Hi everyone
Can I inquire here? If it's a problem, I'll delete it.
I have question about static analysis. below code, Why use after free?
I can see modem.c and ussd.c, simfs.c let me know if you have any intentions.
g_slist_remove() doesn't actually access the pointer. It doesn't even
assume that it's a valid pointer (it could be an int cast to a pointer,
for example). There's no danger whatsoever in freeing the memory first
and then passing the pointer to g_slist_remove()
Although it would probably be cleaner to use g_slist_delete_link() for
the found link, instead of g_slist_remove()
Cheers,
-Slava
=====================
Use after free (USE_AFTER_FREE)
pass_freed_arg: Passing freed pointer found->data as an argument to
g_slist_remove
in modem.c
g_free(found->data);
modem->interface_list =
g_slist_remove(modem->interface_list,found->data);
feature = get_feature(interface);
if (feature) {
found = g_slist_find_custom(modem->feature_list,
feature,(GCompareFunc) strcmp);
if (found) {
g_free(found->data);
modem->feature_list =
g_slist_remove(modem->feature_list,
found->data);
}
}
=====================
in ussd.c
ssc_entry_destroy(l->data);
ussd->ss_control_list = g_slist_remove(ussd->ss_control_list, l->data);
=====================
in simfs.c
sim_fs_op_free(op);
g_queue_remove(fs->op_q, op);
_______________________________________________
ofono mailing list -- [email protected]
To unsubscribe send an email to [email protected]
.
_______________________________________________
ofono mailing list -- [email protected]
To unsubscribe send an email to [email protected]
