The currently used idiom for clearing the part of a ccb after its
headers generates one or two Coverity errors for each instance. All
instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array.
Some instances also alsp generate Out-of-bounds access (OVERRUN)
errors, probably because the space being cleared is larger than the
header struct.
In addition, this idiom is difficult for humans to understand and it
is error prone. The user has to chose the proper struct ccb_* type
(which does not appear in the surrounding code) for the sizeof() in
the length calculation. I found several instances where the length
was incorrect, which could cause either an actual out of bounds
write, or incompletely clear the ccb. These are noted inline below.
I think most of the problems flagged by Coverity are false
positives, but it is difficult to tell without studying each in
detail.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the name of the union ccb member, which is used
elsewhere in the surrounding code. Furthermore, this can all be
wrapped in a convenient macro to avoid repetition of a the same
boiler-plate code in many places.