Hello tech@
buf.data is not initialized up front, which may lead to free(3)'ing a
garbage pointer. Found by llvm/scan-build.
Also free(3) handles NULL. No need to check.
Index: tasn_dec.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/tasn_dec.c,v
retrieving revision 1.26
diff -u -p -r1.26 tasn_dec.c
--- tasn_dec.c 19 Mar 2015 14:00:22 -0000 1.26
+++ tasn_dec.c 27 May 2015 18:40:34 -0000
@@ -669,6 +669,8 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char *cont = NULL;
long len;
+ buf.data = NULL;
+
if (!pval) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
return 0; /* Should never happen */
@@ -783,7 +785,7 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval,
ret = 1;
err:
- if (free_cont && buf.data)
+ if (free_cont)
free(buf.data);
return ret;
}
