[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential Null pointer dereference in tar 1.35
|
From: |
Sergey Poznyakoff |
|
Subject: |
Re: Potential Null pointer dereference in tar 1.35 |
|
Date: |
Thu, 21 Sep 2023 18:58:20 +0200 |
|
User-agent: |
MH (GNU Mailutils 3.15) |
2ourc3 1er <s0urc3.1er@gmail.com> ha escrit:
> static int
> coalesce_segment (struct wordsplit *wsp, struct wordsplit_node *node)
> {
> struct wordsplit_node *p, *end;
> size_t len = 0;
> char *buf, *cur;
> for (p = node; p->flags & _WSNF_JOIN; )
> len += wsnode_len (p);
>
> // Value assigned to field 'next'
> p = p->next;
That was fixed in commit 5114218025b4562392dd260e2533d3fa2bc0220e.
> struct wordsplit_node *next = p->next;
> // 'next' initialized to a null pointer value
>
> // Access to field 'next' results in a dereference of a null pointer
> (loaded from variable 'p')
> const char *str = wsnode_ptr (wsp, p);
It won't, because the loop will be broken in line 608.
Regards,
Sergey