULL; \
+		} \
 		return VecF(T, at)(self, VecF(T, len)(self) - 1); \
 	} \
 	__attribute__((unused)) static inline bool VecF(T, reserve)(Vec##T * self, size_t new_cap) { \

src/demangler_util.c

@@ -324,6 +324,12 @@ bool dem_string_append_n(DemString *ds, const char *string, size_t size) {
 		return false;
 	}
 
+	// Fix cid: 900607
+	if (!ds->buf) {
+		free(string_copy);
+		return false;
+	}
+
 	memcpy(ds->buf + ds->len, string, size);
 	ds->len += size;
 	ds->buf[ds->len] = 0;