Menu

#445 [Patch] interface. c : dereference of a null pointer possible in loop

Quality
closed-accepted
nobody
None
5
2017-08-08
2014-09-25
Renu Tyagi
No

For file mpglib/interface.c in function sync_buffer(PMPSTR mp, int free_match)
The static analyzer tool shows issue of Dereference before null check in following code:

pos = buf->pos;
for (i = 0; i < mp->bsize; i++) {
/ get 4 bytes /

    b[0] = b[1];
    b[1] = b[2];
    b[2] = b[3];
    while (pos >= buf->size) {
        buf = buf->next;
        pos = buf->pos;
        if (!buf) {
            return -1;
            /* not enough data to read 4 bytes */
        }
    }
    b[3] = buf->pnt[pos];
    ++pos;

In the above code buf is checked to be null after the dereference in line pos = buf->pos;
which can result in dereference of a null pointer .
so null check should be before pos = buf->pos;

Please find attached patch.

1 Attachments

Discussion

  • Robert Hegemann

    Robert Hegemann - 2017-08-08
    • status: open --> closed-accepted
     
  • Robert Hegemann

    Robert Hegemann - 2017-08-08

    Thanks!

     

Log in to post a comment.

MongoDB Logo MongoDB