Hi Anton, On Sat, Feb 01, 2025 at 02:10:03AM +0300, Anton Moryakov wrote: > Report of the static analyzer: > After having been assigned to a NULL value at > dwfl_segment_report_module.c:187, pointer 'retval' is > dereferenced at dwfl_segment_report_module.c:195 by > calling function 'strcmp'. (CWE476)
These line numbers seem off. Which version of the file are you checking against? > Corrections explained: > When processing file notes, the code could dereference > a NULL pointer if 'retval' was not initialized. This patch > adds a check to ensure 'retval' is not NULL before using it > in strcmp. > > The fix ensures that the function safely handles cases where > 'retval' is NULL, avoiding potential crashes. Isn't this the same as we discussed before? https://inbox.sourceware.org/elfutils-devel/fafbecf35ed2545ecd161dde1c5bbb4c1b4961b6.ca...@klomp.org/ and https://inbox.sourceware.org/elfutils-devel/20240702111528.ga29...@gnu.wildebeest.org/ Was the analyzis in the above messages incorrect? Thanks, Mark > Triggers found by static analyzer Svace. > > Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com> > > --- > libdwfl/dwfl_segment_report_module.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/libdwfl/dwfl_segment_report_module.c > b/libdwfl/dwfl_segment_report_module.c > index 32f44af8..565884f0 100644 > --- a/libdwfl/dwfl_segment_report_module.c > +++ b/libdwfl/dwfl_segment_report_module.c > @@ -205,8 +205,11 @@ handle_file_note (GElf_Addr module_start, GElf_Addr > module_end, > return NULL; > if (mix == firstix) > retval = fptr; > - if (firstix < mix && mix <= lastix && strcmp (fptr, retval) != 0) > - return NULL; > + if (firstix < mix && mix <= lastix) > + { > + if (retval == NULL || strcmp(fptr, retval) != 0) > + return NULL; > + } > fptr = fnext + 1; > } > return retval; > -- > 2.30.2 >
