Bug Summary

File:lwan-thread.c
Warning:line 822, column 31
Array subscript is undefined

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name lwan-thread.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -mframe-pointer=all -fmath-errno -fno-rounding-math -mconstructor-aliases -fno-plt -munwind-tables -target-cpu x86-64 -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib/clang/11.1.0 -include /home/buildbot/lwan-worker/clang-analyze/build/lwan-build-config.h -D _FILE_OFFSET_BITS=64 -D _TIME_BITS=64 -I /home/buildbot/lwan-worker/clang-analyze/build/src/lib/missing -I /usr/include/luajit-2.0 -I /usr/include/valgrind -I /home/buildbot/lwan-worker/clang-analyze/build/src/lib -I /home/buildbot/lwan-worker/clang-analyze/build -internal-isystem /usr/local/include -internal-isystem /usr/lib/clang/11.1.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wno-unused-parameter -Wno-free-nonheap-object -std=gnu99 -fdebug-compilation-dir /home/buildbot/lwan-worker/clang-analyze/build/src/lib -ferror-limit 19 -stack-protector 2 -fgnuc-version=4.2.1 -analyzer-output=html -faddrsig -o /home/buildbot/lwan-worker/clang-analyze/CLANG/2021-05-14-160440-265621-1 -x c /home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-thread.c
1/*
2 * lwan - simple web server
3 * Copyright (c) 2012, 2013 Leandro A. F. Pereira <leandro@hardinfo.org>
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
18 * USA.
19 */
20
21#define _GNU_SOURCE
22#include <assert.h>
23#include <errno(*__errno_location ()).h>
24#include <fcntl.h>
25#include <pthread.h>
26#include <sched.h>
27#include <stdlib.h>
28#include <string.h>
29#include <sys/epoll.h>
30#include <sys/ioctl.h>
31#include <sys/socket.h>
32#include <unistd.h>
33
34#if defined(HAVE_SO_ATTACH_REUSEPORT_CBPF)
35#include <linux1/filter.h>
36#endif
37
38#include "lwan-private.h"
39#include "lwan-tq.h"
40#include "list.h"
41
42static void lwan_strbuf_free_defer(void *data)
43{
44 lwan_strbuf_free((struct lwan_strbuf *)data);
45}
46
47static void graceful_close(struct lwan *l,
48 struct lwan_connection *conn,
49 char buffer[static DEFAULT_BUFFER_SIZE4096])
50{
51 int fd = lwan_connection_get_fd(l, conn);
52
53 while (TIOCOUTQ0x5411) {
54 /* This ioctl isn't probably doing what it says on the tin; the details
55 * are subtle, but it seems to do the trick to allow gracefully closing
56 * the connection in some cases with minimal system calls. */
57 int bytes_waiting;
58 int r = ioctl(fd, TIOCOUTQ0x5411, &bytes_waiting);
59
60 if (!r && !bytes_waiting) /* See note about close(2) below. */
61 return;
62 if (r < 0 && errno(*__errno_location ()) == EINTR4)
63 continue;
64
65 break;
66 }
67
68 if (UNLIKELY(shutdown(fd, SHUT_WR) < 0)__builtin_expect(((shutdown(fd, SHUT_WR) < 0)), (0))) {
69 if (UNLIKELY(errno == ENOTCONN)__builtin_expect((((*__errno_location ()) == 107)), (0)))
70 return;
71 }
72
73 for (int tries = 0; tries < 20; tries++) {
74 ssize_t r = read(fd, buffer, DEFAULT_BUFFER_SIZE4096);
75
76 if (!r)
77 break;
78
79 if (r < 0) {
80 switch (errno(*__errno_location ())) {
81 case EAGAIN11:
82 break;
83 case EINTR4:
84 continue;
85 default:
86 return;
87 }
88 }
89
90 coro_yield(conn->coro, CONN_CORO_WANT_READ);
91 }
92
93 /* close(2) will be called when the coroutine yields with CONN_CORO_ABORT */
94}
95
96__attribute__((noreturn)) static int process_request_coro(struct coro *coro,
97 void *data)
98{
99 /* NOTE: This function should not return; coro_yield should be used
100 * instead. This ensures the storage for `strbuf` is alive when the
101 * coroutine ends and lwan_strbuf_free() is called. */
102 struct lwan_connection *conn = data;
103 struct lwan *lwan = conn->thread->lwan;
104 int fd = lwan_connection_get_fd(lwan, conn);
105 enum lwan_request_flags flags = lwan->config.request_flags;
106 struct lwan_strbuf strbuf = LWAN_STRBUF_STATIC_INIT(struct lwan_strbuf) { .buffer = "" };
107 char request_buffer[DEFAULT_BUFFER_SIZE4096];
108 struct lwan_value buffer = {.value = request_buffer, .len = 0};
109 char *next_request = NULL((void*)0);
110 char *header_start[N_HEADER_START64];
111 struct lwan_proxy proxy;
112 const int error_when_n_packets = lwan_calculate_n_packets(DEFAULT_BUFFER_SIZE4096);
113
114 coro_defer(coro, lwan_strbuf_free_defer, &strbuf);
115
116 const size_t init_gen = 1; /* 1 call to coro_defer() */
117 assert(init_gen == coro_deferred_get_generation(coro))((void) sizeof ((init_gen == coro_deferred_get_generation(coro
)) ? 1 : 0), __extension__ ({ if (init_gen == coro_deferred_get_generation
(coro)) ; else __assert_fail ("init_gen == coro_deferred_get_generation(coro)"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-thread.c"
, 117, __extension__ __PRETTY_FUNCTION__); }))
;
118
119 while (true1) {
120 struct lwan_request_parser_helper helper = {
121 .buffer = &buffer,
122 .next_request = next_request,
123 .error_when_n_packets = error_when_n_packets,
124 .header_start = header_start,
125 };
126 struct lwan_request request = {.conn = conn,
127 .global_response_headers = &lwan->headers,
128 .fd = fd,
129 .response = {.buffer = &strbuf},
130 .flags = flags,
131 .proxy = &proxy,
132 .helper = &helper};
133
134 lwan_process_request(lwan, &request);
135
136 /* Run the deferred instructions now (except those used to initialize
137 * the coroutine), so that if the connection is gracefully closed,
138 * the storage for ``helper'' is still there. */
139 coro_deferred_run(coro, init_gen);
140
141 if (UNLIKELY(!(conn->flags & CONN_IS_KEEP_ALIVE))__builtin_expect(((!(conn->flags & CONN_IS_KEEP_ALIVE)
)), (0))
) {
142 graceful_close(lwan, conn, request_buffer);
143 break;
144 }
145
146 if (next_request && *next_request) {
147 conn->flags |= CONN_CORK;
148
149 if (!(conn->flags & CONN_EVENTS_WRITE))
150 coro_yield(coro, CONN_CORO_WANT_WRITE);
151 } else {
152 conn->flags &= ~CONN_CORK;
153 coro_yield(coro, CONN_CORO_WANT_READ);
154 }
155
156 /* Ensure string buffer is reset between requests, and that the backing
157 * store isn't over 2KB. */
158 lwan_strbuf_reset_trim(&strbuf, 2048);
159
160 /* Only allow flags from config. */
161 flags = request.flags & (REQUEST_PROXIED | REQUEST_ALLOW_CORS);
162 next_request = helper.next_request;
163 }
164
165 coro_yield(coro, CONN_CORO_ABORT);
166 __builtin_unreachable();
167}
168
169static ALWAYS_INLINEinline __attribute__((always_inline)) uint32_t
170conn_flags_to_epoll_events(enum lwan_connection_flags flags)
171{
172 static const uint32_t map[CONN_EVENTS_MASK + 1] = {
173 [0 /* Suspended (timer or await) */] = EPOLLRDHUPEPOLLRDHUP,
174 [CONN_EVENTS_WRITE] = EPOLLOUTEPOLLOUT | EPOLLRDHUPEPOLLRDHUP,
175 [CONN_EVENTS_READ] = EPOLLINEPOLLIN | EPOLLRDHUPEPOLLRDHUP,
176 [CONN_EVENTS_READ_WRITE] = EPOLLINEPOLLIN | EPOLLOUTEPOLLOUT | EPOLLRDHUPEPOLLRDHUP,
177 };
178
179 return map[flags & CONN_EVENTS_MASK];
180}
181
182static void update_epoll_flags(int fd,
183 struct lwan_connection *conn,
184 int epoll_fd,
185 enum lwan_connection_coro_yield yield_result)
186{
187 static const enum lwan_connection_flags or_mask[CONN_CORO_MAX] = {
188 [CONN_CORO_YIELD] = 0,
189
190 [CONN_CORO_WANT_READ_WRITE] = CONN_EVENTS_READ_WRITE,
191 [CONN_CORO_WANT_READ] = CONN_EVENTS_READ,
192 [CONN_CORO_WANT_WRITE] = CONN_EVENTS_WRITE,
193
194 /* While the coro is suspended, we're not interested in either EPOLLIN
195 * or EPOLLOUT events. We still want to track this fd in epoll, though,
196 * so unset both so that only EPOLLRDHUP (plus the implicitly-set ones)
197 * are set. */
198 [CONN_CORO_SUSPEND] = CONN_SUSPENDED,
199
200 /* Ideally, when suspending a coroutine, the current flags&CONN_EVENTS_MASK
201 * would have to be stored and restored -- however, resuming as if the
202 * client coroutine is interested in a write event always guarantees that
203 * they'll be resumed as they're TCP sockets. There's a good chance that
204 * trying to read from a socket after resuming a coroutine will succeed,
205 * but if it doesn't because read() returns -EAGAIN, the I/O wrappers will
206 * yield with CONN_CORO_WANT_READ anyway. */
207 [CONN_CORO_RESUME] = CONN_EVENTS_WRITE,
208 };
209 static const enum lwan_connection_flags and_mask[CONN_CORO_MAX] = {
210 [CONN_CORO_YIELD] = ~0,
211
212 [CONN_CORO_WANT_READ_WRITE] = ~0,
213 [CONN_CORO_WANT_READ] = ~CONN_EVENTS_WRITE,
214 [CONN_CORO_WANT_WRITE] = ~CONN_EVENTS_READ,
215
216 [CONN_CORO_SUSPEND] = ~CONN_EVENTS_READ_WRITE,
217 [CONN_CORO_RESUME] = ~CONN_SUSPENDED,
218 };
219 enum lwan_connection_flags prev_flags = conn->flags;
220
221 conn->flags |= or_mask[yield_result];
222 conn->flags &= and_mask[yield_result];
223
224 if (conn->flags == prev_flags)
225 return;
226
227 struct epoll_event event = {
228 .events = conn_flags_to_epoll_events(conn->flags),
229 .data.ptr = conn,
230 };
231
232 if (UNLIKELY(epoll_ctl(epoll_fd, EPOLL_CTL_MOD, fd, &event) < 0)__builtin_expect(((epoll_ctl(epoll_fd, 3, fd, &event) <
0)), (0))
)
233 lwan_status_perror("epoll_ctl")lwan_status_perror_debug("/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-thread.c"
, 233, __FUNCTION__, "epoll_ctl")
;
234}
235
236static void clear_async_await_flag(void *data)
237{
238 struct lwan_connection *async_fd_conn = data;
239
240 async_fd_conn->flags &= ~CONN_ASYNC_AWAIT;
241}
242
243static enum lwan_connection_coro_yield
244resume_async(struct timeout_queue *tq,
245 enum lwan_connection_coro_yield yield_result,
246 int64_t from_coro,
247 struct lwan_connection *conn,
248 int epoll_fd)
249{
250 static const enum lwan_connection_flags to_connection_flags[] = {
251 [CONN_CORO_ASYNC_AWAIT_READ] = CONN_EVENTS_READ,
252 [CONN_CORO_ASYNC_AWAIT_WRITE] = CONN_EVENTS_WRITE,
253 [CONN_CORO_ASYNC_AWAIT_READ_WRITE] = CONN_EVENTS_READ_WRITE,
254 };
255 int await_fd = (int)((uint64_t)from_coro >> 32);
256 enum lwan_connection_flags flags;
257 int op;
258
259 assert(await_fd >= 0)((void) sizeof ((await_fd >= 0) ? 1 : 0), __extension__ ({
if (await_fd >= 0) ; else __assert_fail ("await_fd >= 0"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-thread.c"
, 259, __extension__ __PRETTY_FUNCTION__); }))
;
260 assert(yield_result >= CONN_CORO_ASYNC_AWAIT_READ &&((void) sizeof ((yield_result >= CONN_CORO_ASYNC_AWAIT_READ
&& yield_result <= CONN_CORO_ASYNC_AWAIT_READ_WRITE
) ? 1 : 0), __extension__ ({ if (yield_result >= CONN_CORO_ASYNC_AWAIT_READ
&& yield_result <= CONN_CORO_ASYNC_AWAIT_READ_WRITE
) ; else __assert_fail ("yield_result >= CONN_CORO_ASYNC_AWAIT_READ && yield_result <= CONN_CORO_ASYNC_AWAIT_READ_WRITE"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-thread.c"
, 261, __extension__ __PRETTY_FUNCTION__); }))
261 yield_result <= CONN_CORO_ASYNC_AWAIT_READ_WRITE)((void) sizeof ((yield_result >= CONN_CORO_ASYNC_AWAIT_READ
&& yield_result <= CONN_CORO_ASYNC_AWAIT_READ_WRITE
) ? 1 : 0), __extension__ ({ if (yield_result >= CONN_CORO_ASYNC_AWAIT_READ
&& yield_result <= CONN_CORO_ASYNC_AWAIT_READ_WRITE
) ; else __assert_fail ("yield_result >= CONN_CORO_ASYNC_AWAIT_READ && yield_result <= CONN_CORO_ASYNC_AWAIT_READ_WRITE"
, "/home/buildbot/lwan-worker/clang-analyze/build/src/lib/lwan-thread.c"
, 261, __extension__ __PRETTY_FUNCTION__); }))
;
262
263 flags = to_connection_flags[yield_result];
264
265 struct lwan_connection *await_fd_conn = &tq->lwan->conns[await_fd];
266 if (LIKELY(await_fd_conn->flags & CONN_ASYNC_AWAIT)__builtin_expect((!!(await_fd_conn->flags & CONN_ASYNC_AWAIT
)), (1))
) {
267 if (LIKELY((await_fd_conn->flags & CONN_EVENTS_MASK) == flags)__builtin_expect((!!((await_fd_conn->flags & CONN_EVENTS_MASK
) == flags)), (1))
)
268 return CONN_CORO_SUSPEND;
269
270 op = EPOLL_CTL_MOD3;
271 } else {
272