2ourc3 1er <s0urc3....@gmail.com> ha escrit:
> static int
> coalesce_segment (struct wordsplit *wsp, struct wordsplit_node *node)
> {
> struct wordsplit_node *p, *end;
> size_t len = 0;
> char *buf, *cur;
> for (p = node; p->flags & _WSNF_JOIN; )
> len += wsnode_len (p);
>
> // Value assigned to field 'next'
> p = p->next;
That was fixed in commit 5114218025b4562392dd260e2533d3fa2bc0220e.
> struct wordsplit_node *next = p->next;
> // 'next' initialized to a null pointer value
>
> // Access to field 'next' results in a dereference of a null pointer
> (loaded from variable 'p')
> const char *str = wsnode_ptr (wsp, p);
It won't, because the loop will be broken in line 608.
Regards,
Sergey
