File Name: /crypto/stack/stack.c Function Name: sk_new_null() Code: 115: STACK *sk_new_null(void) 117: return sk_new((int (*)(const char * const *, const char * const *))0);
File Name: /apps/crl2p7.c Function Name: main() Buggy Code: 144: if (!certflst) certflst = sk_new_null(); File Name: /apps/ocsp.c Function Name: main() Buggy Code: 144: reqnames = sk_new_null(); File Name: /apps/pkcs12.c Function Name: main() Buggy Code: 235: if (!canames) canames = sk_new_null(); File Name: /apps/engine.c Function Name: main() Buggy Code: 350: STACK *engines = sk_new_null(); 351: STACK *pre_cmds = sk_new_null(); 352: STACK *post_cmds = sk_new_null(); Our research group develops an approach to discover potential bugs in software system. Our approach found a rule specifying that an error occurs if sk_new() returns NULL. The function sk_new_null() returns the object generated by sk_new() directly. Thus, it is inferred that an error occurs if sk_new_null() returns NULL. However, the outputs of sk_new_null() are not checked in the above code. Your opinions on the above potential bug which are very important to our research. Your reply is appreciated. Best regards, Raymond ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]