On Friday 29 May 2015, Benjamin Baier wrote: > Hello tech@ > > buf.data is not initialized up front, which may lead to free(3)'ing a > garbage pointer. Found by llvm/scan-build. > Also free(3) handles NULL. No need to check.
At first glance this is not actually a real problem - free_cont is initialised to zero, then only set to one after buf.data has been initialised. That said, I'll take a closer look. > Index: tasn_dec.c > =================================================================== > RCS file: /cvs/src/lib/libssl/src/crypto/asn1/tasn_dec.c,v > retrieving revision 1.26 > diff -u -p -r1.26 tasn_dec.c > --- tasn_dec.c 19 Mar 2015 14:00:22 -0000 1.26 > +++ tasn_dec.c 27 May 2015 18:40:34 -0000 > @@ -669,6 +669,8 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, > const unsigned char *cont = NULL; > long len; > > + buf.data = NULL; > + > if (!pval) { > ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); > return 0; /* Should never happen */ > @@ -783,7 +785,7 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, > ret = 1; > > err: > - if (free_cont && buf.data) > + if (free_cont) > free(buf.data); > return ret; > } -- "Action without study is fatal. Study without action is futile." -- Mary Ritter Beard