[Geany-Devel] CodeAi Fixes a Null Pointer Dereference
mbrush at xxxxx
Thu May 11 00:22:35 UTC 2017
On 2017-05-10 04:09 PM, Lex Trotman wrote:
> On 11 May 2017 at 08:10, Benjamin Bales <benjamin.bales at qbitlogic.com>
>> CodeAi (https://github.com/C0deAi), an automated repair tool developed at
>> QbitLogic (www.qbitlogic.com), suggested the following fix. Could I
>> submit it as a patch if it looks alright?
>> plugins/saveactions.c: “doc->file_type” pointer might be dereferenced when
>> null on line 283. Initialization may be provided by “doc” passed in as a
>> function argument, but a null check would be prudent just in case. The fix
>> checks “doc->file_type” for null before allowing a dereference on the
>> following line. A snapshot of the bug report generated by CodeAi is
>> attached. A full report is available upon request.
> This function is called (via the signal framework) by the function that
> created `doc` and as such cannot be null. The design of the application
> uses the signal framework to decouple caller and callee and this is likely
> to confuse your tool since it cannot see where functions are called.
> Whilst any contributions are welcome, a report with a lot of similar false
> positives may end up being ignored and be a bad advertisement for your tool.
Naw, I think it's technically a real bug, albeit very minor. It's the
`file_type` member of the `doc` that can be NULL. IIUC tools like this
look to see if you checked the NULL-ness of something and then proceed
to dereference it outside of that check later, which this code does
(checks if `ft == NULL` several lines up and then unconditionally
dereferences it on the line given by the OP).
More information about the Devel