>Number:         144723
>Category:       bin
>Synopsis:       [patch] port over coverity SA NULL deref warning fix for 
>hexdump(1) from NetBSD PR
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 14 00:30:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Garrett Cooper
>Release:        9-CURRENT
>Organization:
Cisco Systems, Inc.
>Environment:
FreeBSD bayonetta.localdomain 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Thu Mar  4 
13:16:39 PST 2010     
gcoo...@bayonetta.localdomain:/usr/obj/usr/src/sys/BAYONETTA  amd64
>Description:
As noted in the commit log for revision 1.19 of parse.c in NetBSD's cvs:

Simplify the way the end of a singly linked list is followed (for adding items) 
so it is more obvious that we aren't going to indirect through a null pointer.
Fixes coverty SID:101
>How-To-Repeat:
n/a
>Fix:
See attached patch.

Patch attached with submission follows:

Index: parse.c
===================================================================
--- parse.c     (revision 205137)
+++ parse.c     (working copy)
@@ -214,7 +214,6 @@
        int nconv, prec;
        size_t len;
 
-       nextpr = NULL;
        prec = 0;
 
        for (fu = fs->nextfu; fu; fu = fu->nextfu) {
@@ -222,13 +221,9 @@
                 * Break each format unit into print units; each conversion
                 * character gets its own.
                 */
+               nextpr = &fu->nextpr;
                for (nconv = 0, fmtp = fu->fmt; *fmtp; nextpr = &pr->nextpr) {
-                       if ((pr = calloc(1, sizeof(PR))) == NULL)
-                               err(1, NULL);
-                       if (!fu->nextpr)
-                               fu->nextpr = pr;
-                       else
-                               *nextpr = pr;
+                       *nextpr = pr;
 
                        /* Skip preceding text and up to the next % sign. */
                        for (p1 = fmtp; *p1 && *p1 != '%'; ++p1);


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to