[PATCH cgi-io 02/12] Fix possible NULL dereference

Petr Štetiar ynezz at true.cz
Mon Oct 12 08:37:08 EDT 2020


Fixes following issue as reported by GCC-10 static analyzer:

 multipart_parser.c: In function ‘multipart_parser_init’:
 multipart_parser.c:88:22: error: dereference of possibly-NULL ‘p’ [CWE-690] [-Werror=analyzer-possible-null-dereference]

   88 |   p->boundary_length = strlen(boundary);
      |   ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
  ‘multipart_parser_init’: events 1-2
    |
    |   83 |   multipart_parser* p = malloc(sizeof(multipart_parser) +
    |      |   ^~~~~~~~~~~~~~~~
    |      |   |
    |      |   (1) this call could return NULL
    |......
    |   88 |   p->boundary_length = strlen(boundary);
    |      |   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                      |
    |      |                      (2) ‘p’ could be NULL: unchecked value from (1)

Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 multipart_parser.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/multipart_parser.c b/multipart_parser.c
index ee82c82c8bfa..f1e1f38e1d71 100644
--- a/multipart_parser.c
+++ b/multipart_parser.c
@@ -84,6 +84,9 @@ multipart_parser* multipart_parser_init
                                strlen(boundary) +
                                strlen(boundary) + 9);
 
+  if (!p)
+	  return NULL;
+
   strcpy(p->multipart_boundary, boundary);
   p->boundary_length = strlen(boundary);
 



More information about the openwrt-devel mailing list