range-check.c

/*
 * range-check.c
 * Copyright (C) 2019 tox <tox@rootkit>
 *
 * Distributed under terms of the MIT license.
 */

#include <stdlib.h>
#include <stdio.h>

struct Array {
	size_t size;
	char *buf;
};

void create(struct Array *arr, size_t size) {
	arr->buf = calloc(size, sizeof(char));
	arr->size = size;
}

void extend(struct Array *arr, size_t extend) {
	size_t new_size = extend + arr->size;

	// Overflow check:
	if (new_size < extend && arr->size < extend) {
		return;
	}

	if (new_size == 0) {
		free(arr->buf);
		return;
	}

	arr->buf = realloc(arr->buf, new_size * sizeof(char));
}

int main(int argc, char *argv[]) {
	struct Array arr = { 0 };
	if (argc != 3)
		return 1;

	size_t a = atoi(argv[1]);
	size_t b = atoi(argv[2]);

	if (a != 0) {
		create(&arr, a);
	} else {
		return 0;
	}

	if (b != 0) {
		extend(&arr, b);
	}

	free(arr.buf);

	return 0;
}

range-check.log

scan-build: Using '/usr/bin/clang-7' for static analysis
range-check.c:55:2: warning: Attempt to free released memory
        free(arr.buf);
        ^~~~~~~~~~~~~
1 warning generated.
scan-build: 1 bug found.
scan-build: Run 'scan-view /tmp/scan-build-2019-02-11-113701-19037-1' to examine bug reports.