* Makefile.in: Add lclint support

	* dyn.h: Lclint annotate functions.

	* dyn_create.c (DynCreate): Do not assume that malloc(0) is valid
	and returns a valid pointer. Fix memory leak if malloc fails.

	* dyn_realloc.c (_DynResize): Turn off warning of shifting a
	signed variable.

	* test.c: Check the return values of all library calls.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13191 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 100 insertions, 24 deletions

diff --git a/src/util/dyn/ChangeLog b/src/util/dyn/ChangeLog
index f16c5ee3e9..8e9df29cc6 100644
--- a/src/util/dyn/ChangeLog
+++ b/src/util/dyn/ChangeLog
@@ -1,3 +1,17 @@
+2001-04-25  Ezra Peisach  <epeisach@mit.edu>
+
+	* Makefile.in: Add lclint support.
+
+	* dyn.h: Lclint annotate functions.
+
+	* dyn_create.c (DynCreate): Do not assume that malloc(0) is valid
+	and returns a valid pointer. Fix memory leak if malloc fails.
+
+	* dyn_realloc.c (_DynResize): Turn off warning of shifting a
+	signed variable.
+
+	* test.c: Check the return values of all library calls.
+
 Thu Nov  9 15:31:31 2000  Ezra Peisach  <epeisach@mit.edu>
 
 	* dyn_create.c (DynCopy): Arguments to memcpy were reversed. Found
diff --git a/src/util/dyn/Makefile.in b/src/util/dyn/Makefile.in
index 850d365044..e189f3895b 100644
--- a/src/util/dyn/Makefile.in
+++ b/src/util/dyn/Makefile.in
@@ -67,3 +67,21 @@ check-windows::
 clean-mac::
 clean-windows::
 
+# /u1/kr/lclint-2.5m/bin/lclint -warnposix -D__sparc
+LCLINT=lclint
+# +posixlib	gets more complete errno list than ansilib
+# -usedef	turns off bogus warnings from poor dataflow analysis (should be
+#		redundant with gcc warnings anyways)
+# -warnposix
+# +charintliteral
+# +ignoresigns
+# -predboolint
+# -exportlocal
+# -retvalint	allow ignoring of int return values (e.g., fputs)
+LCLINTOPTS=+posixlib \
+	+ignoresigns -predboolint \
+	+mod-uncon +modinternalstrict +modfilesys \
+	-expect 2
+
+do-lclint: $(SRCS)
+	$(LCLINT) $(LCLINTOPTS) $(LOCALINCLUDES) $(DEFS) $(SRCS) $(srcdir)/test.c
diff --git a/src/util/dyn/dyn.h b/src/util/dyn/dyn.h
index f884588de2..267d758dd0 100644
--- a/src/util/dyn/dyn.h
+++ b/src/util/dyn/dyn.h
@@ -37,20 +37,21 @@ typedef struct _DynObject {
 #define DYN_BADVALUE	-1003
      
 /* Function declarations */
-#ifdef __STDC__
+#if defined(__STDC__) || defined(__LCLINT__)
 #define P(args) args
 #else
 #define P(args) ()
 #endif /* __STDC__ */
 
-DynObject DynCreate P((int el_size, int inc)), DynCopy P((DynObject obj));
-int DynDestroy P((DynObject obj)), DynRelease P((DynObject obj));
+/*@null@*//*@only@*/ DynObject DynCreate P((int el_size, int inc));
+/*@null@*//*@only@*/ DynObject DynCopy P((DynObject obj));
+int DynDestroy P((/*@only@*/DynObject obj)), DynRelease P((DynObject obj));
 int DynAdd P((DynObject obj, void *el));
 int DynPut P((DynObject obj, void *el, int idx));
-int DynInsert P((DynObject obj, int idx, void *els, int num));
+int DynInsert P((DynObject obj, int idx, /*@observer@*/void *els, int num));
 int DynDelete P((DynObject obj, int idx));
-DynPtr DynGet P((DynObject obj, int num));
-DynPtr DynArray P((DynObject obj));
+/*@dependent@*//*@null@*/ DynPtr DynGet P((DynObject obj, int num));
+/*@observer@*/ DynPtr DynArray P((DynObject obj));
 int DynDebug P((DynObject obj, int state));
 int DynParanoid P((DynObject obj, int state));
 int DynInitzero P((DynObject obj, int state));
diff --git a/src/util/dyn/dyn_create.c b/src/util/dyn/dyn_create.c
index ec2ba6296f..01d1ad4bd7 100644
--- a/src/util/dyn/dyn_create.c
+++ b/src/util/dyn/dyn_create.c
@@ -32,11 +32,13 @@ DynObjectP DynCreate(el_size, inc)
      if (obj == NULL)
 	  return NULL;
 
-#ifdef USE_DBMALLOC
      obj->array = (DynPtr) malloc(1);
-#else
-     obj->array = (DynPtr) malloc(0);
-#endif
+     if (obj->array == NULL) {
+	 free(obj);
+	 return NULL;
+     }
+     obj->array[0] = '\0';
+
      obj->el_size = el_size;
      obj->num_el = obj->size = 0;
      obj->debug = obj->paranoid = 0;
@@ -74,7 +76,7 @@ DynObjectP DynCopy(obj)
 }
 
 int DynDestroy(obj)
-   DynObjectP obj;
+     /*@only@*/DynObjectP obj;
 {
      if (obj->paranoid) {
 	  if (obj->debug)
diff --git a/src/util/dyn/dyn_realloc.c b/src/util/dyn/dyn_realloc.c
index 229dde08fa..97b3d998f8 100644
--- a/src/util/dyn/dyn_realloc.c
+++ b/src/util/dyn/dyn_realloc.c
@@ -34,8 +34,10 @@ int _DynResize(obj, req)
 	  else 
 	       size = obj->size;
 	  
+	  /*@-shiftsigned@*/
 	  while (size <= req)
 	       size <<= 1;
+	  /*@=shiftsigned@*/
 
 	  return _DynRealloc(obj, size);
      }
diff --git a/src/util/dyn/test.c b/src/util/dyn/test.c
index 9ac1d01576..8282c60790 100644
--- a/src/util/dyn/test.c
+++ b/src/util/dyn/test.c
@@ -30,9 +30,10 @@ static char insert3[] = "  This follows the random string.";
 
 int
 main(argc, argv)
-   int	argc;
-   char	**argv;
+/*@unused@*/int argc;
+/*@unused@*/char **argv;
 {
+     /*@-exitarg@*/
      DynObject	obj;
      int	i, s;
      char	d, *data;
@@ -50,16 +51,25 @@ main(argc, argv)
      o_size = malloc_inuse(&hist1);
 #endif 
 
+     /*@+matchanyintegral@*/
      obj = DynCreate(sizeof(char), -8);
      if (! obj) {
 	  fprintf(stderr, "test: create failed.\n");
 	  exit(1);
      }
      
-     DynDebug(obj, 1);
-     DynParanoid(obj, 1);
+     if(DynDebug(obj, 1) != DYN_OK) {
+	  fprintf(stderr, "test: setting paranoid failed.\n");
+	  exit(1);
+     }
+     if(DynParanoid(obj, 1) != DYN_OK) {
+	  fprintf(stderr, "test: setting paranoid failed.\n");
+	  exit(1);
+     }
+       
 
-     if (DynGet(obj, -5) || DynGet(obj, 0) || DynGet(obj, 1000)) {
+     if ((DynGet(obj, -5) != NULL) || 
+	 (DynGet(obj, 0) != NULL) || (DynGet(obj, 1000) != NULL)) {
 	  fprintf(stderr, "test: Get did not fail when it should have.\n");
 	  exit(1);
      }
@@ -96,19 +106,27 @@ main(argc, argv)
 	  exit(1);
      }
 
-     d = 200;
+     d = '\200';
      if (DynAdd(obj, &d) != DYN_OK) {
 	  fprintf(stderr, "test: Adding %d failed.\n", i);
 	  exit(1);
      }
 
      data = (char *) DynGet(obj, 0);
+     if(data == NULL) {
+	 fprintf(stderr, "test: getting object 0 failed.\n");
+	 exit(1);
+     }
      s = DynSize(obj);
      for (i=0; i < s; i++)
-	  printf("Element %d is %d.\n", i, (unsigned char) data[i]);
+	  printf("Element %d is %d.\n", i, (int) data[i]);
 
      data = (char *) DynGet(obj, 13);
-     printf("Element 13 is %d.\n", (unsigned char) *data);
+     if(data == NULL) {
+	 fprintf(stderr, "test: getting element 13 failed.\n");
+	 exit(1);
+     }
+     printf("Element 13 is %d.\n", (int) *data);
 
      data = (char *) DynGet(obj, DynSize(obj));
      if (data) {
@@ -116,7 +134,12 @@ main(argc, argv)
 	  exit(1);
      }
 
-     printf("This should be the random string: \"%s\"\n", DynGet(obj, 14));
+     data = DynGet(obj, 14);
+     if(data == NULL) {
+	 fprintf(stderr, "test: getting element 13 failed.\n");
+	 exit(1);
+     }
+     printf("This should be the random string: \"%s\"\n", data);
 
      if (DynInsert(obj, -1, "foo", 4) != DYN_BADINDEX ||
 	 DynInsert(obj, DynSize(obj) + 1, "foo", 4) != DYN_BADINDEX ||
@@ -141,11 +164,26 @@ main(argc, argv)
 	  exit(1);
      }	
 
-     printf("A new random string: \"%s\"\n", DynGet(obj, 14 +
-						    strlen(insert1) + 1));
-     printf("This was put at the beginning: \"%s\"\n", DynGet(obj, 0));
+     data = DynGet(obj, 14 + strlen(insert1) + 1);
+     if (data == NULL) {
+	  fprintf(stderr, "DynGet of 14+strelen(insert1) failed.\n");
+	  exit(1);
+
+     }
+     printf("A new random string: \"%s\"\n", data);
+
+     data = DynGet(obj, 0);
+     if (data == NULL) {
+	  fprintf(stderr, "DynGet of 0 failed.\n");
+	  exit(1);
+
+     }
+     printf("This was put at the beginning: \"%s\"\n", data);
 
-     DynDestroy(obj);
+     if(DynDestroy(obj) != DYN_OK) {
+	  fprintf(stderr, "test: destroy failed.\n");
+	  exit(1);
+     }
 
 #ifdef _DEBUG_MALLOC_INC
      c_size = malloc_inuse(&hist2);
@@ -156,6 +194,7 @@ main(argc, argv)
      }
 #endif
      
+     printf("All tests pass\n");
 
      return 0;
 }