[PATCH] xfree86: check for NULL pointer before dereferences it in parser code
Dan Nicholson
dbn.lists at gmail.com
Fri Apr 16 11:19:05 PDT 2010
On Fri, Apr 16, 2010 at 10:16 AM, Éric Piel <E.A.B.Piel at tudelft.nl> wrote:
> On 16/04/10 18:17, Alan Coopersmith wrote:
>> Tiago Vignatti wrote:
>>> Seems to be harmless. Meh.
>>>
>>> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
>>> ---
>>> hw/xfree86/parser/scan.c | 9 +++++++--
>>> 1 files changed, 7 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/hw/xfree86/parser/scan.c b/hw/xfree86/parser/scan.c
>>> index 8aab0cf..0b9461b 100644
>>> --- a/hw/xfree86/parser/scan.c
>>> +++ b/hw/xfree86/parser/scan.c
>>> @@ -844,11 +844,16 @@ OpenConfigFile(const char *path, const char *cmdline, const char *projroot,
>>> static int
>>> ConfigFilter(const struct dirent *de)
>>> {
>>> - const char *name = de->d_name;
>>> + const char *name;
>>> size_t len = strlen(name);
>>> size_t suflen = strlen(XCONFIGSUFFIX);
>>>
>>> - if (!name || name[0] == '.' || len <= suflen)
>>> + if (!name)
>>> + return 0;
>>> +
>>> + name = de->d_name;
>>
>> NACK. You are now checking if the uninitialized variable is not-NULL and
>> never checking the actual value, as well as calling strlen on the uninitialized
>> value. The problem is that strlen(name) is being called before if (!name), so
>> the correct fix would be:
> ... and you probably want to check de is not NULL as well :-)
Actually, this function is only over called as the filter for scandir.
I doubt that scandir will be passing it a NULL dirent, but I can't say
that for sure.
--
Dan
More information about the xorg-devel
mailing list