libafs: crash in a more useful way if nchunks is zero

In afs_CacheStoreDCaches(), if the parameter nchunks is zero, the
main loop will not execute, leaving the XSTATS pointer unchanged,
which will result in a null dereference in XSTATS_END_TIME.  Instead
assert that nchunks is nonzero, which will help the static analyzer
and will also generate a more useful panic message should this
error ever be encountered in operation.

There is presently only one call site, and it may be the case that this
condition can never be triggered.

(While in the neighborhood, also avoid dereferencing tdc immediately
before testing whether it is null.)

Change-Id: Idf68f1306d3e09771425c62df139c1de11806c22
Found-by: clang static analyzer
Reviewed-on: http://gerrit.openafs.org/5179
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

diff --git a/src/afs/afs_fetchstore.c b/src/afs/afs_fetchstore.c
index 7f85c73..16c0550 100644 (file)
--- a/src/afs/afs_fetchstore.c
+++ b/src/afs/afs_fetchstore.c
@@ -471,16 +471,19 @@ afs_CacheStoreDCaches(struct vcache *avc, struct dcache **dclist,
     afs_size_t bytesToXfer = 10000;    /* # bytes to xfer */
 #endif /* AFS_NOSTATS */
     XSTATS_DECLS;
+    osi_Assert(nchunks != 0);
 
     for (i = 0; i < nchunks && !code; i++) {
        int stored = 0;
        struct dcache *tdc = dclist[i];
-       afs_int32 size = tdc->f.chunkBytes;
+       afs_int32 size;
+
        if (!tdc) {
            afs_warn("afs: missing dcache!\n");
            storeallmissing++;
            continue;   /* panic? */
        }
+       size = tdc->f.chunkBytes;
        afs_Trace4(afs_iclSetp, CM_TRACE_STOREALL2, ICL_TYPE_POINTER, avc,
                    ICL_TYPE_INT32, tdc->f.chunk, ICL_TYPE_INT32, tdc->index,
                    ICL_TYPE_INT32, afs_inode2trace(&tdc->f.inode));