From: SourceForge.net <no...@so...> - 2006-10-09 02:20:08
|
Bugs item #1564677, was opened at 2006-09-24 12:28 Message generated for change (Comment added) made by sf-robot You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110894&aid=1564677&group_id=10894 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: 01. Notifier Group: None >Status: Closed Resolution: Fixed Priority: 5 Submitted By: miguel sofer (msofer) Assigned to: Donal K. Fellows (dkf) Summary: possible NULL deref in Tcl_DeleteEvents Initial Comment: Coverity's bug #10 complains that the line prevPtr->nextPtr = evPtr->nextPtr; in Tcl_DeleteEvents might be dereferencing a NULL prevPtr. At first sight I can not see why that would be wrong. Is this a bug? ---------------------------------------------------------------------- >Comment By: SourceForge Robot (sf-robot) Date: 2006-10-08 19:20 Message: Logged In: YES user_id=1312539 This Tracker item was closed automatically by the system. It was previously set to a Pending status, and the original submitter did not respond within 14 days (the time period specified by the administrator of this Tracker). ---------------------------------------------------------------------- Comment By: Donal K. Fellows (dkf) Date: 2006-09-24 17:09 Message: Logged In: YES user_id=79902 The problem is that demonstrating that the pointer is non-NULL is significantly tricky; it relies on higher order properties (and could theoretically be messed up by maintenance). "Fixed" in HEAD by replacing the offending line with: if (prevPtr == NULL) { Tcl_Panic("badly connected event list"); } else { prevPtr->nextPtr = evPtr->nextPtr; } Let me know if a backport is needed. ---------------------------------------------------------------------- Comment By: Joe English (jenglish) Date: 2006-09-24 16:02 Message: Logged In: YES user_id=68433 (last comment was from me -- sorry, forgot to log in first ("Remember me" seems to have no effect...)) ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-09-24 15:58 Message: Logged In: NO The outermost for (;;) loop has the invariant: (tsdPtr->firstEventPtr == evPtr) <==> (prevPtr == NULL) Replacing the test 'if (tsdPtr->firstEventPtr == evPtr)' with the equivalent 'if (prevPtr == NULL)' ought to fix the warning since the assignment to 'prevPtr->nextPtr' is in the 'else' clause. Or perhaps even better: if (prevPtr != NULL) { prevPtr->nextPtr = evPtr->nextPtr; } else { tsdPtr->firstEventPtr = evPtr->nextPtr; } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110894&aid=1564677&group_id=10894 |