I scanned tar 1.26 with my static analysis tool, and found 2 potential bugs. It
is described in attached files. Could anyone take a look at them? Thank you.
<bugreport>
<file>getopt.c</file>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>354</line>
</location>
<description>Take the false branch.</description>
<expr>argc < 1</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>359</line>
</location>
<description>Take the false branch.</description>
<expr>d->rpl_optind == 0</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>359</line>
</location>
<description>Take the false branch.</description>
<expr>d->rpl_optind == 0 || !d->__initialized</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>367</line>
</location>
<description>Take the false branch.</description>
<expr>optstring[0] == '-'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>367</line>
</location>
<description>Take the false branch.</description>
<expr>optstring[0] == '-' || optstring[0] == '+'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>369</line>
</location>
<description>Take the false branch.</description>
<expr>optstring[0] == ':'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>384</line>
</location>
<description>Take the false branch.</description>
<expr>d->__nextchar == ((void *)0)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>384</line>
</location>
<description>Take the false branch.</description>
<expr>d->__nextchar == ((void *)0) || *d->__nextchar == '\x0'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>478</line>
</location>
<description>Take the false branch.</description>
<expr>longopts != ((void *)0)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>478</line>
</location>
<description>Take the false branch.</description>
<expr>longopts != ((void *)0) && (argv[d->rpl_optind][1] == '-' || (long_only && (argv[d->rpl_optind][2] || !strchr(optstring, argv[d->rpl_optind][1]))))</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>746</line>
</location>
<description>Take the false branch.</description>
<expr>*d->__nextchar == '\x0'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>749</line>
</location>
<description>Take the false branch.</description>
<expr>temp == ((void *)0)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>749</line>
</location>
<description>Take the false branch.</description>
<expr>temp == ((void *)0) || c == ':'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>749</line>
</location>
<description>Take the false branch.</description>
<expr>temp == ((void *)0) || c == ':' || c == ';'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>786</line>
</location>
<description>Take the true branch.</description>
<expr>temp[0] == 'W'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>786</line>
</location>
<description>Take the true branch.</description>
<expr>temp[0] == 'W' && temp[1] == ';'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>797</line>
</location>
<description>Take the true branch.</description>
<expr>*d->__nextchar != '\x0'</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>848</line>
</location>
<description>Take the true branch.</description>
<expr>*nameend</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>848</line>
</location>
<description>Take the true branch.</description>
<expr>*nameend && *nameend != '='</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>848</line>
</location>
<description>Take the false branch.</description>
<expr>*nameend</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>getopt.c</file>
<line>848</line>
</location>
<description>Take the false branch.</description>
<expr>*nameend && *nameend != '='</expr>
</event>
<event>
<type>Trigger</type>
<location>
<file>getopt.c</file>
<line>854</line>
</location>
<description>The pointer is NULL.</description>
<expr>p</expr>
</event>
</bugreport>
<bugreport>
<file>argp-help.c</file>
<event>
<type>Branch</type>
<location>
<file>argp-help.c</file>
<line>443</line>
</location>
<description>Take the true branch.</description>
<expr>(hol)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>argp-help.c</file>
<line>448</line>
</location>
<description>Take the true branch.</description>
<expr>opts</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>argp-help.c</file>
<line>453</line>
</location>
<description>Take the true branch.</description>
<expr>!((opts)->flags & 4)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>argp-help.c</file>
<line>456</line>
</location>
<description>Take the true branch.</description>
<expr>!_option_is_end(o)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>argp-help.c</file>
<line>458</line>
</location>
<description>Take the false branch.</description>
<expr>!((o)->flags & 4)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>argp-help.c</file>
<line>460</line>
</location>
<description>Take the false branch.</description>
<expr>_option_is_short(o)</expr>
</event>
<event>
<type>Branch</type>
<location>
<file>argp-help.c</file>
<line>456</line>
</location>
<description>Take the false branch.</description>
<expr>!_option_is_end(o)</expr>
</event>
<event>
<type>Trigger</type>
<location>
<file>argp-help.c</file>
<line>464</line>
</location>
<description>The size passed to malloc() or realloc() is not greater than 0.</description>
<expr>malloc(sizeof(struct hol_entry) * hol->num_entries)</expr>
</event>
</bugreport>
