Re: [Iup-users] CID 210573 (#1 of 1): Dereference after null check (FORWARD_NULL)

Ranier VF Fri, 19 Jan 2018 09:01:35 -0800

Hi,
Well can be rarely but.

If afunc->system_default is NOT NULL and afunc->default_value is NULL,
and afunc->call_global_default IS NOT NULL:


if ((!iupStrEqualNoCase(afunc->default_value, afunc->system_default)) ||

take false branch,  and

(afunc->call_global_default && 
iupGlobalDefaultColorChanged(afunc->default_value)))

take true branch,

iupGlobalDefaultColorChange is called with afunc->default_value=NULL.

int iupGlobalDefaultColorChanged(const char *name)
51{
52  char str[50] = "_IUP_USER_DEFAULT_";
  1. deref_parm_in_call: Function strcat dereferences name.
53  strcat(str, name)

Result segmentation fault, rare, but possible.

Best.
Ranier
________________________________________
De: Antonio Scuri <antonio.sc...@gmail.com>
Enviado: sexta-feira, 19 de janeiro de 2018 10:54
Para: IUP discussion list.
Assunto: Re: [Iup-users] CID 210573 (#1 of 1): Dereference after null check 
(FORWARD_NULL)

  The first if tests for:

(afunc->default_value || afunc->system_default) &&

  So default_value can be NULL if system_default is not. Or they are equal and 
NOT NULL.

  The second if tests for:

if ((!iupStrEqualNoCase(afunc->default_value, afunc->system_default)) ||

  If they are not equal OR

  then they are equal and not NULL at:

          (afunc->call_global_default && 
iupGlobalDefaultColorChanged(afunc->default_value)))

  There is no need for " && afunc->default_value"

Best,
Scuri


2018-01-19 0:06 GMT-02:00 Ranier VF 
<ranier_...@hotmail.com<mailto:ranier_...@hotmail.com>>:
Hi,
Issue found by Coverity Scan.
CID 210573 (#1 of 1): Dereference after null check (FORWARD_NULL)
var_deref_model: Passing null pointer afunc->default_value to 
iupGlobalDefaultColorChanged, which dereferences it.

--- a\src\iup_classattrib.c     Fri Oct 14 13:48:50 2016
+++ b\src\iup_classattrib.c     Fri Jan 19 00:01:03 2018
@@ -990,7 +990,8 @@
         !(afunc->flags & IUPAF_HAS_ID))
     {
       if ((!iupStrEqualNoCase(afunc->default_value, afunc->system_default)) ||
-          (afunc->call_global_default && 
iupGlobalDefaultColorChanged(afunc->default_value)))
+          (afunc->call_global_default && afunc->default_value &&
+           iupGlobalDefaultColorChanged(afunc->default_value)))
       {
         if ((!ih->handle && (afunc->flags & IUPAF_NOT_MAPPED)) ||
             (ih->handle && !(afunc->flags & IUPAF_NOT_MAPPED)))

Best.
Ranier
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net<mailto:Iup-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/iup-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/iup-users

Re: [Iup-users] CID 210573 (#1 of 1): Dereference after null check (FORWARD_NULL)

Reply via email to