From 05e08a21d125bc8f65fbd4bf41d7c80bb973bd1b Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 6 Apr 2022 12:54:08 +1000
Subject: [PATCH 1/2] Remove unnecessary NULL test leading to REVERSE_INULL
 false positive

    *** CID 351371:  Null pointer dereferences  (REVERSE_INULL)
    /lib/dns/adb.c: 2615 in dns_adb_createfind()
    2609     	/*
    2610     	 * Copy out error flags from the name structure into the find.
    2611     	 */
    2612     	find->result_v4 = find_err_map[adbname->fetch_err];
    2613     	find->result_v6 = find_err_map[adbname->fetch6_err];
    2614
    >>>     CID 351371:  Null pointer dereferences  (REVERSE_INULL)
    >>>     Null-checking "find" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    2615     	if (find != NULL) {
    2616     		if (want_event) {
    2617     			INSIST((find->flags & DNS_ADBFIND_ADDRESSMASK) != 0);
    2618     			isc_task_attach(task, &(isc_task_t *){ NULL });
    2619     			find->event.ev_sender = task;
    2620     			find->event.ev_action = action;
---
 lib/dns/adb.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index c0c9b6ceca..e572dee239 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -2612,18 +2612,16 @@ post_copy:
 	find->result_v4 = find_err_map[adbname->fetch_err];
 	find->result_v6 = find_err_map[adbname->fetch6_err];
 
-	if (find != NULL) {
-		if (want_event) {
-			INSIST((find->flags & DNS_ADBFIND_ADDRESSMASK) != 0);
-			isc_task_attach(task, &(isc_task_t *){ NULL });
-			find->event.ev_sender = task;
-			find->event.ev_action = action;
-			find->event.ev_arg = arg;
-		}
-
-		*findp = find;
+	if (want_event) {
+		INSIST((find->flags & DNS_ADBFIND_ADDRESSMASK) != 0);
+		isc_task_attach(task, &(isc_task_t *){ NULL });
+		find->event.ev_sender = task;
+		find->event.ev_action = action;
+		find->event.ev_arg = arg;
 	}
 
+	*findp = find;
+
 	UNLOCK(&nbucket->lock);
 	return (result);
 }

From ed1e480c53c354e0369cb52fb8b9a32e9cbe2779 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 6 Apr 2022 12:56:17 +1000
Subject: [PATCH 2/2] Move lock to before label to prevent duplicate lock

    *** CID 351370:  Program hangs  (LOCK)
    /lib/dns/adb.c: 2699 in dns_adb_cancelfind()
    2693
    2694     	LOCK(&nbucket->lock);
    2695     	ISC_LIST_UNLINK(adbname->finds, find, plink);
    2696     	UNLOCK(&nbucket->lock);
    2697
    2698     cleanup:
    >>>     CID 351370:  Program hangs  (LOCK)
    >>>     "pthread_mutex_lock" locks "find->lock" while it is locked.
    2699     	LOCK(&find->lock);
    2700     	if (!FIND_EVENTSENT(find)) {
    2701     		ev = &find->event;
    2702     		task = ev->ev_sender;
    2703     		ev->ev_sender = find;
    2704     		ev->ev_type = DNS_EVENT_ADBCANCELED;
---
 lib/dns/adb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index e572dee239..ae616710a4 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -2687,14 +2687,14 @@ dns_adb_cancelfind(dns_adbfind_t *find) {
 	adbname = find->adbname;
 	find->adbname = NULL;
 	nbucket = adbname->bucket;
-	UNLOCK(&find->lock);
 
+	UNLOCK(&find->lock);
 	LOCK(&nbucket->lock);
 	ISC_LIST_UNLINK(adbname->finds, find, plink);
 	UNLOCK(&nbucket->lock);
+	LOCK(&find->lock);
 
 cleanup:
-	LOCK(&find->lock);
 	if (!FIND_EVENTSENT(find)) {
 		ev = &find->event;
 		task = ev->ev_sender;