On Aug 9, 2021, at 3:55 PM, Jan Engelhardt via tz <tz@iana.org> wrote:
Inside tzload, if malloc fails, then, by POSIX standardese, it ought to set errno. However, clang - rightfully, I think - does not make any particular assumptions about malloc and has found and reported the case whereby this malloc returns with NULL _and_ errno is 0. (The malloc(3) page on Linux systems mentions the corner-cases in which errno=0 can happen, namely "private malloc implementations".)
tzload then returns errno, which is 0 under these pretenses, thereby signalling to its caller that everything was fine, when it fact it wasn't.
Then it should be fixed not to do so, e.g. by returning ENOMEM if errno is 0. (And, as far as I know, the tzdb code works on at least some non-Unix-like platforms; if so, "POSIX says so" isn't sufficient, as malloc() is a C library function, not solely a POSIX/UN*X function. C90 says If the size of the space requested is zero, the behavior is implementation-defined, the value returned shall be either a null pointer or a unique pointer. However, in this particular case, a sizeof value for a union pointed to by a pointer is passed to malloc(), with none of the union members being zero-sized, so the size of the space requested will not be zero, and thus a null return value should mean "allocation failed".)