Report of the static analyzer: DEREF_OF_NULL.EX After having been assigned to a NULL value at dpkg.c:845, pointer 'status_from_file' is dereferenced at dpkg.c:852 by calling function 'strcmp'.
Corrections explained: 1. Added a check `status_from_file != NULL` before calling `strcmp` to prevent dereferencing a NULL pointer. 2. The logic of the function remains unchanged, but now it safely handles cases where the status is missing in the control file. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <[email protected]> --- archival/dpkg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archival/dpkg.c b/archival/dpkg.c index 8031956e9..d667d919d 100644 --- a/archival/dpkg.c +++ b/archival/dpkg.c @@ -849,7 +849,7 @@ static void write_status_file(deb_file_t **deb_file) status_num = search_status_hashtable(package_name); if (status_hashtable[status_num] != NULL) { const char *status_from_hashtable = name_hashtable[status_hashtable[status_num]->status]; - if (strcmp(status_from_file, status_from_hashtable) != 0) { + if (status_from_file != NULL && strcmp(status_from_file, status_from_hashtable) != 0) { /* New status isn't exactly the same as old status */ const int state_status = get_status(status_num, 3); if ((strcmp("installed", name_hashtable[state_status]) == 0) -- 2.30.2 _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
