On Monday 08 October 2012 15:59:04 Peter Stuge wrote: > Daniel Stenberg wrote: > >> Also, I don't think that libssh2 needs to validate programmer input. If > >> someone passes a NULL pointer to a function that is really an error, and > >> they will then have a problem sooner or later anyway. > > > > Is it possibly so that we use that function internally somewhere with a > > (possibly) NULL argument?
I cannot see any internal use of the function unless you count the examples. > If yes, then that's what need to be fixed. I suspect that Coverity > just notices that it is unchecked user input though. Nope. It spotted that the pointer was dereferenced prior to the NULL check, which is always a programming mistake: Error: REVERSE_INULL (CWE-476): src/channel.c:1486: deref_ptr: Directly dereferencing pointer "channel". src/channel.c:1489: check_after_deref: Dereferencing "channel" before a null check. Kamil _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
