[clang-tidy] clang-analyzer-core.NullDereference

channels/audin/server/audin.c

@@ -826,7 +826,7 @@ audin_server_context* audin_server_context_new(HANDLE vcm)
 
 	if (!audin)
 	{
-		WLog_Print(audin->log, WLOG_ERROR, "calloc failed!");
+		WLog_ERR(AUDIN_TAG, "calloc failed!");
 		return NULL;
 	}
 	audin->log = WLog_Get(AUDIN_TAG);

channels/rdpdr/client/rdpdr_main.c

@@ -68,6 +68,8 @@
 
 #include "rdpdr_main.h"
 
+#define TAG CHANNELS_TAG("rdpdr.client")
+
 /* IMPORTANT: Keep in sync with DRIVE_DEVICE */
 typedef struct
 {
@@ -2231,7 +2233,7 @@ static VOID VCAPITYPE rdpdr_virtual_channel_init_event_ex(LPVOID lpUserParam, LP
 
 	if (!rdpdr || (rdpdr->InitHandle != pInitHandle))
 	{
-		WLog_Print(rdpdr->log, WLOG_ERROR, "error no match");
+		WLog_ERR(TAG, "error no match");
 		return;
 	}
 
@@ -2277,7 +2279,6 @@ static VOID VCAPITYPE rdpdr_virtual_channel_init_event_ex(LPVOID lpUserParam, LP
 }
 
 /* rdpdr is always built-in */
-#define TAG CHANNELS_TAG("rdpdr.client")
 #define VirtualChannelEntryEx rdpdr_VirtualChannelEntryEx
 
 FREERDP_ENTRY_POINT(BOOL VCAPITYPE VirtualChannelEntryEx(PCHANNEL_ENTRY_POINTS pEntryPoints,
@@ -2294,7 +2295,7 @@ FREERDP_ENTRY_POINT(BOOL VCAPITYPE VirtualChannelEntryEx(PCHANNEL_ENTRY_POINTS p
 
 	if (!rdpdr)
 	{
-		WLog_Print(rdpdr->log, WLOG_ERROR, "calloc failed!");
+		WLog_ERR(TAG, "calloc failed!");
 		return FALSE;
 	}
 	rdpdr->log = WLog_Get(TAG);

channels/rdpgfx/server/rdpgfx_main.c

@@ -1689,7 +1689,7 @@ RdpgfxServerContext* rdpgfx_server_context_new(HANDLE vcm)
 
 	if (!context)
 	{
-		WLog_Print(context->priv->log, WLOG_ERROR, "calloc failed!");
+		WLog_ERR(TAG, "calloc failed!");
 		return NULL;
 	}
 

libfreerdp/cache/bitmap.c

@@ -310,12 +310,15 @@ static int bitmap_cache_save_persistent(rdpBitmapCache* bitmapCache)
 	if (status < 1)
 		goto end;
 
+	if (bitmapCache->cells)
+	{
 		for (UINT32 i = 0; i < bitmapCache->maxCells; i++)
 		{
-		for (UINT32 j = 0; j < bitmapCache->cells[i].number + 1; j++)
+			BITMAP_V2_CELL* cell = &bitmapCache->cells[i];
+			for (UINT32 j = 0; j < cell->number + 1 && cell->entries; j++)
 			{
 				PERSISTENT_CACHE_ENTRY cacheEntry;
-			rdpBitmap* bitmap = bitmapCache->cells[i].entries[j];
+				rdpBitmap* bitmap = cell->entries[j];
 
 				if (!bitmap || !bitmap->key64)
 					continue;
@@ -334,6 +337,7 @@ static int bitmap_cache_save_persistent(rdpBitmapCache* bitmapCache)
 				}
 			}
 		}
+	}
 
 	status = 1;
 
@@ -397,8 +401,9 @@ void bitmap_cache_free(rdpBitmapCache* bitmapCache)
 
 	bitmap_cache_save_persistent(bitmapCache);
 
-	UINT32 i = 0;
+	if (bitmapCache->cells)
-	for (i = 0; i < bitmapCache->maxCells; i++)
+	{
+		for (UINT32 i = 0; i < bitmapCache->maxCells; i++)
 		{
 			UINT32 j = 0;
 			BITMAP_V2_CELL* cell = &bitmapCache->cells[i];
@@ -412,10 +417,12 @@ void bitmap_cache_free(rdpBitmapCache* bitmapCache)
 				Bitmap_Free(bitmapCache->context, bitmap);
 			}
 
-		free(bitmapCache->cells[i].entries);
+			free(cell->entries);
 		}
 
 		free(bitmapCache->cells);
+	}
+
 	persistent_cache_free(bitmapCache->persistent);
 
 	free(bitmapCache);

libfreerdp/codec/progressive.c

@@ -1767,9 +1767,12 @@ static INLINE SSIZE_T progressive_process_tiles(PROGRESSIVE_CONTEXT* progressive
 		return -1044;
 	}
 
-	if (progressive->rfx_context->priv->UseThreads)
 	{
-		work_objects = (PTP_WORK*)winpr_aligned_calloc(region->numTiles, sizeof(PTP_WORK), 32);
+		size_t tcount = 1;
+		if (progressive->rfx_context->priv->UseThreads)
+			tcount = region->numTiles;
+
+		work_objects = (PTP_WORK*)winpr_aligned_calloc(tcount, sizeof(PTP_WORK), 32);
 		if (!work_objects)
 			return -1;
 	}

libfreerdp/core/rdp.c

@@ -260,7 +260,8 @@ BOOL rdp_read_share_control_header(rdpRdp* rdp, wStream* s, UINT16* tpktLength,
 		char buffer[128] = { 0 };
 		WLog_Print(rdp->log, WLOG_DEBUG,
 		           "[Flow control PDU] type=%s, tpktLength=%" PRIuz ", remainingLength=%" PRIuz,
-		           pdu_type_to_str(*type, buffer, sizeof(buffer)), *tpktLength, *remainingLength);
+		           pdu_type_to_str(*type, buffer, sizeof(buffer)), tpktLength ? *tpktLength : 0,
+		           *remainingLength);
 		return TRUE;
 	}
 

libfreerdp/core/test/TestSettings.c

@@ -17,6 +17,8 @@ static BOOL compare(const ADDIN_ARGV* got, const ADDIN_ARGV* expect)
 {
 	int x = 0;
 	BOOL rc = TRUE;
+	if (!got && !expect)
+		return FALSE;
 	if (!got && expect)
 		return FALSE;
 	if (got && !expect)

libfreerdp/gdi/gdi.c

@@ -476,7 +476,8 @@ BOOL gdi_bitmap_update(rdpContext* context, const BITMAP_UPDATE* bitmapUpdate)
 		WLog_ERR(TAG,
 		         "Invalid arguments: context=%p, bitmapUpdate=%p, context->gdi=%p, "
 		         "context->codecs=%p",
-		         context, bitmapUpdate, context->gdi, context->codecs);
+		         context, bitmapUpdate, context ? context->gdi : NULL,
+		         context ? context->codecs : NULL);
 		return FALSE;
 	}
 

libfreerdp/utils/smartcard_call.c

@@ -1923,6 +1923,7 @@ void smartcard_call_context_free(scard_call_context* ctx)
 	LinkedList_Free(ctx->names);
 	if (ctx->StartedEvent)
 	{
+		WINPR_ASSERT(ctx->useEmulatedCard || ctx->pWinSCardApi);
 		wrap(ctx, SCardReleaseStartedEvent);
 	}
 

server/proxy/channels/pf_channel_rdpdr.c

@@ -1333,7 +1333,7 @@ BOOL pf_channel_rdpdr_client_handle(pClientContext* pc, UINT16 channelId, const
 	rdpdr = HashTable_GetItemValue(pc->interceptContextMap, channel_name);
 	if (!rdpdr)
 	{
-		CLIENT_RX_LOG(rdpdr->log, WLOG_ERROR,
+		CLIENT_RX_LOG(WLog_Get(RTAG), WLOG_ERROR,
 		              "Channel %s [0x%04" PRIx16 "] missing context in interceptContextMap",
 		              channel_name, channelId);
 		return FALSE;
@@ -1837,7 +1837,7 @@ static pf_channel_server_context* get_channel(pServerContext* ps, BOOL send)
 	rdpdr = HashTable_GetItemValue(ps->interceptContextMap, RDPDR_SVC_CHANNEL_NAME);
 	if (!rdpdr)
 	{
-		SERVER_RXTX_LOG(send, rdpdr->log, WLOG_ERROR,
+		SERVER_RXTX_LOG(send, WLog_Get(RTAG), WLOG_ERROR,
 		                "Channel %s missing context in interceptContextMap",
 		                RDPDR_SVC_CHANNEL_NAME);
 		return NULL;

server/shadow/shadow_server.c

@@ -707,6 +707,7 @@ int shadow_server_stop(rdpShadowServer* server)
 		WaitForSingleObject(server->thread, INFINITE);
 		CloseHandle(server->thread);
 		server->thread = NULL;
+		if (server->listener && server->listener->Close)
 			server->listener->Close(server->listener);
 	}
 

winpr/libwinpr/file/generic.c

@@ -1197,6 +1197,8 @@ BOOL FindNextFileW(HANDLE hFindFile, LPWIN32_FIND_DATAW lpFindFileData)
 BOOL FindClose(HANDLE hFindFile)
 {
 	WIN32_FILE_SEARCH* pFileSearch = (WIN32_FILE_SEARCH*)hFindFile;
+	if (!pFileSearch)
+		return FALSE;
 
 		/* Since INVALID_HANDLE_VALUE != NULL the analyzer guesses that there
 		 * is a initialized HANDLE that is not freed properly.

winpr/libwinpr/sspi/Kerberos/kerberos.c

@@ -975,6 +975,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(
 
 			context->state = KERBEROS_STATE_FINAL;
 
+			if (output_buffer)
 				output_buffer->cbBuffer = 0;
 			status = SEC_E_OK;
 
@@ -1224,6 +1225,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(
 		}
 		else
 		{
+			if (output_buffer)
 				output_buffer->cbBuffer = 0;
 		}
 

winpr/libwinpr/sspi/Kerberos/krb5glue_heimdal.c

@@ -189,7 +189,7 @@ krb5_error_code krb5glue_get_init_creds(krb5_context ctx, krb5_principal princ,
 			break;
 		if ((rv = krb5_init_creds_set_password(ctx, creds_ctx, password)) != 0)
 			break;
-		if (krb_settings->armorCache)
+		if (krb_settings && krb_settings->armorCache)
 		{
 			krb5_ccache armor_cc = NULL;
 			if ((rv = krb5_cc_resolve(ctx, krb_settings->armorCache, &armor_cc)) != 0)

winpr/libwinpr/sspi/NTLM/ntlm.c

@@ -56,7 +56,7 @@ static BOOL check_context_(NTLM_CONTEXT* context, const char* file, const char*
 			WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
 			                  "invalid context");
 
-		rc = FALSE;
+		return FALSE;
 	}
 
 	if (!context->RecvRc4Seal)

winpr/libwinpr/sspi/Negotiate/negotiate.c

@@ -583,10 +583,12 @@ static SECURITY_STATUS negotiate_mic_exchange(NEGOTIATE_CONTEXT* context, NegTok
 	{
 		/* Store the mic token after the mech token in the output buffer */
 		output_token->mic.BufferType = SECBUFFER_TOKEN;
+		if (output_buffer)
+		{
 			output_token->mic.cbBuffer = output_buffer->cbBuffer - output_token->mechToken.cbBuffer;
 			output_token->mic.pvBuffer =
 			    (BYTE*)output_buffer->pvBuffer + output_token->mechToken.cbBuffer;
-
+		}
 		mic_buffers[1] = output_token->mic;
 
 		status = table->MakeSignature(&context->sub_context, 0, &mic_buffer_desc, 0);
@@ -849,6 +851,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(
 			if (context->mic || input_token.negState != ACCEPT_COMPLETED)
 				return SEC_E_INVALID_TOKEN;
 
+			if (output_buffer)
 				output_buffer->cbBuffer = 0;
 			return SEC_E_OK;
 		}
@@ -864,6 +867,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(
 
 	if (input_token.negState == ACCEPT_COMPLETED)
 	{
+		if (output_buffer)
 			output_buffer->cbBuffer = 0;
 		return SEC_E_OK;
 	}
@@ -1016,6 +1020,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(
 
 				if (init_context.mech)
 				{
+					if (output_buffer)
 						output_token.mechToken = *output_buffer;
 					WLog_DBG(TAG, "Requested mechanism: %s",
 					         negotiate_mech_name(init_context.mech->oid));
@@ -1156,6 +1161,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(
 
 	if (input_token.negState == ACCEPT_COMPLETED)
 	{
+		if (output_buffer)
 			output_buffer->cbBuffer = 0;
 		return SEC_E_OK;
 	}

winpr/libwinpr/utils/cmdline.c

@@ -796,6 +796,7 @@ fail:
 	free(copy);
 	if (!success)
 	{
+		if (count)
 			*count = 0;
 		free(p);
 		return NULL;

winpr/libwinpr/utils/image.c

@@ -173,6 +173,8 @@ fail:
 static void* winpr_bitmap_write_buffer(const BYTE* data, size_t size, UINT32 width, UINT32 height,
                                        UINT32 stride, UINT32 bpp, UINT32* pSize)
 {
+	WINPR_ASSERT(data || (size == 0));
+
 	void* result = NULL;
 	const size_t bpp_stride = 1ull * width * (bpp / 8);
 	wStream* s = Stream_New(NULL, 1024);
@@ -265,11 +267,14 @@ fail:
 
 int winpr_image_write(wImage* image, const char* filename)
 {
+	WINPR_ASSERT(image);
 	return winpr_image_write_ex(image, image->type, filename);
 }
 
 int winpr_image_write_ex(wImage* image, UINT32 format, const char* filename)
 {
+	WINPR_ASSERT(image);
+
 	size_t size = 0;
 	void* data = winpr_image_write_buffer(image, format, &size);
 	if (!data)
@@ -688,11 +693,21 @@ static SSIZE_T save_png_to_buffer(UINT32 bpp, UINT32 width, UINT32 height, const
 	int rc = -1;
 	png_structp png_ptr = NULL;
 	png_infop info_ptr = NULL;
-	png_uint_32 bytes_per_row = 0;
 	png_byte** row_pointers = NULL;
 	struct png_mem_encode state = { 0 };
 
 	*pDstData = NULL;
+
+	if (!data || (size == 0))
+		return 0;
+
+	WINPR_ASSERT(pDstData);
+
+	const size_t bytes_per_pixel = (bpp + 7) / 8;
+	const size_t bytes_per_row = width * bytes_per_pixel;
+	if (size < bytes_per_row * height)
+		goto fail;
+
 	/* Initialize the write struct. */
 	png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL);
 	if (png_ptr == NULL)
@@ -720,8 +735,6 @@ static SSIZE_T save_png_to_buffer(UINT32 bpp, UINT32 width, UINT32 height, const
 	             PNG_COMPRESSION_TYPE_DEFAULT, PNG_FILTER_TYPE_DEFAULT);
 
 	/* Initialize rows of PNG. */
-	const size_t bytes_per_pixel = (bpp + 7) / 8;
-	bytes_per_row = width * bytes_per_pixel;
 	row_pointers = png_malloc(png_ptr, height * sizeof(png_byte*));
 	for (size_t y = 0; y < height; ++y)
 	{
@@ -853,7 +866,7 @@ void* winpr_convert_to_png(const void* data, size_t size, UINT32 width, UINT32 h
 	*pSize = 0;
 
 #if defined(WINPR_UTILS_IMAGE_PNG)
-	char* dst = NULL;
+	void* dst = NULL;
 	SSIZE_T rc = save_png_to_buffer(bpp, width, height, data, size, &dst);
 	if (rc <= 0)
 		return NULL;
@@ -1088,6 +1101,7 @@ const char* winpr_image_format_extension(UINT32 format)
 
 void* winpr_image_write_buffer(wImage* image, UINT32 format, size_t* psize)
 {
+	WINPR_ASSERT(image);
 	switch (format)
 	{
 		case WINPR_IMAGE_BITMAP: