[PATCH] xfree86: check for NULL pointer before dereferences it in parser code

Éric Piel E.A.B.Piel at tudelft.nl
Fri Apr 16 10:16:57 PDT 2010


On 16/04/10 18:17, Alan Coopersmith wrote:
> Tiago Vignatti wrote:
>> Seems to be harmless. Meh.
>>
>> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
>> ---
>>  hw/xfree86/parser/scan.c |    9 +++++++--
>>  1 files changed, 7 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/xfree86/parser/scan.c b/hw/xfree86/parser/scan.c
>> index 8aab0cf..0b9461b 100644
>> --- a/hw/xfree86/parser/scan.c
>> +++ b/hw/xfree86/parser/scan.c
>> @@ -844,11 +844,16 @@ OpenConfigFile(const char *path, const char *cmdline, const char *projroot,
>>  static int
>>  ConfigFilter(const struct dirent *de)
>>  {
>> -	const char *name = de->d_name;
>> +	const char *name;
>>  	size_t len = strlen(name);
>>  	size_t suflen = strlen(XCONFIGSUFFIX);
>>  
>> -	if (!name || name[0] == '.' || len <= suflen)
>> +	if (!name)
>> +		return 0;
>> +
>> +	name = de->d_name;
> 
> NACK.  You are now checking if the uninitialized variable is not-NULL and
> never checking the actual value, as well as calling strlen on the uninitialized
> value.  The problem is that strlen(name) is being called before if (!name), so
> the correct fix would be:
... and you probably want to check de is not NULL as well :-)


Eric
> 
> @@ -845,10 +845,13 @@ static int
>  ConfigFilter(const struct dirent *de)
>  {
>         const char *name = de->d_name;
> -       size_t len = strlen(name);
> +       size_t len;
>         size_t suflen = strlen(XCONFIGSUFFIX);
> 
> -       if (!name || name[0] == '.' || len <= suflen)
> +       if (!name || name[0] == '.')
> +               return 0;
> +       len = strlen(name);
> +       if (len <= suflen)
>                 return 0;
>         if (strcmp(&name[len-suflen], XCONFIGSUFFIX) != 0)
>                 return 0;
> 
> 
> 



More information about the xorg-devel mailing list