|
From: | Paul Eggert |
Subject: | bug#65269: Possible null pointer dereference on the function cycle_check in rm |
Date: | Tue, 15 Aug 2023 14:47:52 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 |
On 2023-08-14 00:05, Haoxin Tu wrote:
if the function `fts_read` get a return value of NULL and the malloc from `fts->fts_cycle.state = malloc (sizeof *fts->fts_cycle.state)` (Line 62 in fts_cycle.c) is NULL, the pointer `fts->fts_cycle.state` will still keep 0 before the free operation `free (sp->fts_cycle.state);` (Line 159 in fts_cycle.c), leading to free of invalid address.
I don't see a problem, since 'free (0)' is valid and does nothing.
[Prev in Thread] | Current Thread | [Next in Thread] |