Coverity reports: *** CID 1666509: Null pointer dereferences (FORWARD_NULL) /gllib/fts.c: 2085 in fts_safe_changedir() 2079 dir = NULL; 2080 } 2081 } 2082 } 2083 2084 newfd = fd; >>> CID 1666509: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "dir" to "diropen", which dereferences it. 2085 if (fd < 0 && (newfd = diropen (sp, dir)) < 0) 2086 return -1; 2087 2088 /* The following dev/inode check is necessary if we're doing a 2089 "logical" traversal (through symlinks, a la chown -L), if the 2090 system lacks O_NOFOLLOW support, or if we're changing to ".."
The tool is right: if at this point, fd was < 0 and dir was NULL, there would be a null-pointer access in the function diropen(). Let's make it clear (to the human reader as well) that this can't happen. 2025-10-21 Bruno Haible <[email protected]> fts: Attempt to silence Coverity Scan. * lib/fts.c (fts_safe_changedir): Add an assertion. diff --git a/lib/fts.c b/lib/fts.c index 4ab2a96a95..db6a0a3efa 100644 --- a/lib/fts.c +++ b/lib/fts.c @@ -2046,6 +2046,7 @@ static int internal_function fts_safe_changedir (FTS *sp, FTSENT *p, int fd, char const *dir) { + fts_assert (0 <= fd || dir != NULL); int ret; bool is_dotdot = dir && streq (dir, ".."); int newfd;
