Assert that some xasprintf calls return non-NULL

"gcc -fanalyzer" notices that xasprintf can return NULL in some
situations (string length > INT_MAX, invalid format string, or multibyte
conversion error), and that we weren't handling this in various cases
where we use the return value in contexts that require non-NULL values.
The situations seem obscure enough for simple asserts to be appropriate.

* lib/pathsearch.c (pathsearch): Assert that xasprintf returns non-NULL.
* lib/tempfile.c (create_tempdir): Likewise.
* lib/util.c (remove_directory): Likewise.
* libdb/db_lookup.c (make_multi_key): Likewise.
* libdb/db_store.c (make_content, dbstore): Likewise.
* src/check_mandirs.c (add_dir_entries, fix_permissions_tree): Likewise.
* src/compression.c (comp_file): Likewise.
* src/globbing.c (look_for_file): Likewise.
* src/man.c (main): Likewise.
* src/mandb.c (mandb, purge_catsubdirs): Likewise.
* src/manp.c (pathappend): Likewise.
* src/ult_src.c (find_include): Likewise.
* src/whatis.c (use_grep): Likewise.
* src/zsoelim.l (zsoelim_open_file): Likewise.

2 files changed, 20 insertions, 7 deletions

diff --git a/libdb/db_lookup.c b/libdb/db_lookup.c
index 4bc761a0..e6bf8c85 100644
--- a/libdb/db_lookup.c
+++ b/libdb/db_lookup.c
@@ -26,6 +26,7 @@
 #  include "config.h"
 #endif /* HAVE_CONFIG_H */
 
+#include <assert.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <errno.h>
@@ -130,9 +131,12 @@ void dbprintf (const struct mandata *info)
 datum make_multi_key (const char *page, const char *ext)
 {
 	datum key;
+	char *value;
 
+	value = xasprintf ("%s\t%s", page, ext);
+	assert (value);
 	memset (&key, 0, sizeof key);
-	MYDBM_SET (key, xasprintf ("%s\t%s", page, ext));
+	MYDBM_SET (key, value);
 	return key;
 }
 
diff --git a/libdb/db_store.c b/libdb/db_store.c
index 7e671b5f..ff283400 100644
--- a/libdb/db_store.c
+++ b/libdb/db_store.c
@@ -25,6 +25,7 @@
 #  include "config.h"
 #endif /* HAVE_CONFIG_H */
 
+#include <assert.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
@@ -123,6 +124,7 @@ static datum make_content (struct mandata *in)
 {
 	datum cont;
 	static const char dash[] = "-";
+	char *value;
 
 	memset (&cont, 0, sizeof cont);
 
@@ -135,7 +137,7 @@ static datum make_content (struct mandata *in)
 	if (!in->whatis)
 		in->whatis = dash + 1;
 
-	MYDBM_SET (cont, xasprintf (
+	value = xasprintf (
 		"%s\t%s\t%s\t%ld\t%ld\t%c\t%s\t%s\t%s\t%s",
 		dash_if_unset (in->name),
 		in->ext,
@@ -146,7 +148,9 @@ static datum make_content (struct mandata *in)
 		in->pointer,
 		in->filter,
 		in->comp,
-		in->whatis));
+		in->whatis);
+	assert (value);
+	MYDBM_SET (cont, value);
 
 #ifdef NDBM
 	/* limit of 4096 bytes of data using ndbm */
@@ -191,6 +195,7 @@ static datum make_content (struct mandata *in)
 int dbstore (MYDBM_FILE dbf, struct mandata *in, const char *base)
 {
 	datum oldkey, oldcont;
+	char *value;
 
 	memset (&oldkey, 0, sizeof oldkey);
 	memset (&oldcont, 0, sizeof oldcont);
@@ -261,8 +266,10 @@ int dbstore (MYDBM_FILE dbf, struct mandata *in, const char *base)
 		MYDBM_FREE_DPTR (newkey);
 		MYDBM_FREE_DPTR (newcont);
 
-		MYDBM_SET (newcont, xasprintf (
-			"%s\t%s\t%s", MYDBM_DPTR (oldcont), base, in->ext));
+		value = xasprintf (
+			"%s\t%s\t%s", MYDBM_DPTR (oldcont), base, in->ext);
+		assert (value);
+		MYDBM_SET (newcont, value);
 		MYDBM_FREE_DPTR (oldcont);
 
 		/* Try to replace the old simple data with the new stuff */
@@ -350,8 +357,10 @@ int dbstore (MYDBM_FILE dbf, struct mandata *in, const char *base)
 
 		/* Now build a simple reference to the above two items */
 
-		MYDBM_SET (newcont, xasprintf (
-			"\t%s\t%s\t%s\t%s", old_name, old.ext, base, in->ext));
+		value = xasprintf (
+			"\t%s\t%s\t%s\t%s", old_name, old.ext, base, in->ext);
+		assert (value);
+		MYDBM_SET (newcont, value);
 
 		if (MYDBM_REPLACE (dbf, oldkey, newcont))
 			gripe_replace_key (dbf, MYDBM_DPTR (oldkey));