[Geany-Devel] CodeAi Fixes a Null Pointer Dereference

Matthew Brush mbrush at xxxxx
Thu May 11 00:22:35 UTC 2017

On 2017-05-10 04:09 PM, Lex Trotman wrote:
> On 11 May 2017 at 08:10, Benjamin Bales <benjamin.bales at qbitlogic.com>
> wrote:
>> CodeAi (https://github.com/C0deAi), an automated repair tool developed at
>> QbitLogic (www.qbitlogic.com), suggested the following fix. Could I
>> submit it as a patch if it looks alright?
>> plugins/saveactions.c: “doc->file_type” pointer might be dereferenced when
>> null on line 283.  Initialization may be provided by “doc” passed in as a
>> function argument, but a null check would be prudent just in case. The fix
>> checks “doc->file_type” for null before allowing a dereference on the
>> following line.  A snapshot of the bug report generated by CodeAi is
>> attached.  A full report is available upon request.
> This function is called (via the signal framework) by the function that
> created `doc` and as such cannot be null.  The design of the application
> uses the signal framework to decouple caller and callee and this is likely
> to confuse your tool since it cannot see where functions are called.
> Whilst any contributions are welcome, a report with a lot of similar false
> positives may end up being ignored and be a bad advertisement for your tool.

Naw, I think it's technically a real bug, albeit very minor. It's the 
`file_type` member of the `doc` that can be NULL. IIUC tools like this 
look to see if you checked the NULL-ness of something and then proceed 
to dereference it outside of that check later, which this code does 
(checks if `ft == NULL` several lines up and then unconditionally 
dereferences it on the line given by the OP).

Matthew Brush

More information about the Devel mailing list