The mpz_out_str implementation in mini-gmp.c computes strlen (NULL) if its base
argument is out of range. This causes GCC 10.1 -fanalyzer to complain:
mini-gmp.c:4428:9: error: use of NULL 'str' where non-null expected [CWE-690]
[-Wanalyzer-null-argument]
Proposed patch attached. This patch also fixes an unrelated double-negative in a
comment that confused me on first reading.
diff -r c5d0fcb06969 mini-gmp/mini-gmp.c
--- a/mini-gmp/mini-gmp.c Sat Jul 04 23:15:41 2020 +0200
+++ b/mini-gmp/mini-gmp.c Thu Jul 09 12:27:11 2020 -0700
@@ -32,7 +32,7 @@
/* NOTE: All functions in this file which are not declared in
mini-gmp.h are internal, and are not intended to be compatible
- neither with GMP nor with future versions of mini-gmp. */
+ with GMP or with future versions of mini-gmp. */
/* Much of the material copied from GMP files, including: gmp-impl.h,
longlong.h, mpn/generic/add_n.c, mpn/generic/addmul_1.c,
@@ -4425,6 +4425,8 @@
size_t len, n;
str = mpz_get_str (NULL, base, x);
+ if (!str)
+ return 0;
len = strlen (str);
n = fwrite (str, 1, len, stream);
gmp_free (str, len + 1);
_______________________________________________
gmp-bugs mailing list
[email protected]
https://gmplib.org/mailman/listinfo/gmp-bugs
