This code attempts to first check whether another error was detected for
the string it is parsing, then if it's not at the end of the tokens,
report an error. However, 'errorp' is always a valid pointer to a
'char *', so the first check in this statement always evaluates false.
Furthermore, this behaviour may be optimised out by modern compilers
due to the prior dereference in expr_parse(). Fix this to check the
actual value of *errorp.
Found by MIT STACK analyzer.
Signed-off-by: Joe Stringer <joestrin...@nicira.com>
---
ovn/lib/expr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ovn/lib/expr.c b/ovn/lib/expr.c
index c81c453..510a15e 100644
--- a/ovn/lib/expr.c
+++ b/ovn/lib/expr.c
@@ -1044,7 +1044,7 @@ expr_parse_string(const char *s, const struct shash
*symtab, char **errorp)
lexer_init(&lexer, s);
lexer_get(&lexer);
expr = expr_parse(&lexer, symtab, errorp);
- if (!errorp && lexer.token.type != LEX_T_END) {
+ if (!*errorp && lexer.token.type != LEX_T_END) {
*errorp = xstrdup("Extra tokens at end of input.");
expr_destroy(expr);
expr = NULL;
--
2.1.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
