Report of the static analyzer:
After having been assigned to a NULL value at
dwfl_segment_report_module.c:187, pointer 'retval' is
dereferenced at dwfl_segment_report_module.c:195 by
calling function 'strcmp'. (CWE476)
Corrections explained:
When processing file notes, the code could dereference
a NULL pointer if 'retval' was not initialized. This patch
adds a check to ensure 'retval' is not NULL before using it
in strcmp.
The fix ensures that the function safely handles cases where
'retval' is NULL, avoiding potential crashes.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
libdwfl/dwfl_segment_report_module.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libdwfl/dwfl_segment_report_module.c
b/libdwfl/dwfl_segment_report_module.c
index 32f44af8..565884f0 100644
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -205,8 +205,11 @@ handle_file_note (GElf_Addr module_start, GElf_Addr
module_end,
return NULL;
if (mix == firstix)
retval = fptr;
- if (firstix < mix && mix <= lastix && strcmp (fptr, retval) != 0)
- return NULL;
+ if (firstix < mix && mix <= lastix)
+ {
+ if (retval == NULL || strcmp(fptr, retval) != 0)
+ return NULL;
+ }
fptr = fnext + 1;
}
return retval;
--
2.30.2
