Report of the static analyzer: DEREF_OF_NULL.RET.STAT Return value of a function 'strtok_r' is dereferenced at dpkg.c:450 without checking for NULL, but it is usually checked for this function (23/25).
Corrections explained: 1. Added a check `field2 != NULL` before calling `strcmp` to prevent dereferencing a NULL pointer. 2. The logic of the function remains unchanged, but now it safely handles cases where the delimiter '|' is missing. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <[email protected]> --- archival/dpkg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archival/dpkg.c b/archival/dpkg.c index 8031956e9..f3b65ebf4 100644 --- a/archival/dpkg.c +++ b/archival/dpkg.c @@ -446,7 +446,7 @@ static void add_split_dependencies(common_node_t *parent_node, const char *whole line2 = xstrdup(field); field2 = strtok_r(line2, "|", &line_ptr2); or_edge = NULL; - if ((edge_type == EDGE_DEPENDS || edge_type == EDGE_PRE_DEPENDS) + if (field2 != NULL && (edge_type == EDGE_DEPENDS || edge_type == EDGE_PRE_DEPENDS) && (strcmp(field, field2) != 0) ) { or_edge = xzalloc(sizeof(edge_t)); -- 2.30.2 _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
