Bug Summary

File:glx/single2.c
Location:line 177, column 13
Description:Value stored to 'nitems' is never read

Annotated Source Code

1/*
2 * SGI FREE SOFTWARE LICENSE B (Version 2.0, Sept. 18, 2008)
3 * Copyright (C) 1991-2000 Silicon Graphics, Inc. All Rights Reserved.
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a
6 * copy of this software and associated documentation files (the "Software"),
7 * to deal in the Software without restriction, including without limitation
8 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9 * and/or sell copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice including the dates of first publication and
13 * either this permission notice or a reference to
14 * http://oss.sgi.com/projects/FreeB/
15 * shall be included in all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
18 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * SILICON GRAPHICS, INC. BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
22 * OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE.
24 *
25 * Except as contained in this notice, the name of Silicon Graphics, Inc.
26 * shall not be used in advertising or otherwise to promote the sale, use or
27 * other dealings in this Software without prior written authorization from
28 * Silicon Graphics, Inc.
29 */
30
31#ifdef HAVE_DIX_CONFIG_H1
32#include <dix-config.h>
33#endif
34
35#include <string.h>
36#include <stdio.h>
37#include <stdlib.h>
38
39#include "glxserver.h"
40#include "glxutil.h"
41#include "glxext.h"
42#include "indirect_dispatch.h"
43#include "unpack.h"
44
45int
46__glXDisp_FeedbackBuffer(__GLXclientState * cl, GLbyte * pc)
47{
48 ClientPtr client = cl->client;
49 GLsizei size;
50 GLenum type;
51 __GLXcontext *cx;
52 int error;
53
54 REQUEST_FIXED_SIZE(xGLXSingleReq, 8)if (((sizeof(xGLXSingleReq) >> 2) > client->req_len
) || (((8) >> 2) >= client->req_len) || ((((uint64_t
) sizeof(xGLXSingleReq) + (8) + 3) >> 2) != (uint64_t) client
->req_len)) return(16)
;
55
56 cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc)(((xGLXSingleReq*)pc)->contextTag), &error);
57 if (!cx) {
58 return error;
59 }
60
61 pc += __GLX_SINGLE_HDR_SIZE8;
62 size = *(GLsizei *) (pc + 0);
63 type = *(GLenum *) (pc + 4);
64 if (cx->feedbackBufSize < size) {
65 cx->feedbackBuf = (GLfloat *) realloc(cx->feedbackBuf,
66 (size_t) size
67 * __GLX_SIZE_FLOAT324);
68 if (!cx->feedbackBuf) {
69 cl->client->errorValue = size;
70 return BadAlloc11;
71 }
72 cx->feedbackBufSize = size;
73 }
74 glFeedbackBuffer(size, type, cx->feedbackBuf);
75 cx->hasUnflushedCommands = GL_TRUE0x1;
76 return Success0;
77}
78
79int
80__glXDisp_SelectBuffer(__GLXclientState * cl, GLbyte * pc)
81{
82 ClientPtr client = cl->client;
83 __GLXcontext *cx;
84 GLsizei size;
85 int error;
86
87 REQUEST_FIXED_SIZE(xGLXSingleReq, 4)if (((sizeof(xGLXSingleReq) >> 2) > client->req_len
) || (((4) >> 2) >= client->req_len) || ((((uint64_t
) sizeof(xGLXSingleReq) + (4) + 3) >> 2) != (uint64_t) client
->req_len)) return(16)
;
88
89 cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc)(((xGLXSingleReq*)pc)->contextTag), &error);
90 if (!cx) {
91 return error;
92 }
93
94 pc += __GLX_SINGLE_HDR_SIZE8;
95 size = *(GLsizei *) (pc + 0);
96 if (cx->selectBufSize < size) {
97 cx->selectBuf = (GLuint *) realloc(cx->selectBuf,
98 (size_t) size * __GLX_SIZE_CARD324);
99 if (!cx->selectBuf) {
100 cl->client->errorValue = size;
101 return BadAlloc11;
102 }
103 cx->selectBufSize = size;
104 }
105 glSelectBuffer(size, cx->selectBuf);
106 cx->hasUnflushedCommands = GL_TRUE0x1;
107 return Success0;
108}
109
110int
111__glXDisp_RenderMode(__GLXclientState * cl, GLbyte * pc)
112{
113 ClientPtr client = cl->client;
114 xGLXRenderModeReply reply;
115 __GLXcontext *cx;
116 GLint nitems = 0, retBytes = 0, retval, newModeCheck;
117 GLubyte *retBuffer = NULL((void*)0);
118 GLenum newMode;
119 int error;
120
121 REQUEST_FIXED_SIZE(xGLXSingleReq, 4)if (((sizeof(xGLXSingleReq) >> 2) > client->req_len
) || (((4) >> 2) >= client->req_len) || ((((uint64_t
) sizeof(xGLXSingleReq) + (4) + 3) >> 2) != (uint64_t) client
->req_len)) return(16)
;
122
123 cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc)(((xGLXSingleReq*)pc)->contextTag), &error);
124 if (!cx) {
125 return error;
126 }
127
128 pc += __GLX_SINGLE_HDR_SIZE8;
129 newMode = *(GLenum *) pc;
130 retval = glRenderMode(newMode);
131
132 /* Check that render mode worked */
133 glGetIntegerv(GL_RENDER_MODE0x0C40, &newModeCheck);
134 if (newModeCheck != newMode) {
135 /* Render mode change failed. Bail */
136 newMode = newModeCheck;
137 goto noChangeAllowed;
138 }
139
140 /*
141 ** Render mode might have still failed if we get here. But in this
142 ** case we can't really tell, nor does it matter. If it did fail, it
143 ** will return 0, and thus we won't send any data across the wire.
144 */
145
146 switch (cx->renderMode) {
147 case GL_RENDER0x1C00:
148 cx->renderMode = newMode;
149 break;
150 case GL_FEEDBACK0x1C01:
151 if (retval < 0) {
152 /* Overflow happened. Copy the entire buffer */
153 nitems = cx->feedbackBufSize;
154 }
155 else {
156 nitems = retval;
157 }
158 retBytes = nitems * __GLX_SIZE_FLOAT324;
159 retBuffer = (GLubyte *) cx->feedbackBuf;
160 cx->renderMode = newMode;
161 break;
162 case GL_SELECT0x1C02:
163 if (retval < 0) {
164 /* Overflow happened. Copy the entire buffer */
165 nitems = cx->selectBufSize;
166 }
167 else {
168 GLuint *bp = cx->selectBuf;
169 GLint i;
170
171 /*
172 ** Figure out how many bytes of data need to be sent. Parse
173 ** the selection buffer to determine this fact as the
174 ** return value is the number of hits, not the number of
175 ** items in the buffer.
176 */
177 nitems = 0;
Value stored to 'nitems' is never read
178 i = retval;
179 while (--i >= 0) {
180 GLuint n;
181
182 /* Parse select data for this hit */
183 n = *bp;
184 bp += 3 + n;
185 }
186 nitems = bp - cx->selectBuf;
187 }
188 retBytes = nitems * __GLX_SIZE_CARD324;
189 retBuffer = (GLubyte *) cx->selectBuf;
190 cx->renderMode = newMode;
191 break;
192 }
193
194 /*
195 ** First reply is the number of elements returned in the feedback or
196 ** selection array, as per the API for glRenderMode itself.
197 */
198 noChangeAllowed:;
199 reply = (xGLXRenderModeReply) {
200 .type = X_Reply1,
201 .sequenceNumber = client->sequence,
202 .length = nitems,
203 .retval = retval,
204 .size = nitems,
205 .newMode = newMode
206 };
207 WriteToClient(client, sz_xGLXRenderModeReply32, &reply);
208 if (retBytes) {
209 WriteToClient(client, retBytes, retBuffer);
210 }
211 return Success0;
212}
213
214int
215__glXDisp_Flush(__GLXclientState * cl, GLbyte * pc)
216{
217 ClientPtr client = cl->client;
218 __GLXcontext *cx;
219 int error;
220
221 REQUEST_SIZE_MATCH(xGLXSingleReq)if ((sizeof(xGLXSingleReq) >> 2) != client->req_len)
return(16)
;
222
223 cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc)(((xGLXSingleReq*)pc)->contextTag), &error);
224 if (!cx) {
225 return error;
226 }
227
228 glFlush();
229 cx->hasUnflushedCommands = GL_FALSE0x0;
230 return Success0;
231}
232
233int
234__glXDisp_Finish(__GLXclientState * cl, GLbyte * pc)
235{
236 ClientPtr client = cl->client;
237 __GLXcontext *cx;
238 int error;
239
240 REQUEST_SIZE_MATCH(xGLXSingleReq)if ((sizeof(xGLXSingleReq) >> 2) != client->req_len)
return(16)
;
241
242 cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc)(((xGLXSingleReq*)pc)->contextTag), &error);
243 if (!cx) {
244 return error;
245 }
246
247 /* Do a local glFinish */
248 glFinish();
249 cx->hasUnflushedCommands = GL_FALSE0x0;
250
251 /* Send empty reply packet to indicate finish is finished */
252 client = cl->client;
253 __GLX_BEGIN_REPLY(0)__glXReply.length = (((0)+3) & (GLuint)~3) >> 2; __glXReply
.type = 1; __glXReply.sequenceNumber = client->sequence;
;
254 __GLX_SEND_HEADER()WriteToClient (client, 32, &__glXReply);;
255 return Success0;
256}
257
258#define SEPARATOR" " " "
259
260char *
261__glXcombine_strings(const char *cext_string, const char *sext_string)
262{
263 size_t clen, slen;
264 char *combo_string, *token, *s1;
265 const char *s2, *end;
266
267 /* safeguard to prevent potentially fatal errors in the string functions */
268 if (!cext_string)
269 cext_string = "";
270 if (!sext_string)
271 sext_string = "";
272
273 /*
274 ** String can't be longer than min(cstring, sstring)
275 ** pull tokens out of shortest string
276 ** include space in combo_string for final separator and null terminator
277 */
278 clen = strlen(cext_string);
279 slen = strlen(sext_string);
280 if (clen > slen) {
281 combo_string = (char *) malloc(slen + 2);
282 s1 = (char *) malloc(slen + 2);
283 if (s1)
284 strcpy(s1, sext_string)__builtin___strcpy_chk (s1, sext_string, __builtin_object_size
(s1, 2 > 1 ? 1 : 0))
;
285 s2 = cext_string;
286 }
287 else {
288 combo_string = (char *) malloc(clen + 2);
289 s1 = (char *) malloc(clen + 2);
290 if (s1)
291 strcpy(s1, cext_string)__builtin___strcpy_chk (s1, cext_string, __builtin_object_size
(s1, 2 > 1 ? 1 : 0))
;
292 s2 = sext_string;
293 }
294 if (!combo_string || !s1) {
295 free(combo_string);
296 free(s1);
297 return NULL((void*)0);
298 }
299 combo_string[0] = '\0';
300
301 /* Get first extension token */
302 token = strtok(s1, SEPARATOR" ");
303 while (token != NULL((void*)0)) {
304
305 /*
306 ** if token in second string then save it
307 ** beware of extension names which are prefixes of other extension names
308 */
309 const char *p = s2;
310
311 end = p + strlen(p);
312 while (p < end) {
313 size_t n = strcspn(p, SEPARATOR" ");
314
315 if ((strlen(token) == n) && (strncmp(token, p, n) == 0)) {
316 combo_string = strcat(combo_string, token)__builtin___strcat_chk (combo_string, token, __builtin_object_size
(combo_string, 2 > 1 ? 1 : 0))
;
317 combo_string = strcat(combo_string, SEPARATOR)__builtin___strcat_chk (combo_string, " ", __builtin_object_size
(combo_string, 2 > 1 ? 1 : 0))
;
318 }
319 p += (n + 1);
320 }
321
322 /* Get next extension token */
323 token = strtok(NULL((void*)0), SEPARATOR" ");
324 }
325 free(s1);
326 return combo_string;
327}
328
329int
330DoGetString(__GLXclientState * cl, GLbyte * pc, GLboolean need_swap)
331{
332 ClientPtr client = cl->client;
333 __GLXcontext *cx;
334 GLenum name;
335 const char *string;
336
337 __GLX_DECLARE_SWAP_VARIABLESGLbyte sw;
338 int error;
339 char *buf = NULL((void*)0), *buf1 = NULL((void*)0);
340 GLint length = 0;
341
342 REQUEST_FIXED_SIZE(xGLXSingleReq, 4)if (((sizeof(xGLXSingleReq) >> 2) > client->req_len
) || (((4) >> 2) >= client->req_len) || ((((uint64_t
) sizeof(xGLXSingleReq) + (4) + 3) >> 2) != (uint64_t) client
->req_len)) return(16)
;
343
344 /* If the client has the opposite byte order, swap the contextTag and
345 * the name.
346 */
347 if (need_swap) {
348 __GLX_SWAP_INT(pc + 4)sw = ((GLbyte *)(pc + 4))[0]; ((GLbyte *)(pc + 4))[0] = ((GLbyte
*)(pc + 4))[3]; ((GLbyte *)(pc + 4))[3] = sw; sw = ((GLbyte *
)(pc + 4))[1]; ((GLbyte *)(pc + 4))[1] = ((GLbyte *)(pc + 4))
[2]; ((GLbyte *)(pc + 4))[2] = sw;
;
349 __GLX_SWAP_INT(pc + __GLX_SINGLE_HDR_SIZE)sw = ((GLbyte *)(pc + 8))[0]; ((GLbyte *)(pc + 8))[0] = ((GLbyte
*)(pc + 8))[3]; ((GLbyte *)(pc + 8))[3] = sw; sw = ((GLbyte *
)(pc + 8))[1]; ((GLbyte *)(pc + 8))[1] = ((GLbyte *)(pc + 8))
[2]; ((GLbyte *)(pc + 8))[2] = sw;
;
350 }
351
352 cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc)(((xGLXSingleReq*)pc)->contextTag), &error);
353 if (!cx) {
354 return error;
355 }
356
357 pc += __GLX_SINGLE_HDR_SIZE8;
358 name = *(GLenum *) (pc + 0);
359 string = (const char *) glGetString(name);
360
361 if (string == NULL((void*)0))
362 string = "";
363
364 /*
365 ** Restrict extensions to those that are supported by both the
366 ** implementation and the connection. That is, return the
367 ** intersection of client, server, and core extension strings.
368 */
369 if (name == GL_EXTENSIONS0x1F03) {
370 buf1 = __glXcombine_strings(string, cl->GLClientextensions);
371 buf = __glXcombine_strings(buf1, cx->pGlxScreen->GLextensions);
372 free(buf1);
373 string = buf;
374 }
375 else if (name == GL_VERSION0x1F02) {
376 if (atof(string) > atof(GLServerVersion)) {
377 if (asprintf(&buf, "%s (%s)", GLServerVersion, string) == -1) {
378 string = GLServerVersion;
379 }
380 else {
381 string = buf;
382 }
383 }
384 }
385 if (string) {
386 length = strlen((const char *) string) + 1;
387 }
388
389 __GLX_BEGIN_REPLY(length)__glXReply.length = (((length)+3) & (GLuint)~3) >> 2
; __glXReply.type = 1; __glXReply.sequenceNumber = client->
sequence;
;
390 __GLX_PUT_SIZE(length)__glXReply.size = (length);;
391
392 if (need_swap) {
393 __GLX_SWAP_REPLY_SIZE()sw = ((GLbyte *)(&__glXReply.size))[0]; ((GLbyte *)(&
__glXReply.size))[0] = ((GLbyte *)(&__glXReply.size))[3];
((GLbyte *)(&__glXReply.size))[3] = sw; sw = ((GLbyte *)
(&__glXReply.size))[1]; ((GLbyte *)(&__glXReply.size)
)[1] = ((GLbyte *)(&__glXReply.size))[2]; ((GLbyte *)(&
__glXReply.size))[2] = sw;
;
394 __GLX_SWAP_REPLY_HEADER()sw = ((GLbyte *)(&__glXReply.sequenceNumber))[0]; ((GLbyte
*)(&__glXReply.sequenceNumber))[0] = ((GLbyte *)(&__glXReply
.sequenceNumber))[1]; ((GLbyte *)(&__glXReply.sequenceNumber
))[1] = sw;; sw = ((GLbyte *)(&__glXReply.length))[0]; ((
GLbyte *)(&__glXReply.length))[0] = ((GLbyte *)(&__glXReply
.length))[3]; ((GLbyte *)(&__glXReply.length))[3] = sw; sw
= ((GLbyte *)(&__glXReply.length))[1]; ((GLbyte *)(&
__glXReply.length))[1] = ((GLbyte *)(&__glXReply.length))
[2]; ((GLbyte *)(&__glXReply.length))[2] = sw;;
;
395 }
396
397 __GLX_SEND_HEADER()WriteToClient (client, 32, &__glXReply);;
398 WriteToClient(client, length, string);
399 free(buf);
400
401 return Success0;
402}
403
404int
405__glXDisp_GetString(__GLXclientState * cl, GLbyte * pc)
406{
407 return DoGetString(cl, pc, GL_FALSE0x0);
408}