commit 558b9cc3bc6961d26104cf726fe148f58ba36940
parent 5a3f01e8a1b9a7847dad17260dd859d5c92bb6bd
Author: Laslo Hunhold <dev@frign.de>
Date: Sun, 13 Nov 2022 09:12:25 +0100
Prevent two theoretical null-pointer-dereferences in gen/util.c
This was found using static analysis and is not a security issue given
this is in the generating code, so no runtime-affection. The worst that
could've happened beforehand is that the generating code segfaults and
produces garbage tables which would lead to compilation failure.
Signed-off-by: Laslo Hunhold <dev@frign.de>
Diffstat:
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/gen/util.c b/gen/util.c
@@ -602,7 +602,7 @@ properties_generate_break_property(const struct property_spec *spec,
static int
break_test_callback(const char *fname, char **field, size_t nfields,
- char *comment, void *payload)
+ char *comment, void *payload)
{
struct break_test *t,
**test = ((struct break_test_payload *)payload)->test;
@@ -668,7 +668,7 @@ break_test_callback(const char *fname, char **field, size_t nfields,
}
}
}
- if (t->len[t->lenlen - 1] == 0) {
+ if (t->lenlen > 0 && t->len[t->lenlen - 1] == 0) {
/*
* we allocated one more length than we needed because
* the breakpoint was at the end
@@ -677,7 +677,8 @@ break_test_callback(const char *fname, char **field, size_t nfields,
}
/* store comment */
- if (((*test)[*testlen - 1].descr = strdup(comment)) == NULL) {
+ if (comment != NULL &&
+ ((*test)[*testlen - 1].descr = strdup(comment)) == NULL) {
fprintf(stderr, "break_test_callback: strdup: %s.\n",
strerror(errno));
return 1;
