Code Inconsistencies Detected by Static Analysis

[Anchels]

Return value of a function lua_touserdata is dereferenced without checking for NULL, but it is usually checked for this function:

lua-nginx-module/src/ngx_http_lua_socket_tcp.c

Lines 4662 to 4673 in 9688812

	cp = lua_touserdata(L, lua_upvalueindex(3));
	dd("checking existing state: %d", cp->state);
	if (cp->state == -1) {
	cp->state = 0;
	lua_pushnil(L);
	lua_pushnil(L);
	lua_pushnil(L);
	return 3;
	}

Similar issue with fucntion ngx_http_lua_get_req:

lua-nginx-module/src/ngx_http_lua_socket_tcp.c

Lines 5112 to 5117 in 9688812

	r = ngx_http_lua_get_req(L);
	if (r != r->main) {
	return luaL_error(L, "attempt to read the request body in a "
	"subrequest");
	}

After having been compared to a NULL value:

lua-nginx-module/src/ngx_http_lua_socket_tcp.c

Lines 1814 to 1816 in 9688812

	if (server_name != NULL && server_name->data != NULL) {
	ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
	"lua ssl server name: \"%V\"", server_name);

pointer server_name->data is dereferenced without null check by calling function memcpy:

lua-nginx-module/src/ngx_http_lua_socket_tcp.c

Lines 1855 to 1857 in 9688812

	ngx_memcpy(u->ssl_name.data, server_name->data,
	server_name->len);
	u->ssl_name.len = server_name->len;

Found by Linux Verification Center with SVACE