From: "René Scharfe" <rene.scharfe@lsrfire.ath.cx>
To: Jeff King <peff@peff.net>
Cc: Michael Mueller <mmueller@vigilantsw.com>, git@vger.kernel.org
Subject: Re: Possible segfault introduced in commit.c
Date: Wed, 25 Apr 2012 22:22:34 +0200 [thread overview]
Message-ID: <4F985D0A.9020100@lsrfire.ath.cx> (raw)
In-Reply-To: <20120425111435.GA21579@sigill.intra.peff.net>
Am 25.04.2012 13:14, schrieb Jeff King:
> On Wed, Apr 25, 2012 at 12:59:28AM -0700, Michael Mueller wrote:
>
>> As you might already know, we analyze git regularly with Sentry (our
>> static analysis tool). Today it picked up a new NULL pointer
>> dereference in commit.c:366:
>>
>> void commit_list_reverse(struct commit_list **list_p)
>> {
>> struct commit_list *prev = NULL, *curr = *list_p, *next;
>>
>> if (!list_p)
>> return;
>> /* function continues... */
>> }
>>
>> list_p is dereferenced on the first line, then tested for NULL on
>> the very next statement. If it's possible that list_p is NULL, this
>> will be a segfault. If it can't be NULL, then the check is
>> unnecessary (and probably misleading).
>
> Yes, you're right. There is only one caller currently, and it can never
> be NULL (it passes the address-of a pointer variable). I think dropping
> the NULL-check is the right thing; even an empty list will still have a
> pointer to its NULL head.
More often then not, a mistake like that is surrounded by other issues.
No, I didn't put it there intentionally to prove this point. ;-)
Having to reverse the list at all is unfortunate and I only did that
because I thought appending would be more complicated and because we are
going to replace the linked list with a different data structure soon
anyway. Turns out appending is easy. Patches to follow.
René
next prev parent reply other threads:[~2012-04-25 20:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-25 7:59 Possible segfault introduced in commit.c Michael Mueller
2012-04-25 11:14 ` Jeff King
2012-04-25 20:22 ` René Scharfe [this message]
2012-04-25 20:35 ` [PATCH 1/3] sequencer: export commit_list_append() René Scharfe
2012-04-25 22:03 ` Junio C Hamano
2012-04-30 21:07 ` René Scharfe
2012-04-25 20:35 ` [PATCH 2/3] revision: append to list instead of insert and reverse René Scharfe
2012-04-25 20:35 ` [PATCH 3/3] commit: remove commit_list_reverse() René Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F985D0A.9020100@lsrfire.ath.cx \
--to=rene.scharfe@lsrfire.ath.cx \
--cc=git@vger.kernel.org \
--cc=mmueller@vigilantsw.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.