[devel] [PATCH for apt v2 16/21] Don't access uninitialized data

Aleksei Nikiforov darktemplar на altlinux.org
Чт Дек 12 12:57:25 MSK 2019


Found via clang-static-analyzer:
Logic error: Dereference of null pointer:
Array access (from variable 'v') results in a null pointer dereference

Logic error: Called C++ object pointer is null:
Called C++ object pointer is null
---
 apt/methods/http.cc     | 25 ++++++++++++++-----------
 apt/tools/genpkglist.cc | 12 +++++++-----
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/apt/methods/http.cc b/apt/methods/http.cc
index 6b5c2a5..c9a37de 100644
--- a/apt/methods/http.cc
+++ b/apt/methods/http.cc
@@ -844,19 +844,22 @@ bool HttpMethod::ServerDie(ServerState *Srv)
 {
    unsigned int LErrno = errno;
    
-   // Dump the buffer to the file
-   if (Srv->State == ServerState::Data)
+   if (File != 0)
    {
-      SetNonBlock(File->Fd(),false);
-      while (Srv->In.WriteSpace() == true)
+      // Dump the buffer to the file
+      if (Srv->State == ServerState::Data)
       {
-	 auto FileFD = MethodFd::FromFd(File->Fd());
-	 if (Srv->In.Write(FileFD) == false)
-	    return _error->Errno("write",_("Error writing to the file"));
-
-	 // Done
-	 if (Srv->In.IsLimit() == true)
-	    return true;
+         SetNonBlock(File->Fd(),false);
+         while (Srv->In.WriteSpace() == true)
+         {
+	    auto FileFD = MethodFd::FromFd(File->Fd());
+	    if (Srv->In.Write(FileFD) == false)
+	       return _error->Errno("write",_("Error writing to the file"));
+
+	    // Done
+	    if (Srv->In.IsLimit() == true)
+	       return true;
+         }
       }
    }
    
diff --git a/apt/tools/genpkglist.cc b/apt/tools/genpkglist.cc
index b354a08..2350f6d 100644
--- a/apt/tools/genpkglist.cc
+++ b/apt/tools/genpkglist.cc
@@ -488,8 +488,6 @@ int scandir(const char * dir, struct dirent *** namelist,
       }
     }
 
-  v[i] = NULL;
-
   if (errno != 0)
     {
       save = errno;
@@ -504,9 +502,13 @@ int scandir(const char * dir, struct dirent *** namelist,
   (void) closedir (dp);
   errno = save;
 
-  /* Sort the list if we have a comparison function to sort with.  */
-  if (cmp != NULL)
-    qsort (v, i, sizeof (struct dirent *), cmp);
+  if (v != NULL)
+  {
+    v[i] = NULL;
+    /* Sort the list if we have a comparison function to sort with.  */
+    if (cmp != NULL)
+      qsort (v, i, sizeof (struct dirent *), cmp);
+  }
 
   *namelist = v;
   return i;
-- 
2.24.1



Подробная информация о списке рассылки Devel