I'm looking at updating the bison in Solaris and one of the requirements
is to run an internal tool (parfait) on it to check for problems. It seems
to have found that while symbol_list_n_get() can return NULL, there are
a few callers that just dereference the return value and don't check for
that.
Here's the output from a run on 2.7.1, but it looks like 3.0.2 hasn't
changed
in that respect:
Error: Null pointer dereference (CWE 476)
Write to null pointer symbol_list_n_get(effective_rule, n)
at line 798 of
components/bison/build/amd64/src/../../../src/scan-code.l in function
'handle_action_dollar'.
Function symbol_list_n_get may return constant 'NULL' at line
193, called at line 798.
Null pointer introduced at line 193 of
components/bison/build/amd64/src/symlist.c in function 'symbol_list_n_get'.
Error: Null pointer dereference (CWE 476)
Read from null pointer symbol_list_n_get(...)
at line 268 of components/bison/build/amd64/src/reader.c in
function 'symbol_should_be_used'.
Function symbol_list_n_get may return constant 'NULL' at line
193, called at line 268.
Null pointer introduced at line 193 of
components/bison/build/amd64/src/symlist.c in function 'symbol_list_n_get'.
Error: Null pointer dereference (CWE 476)
Read from null pointer symbol_list_n_get(...)
at line 536 of components/bison/build/amd64/src/reader.c in
function 'packgram'.
Function symbol_list_n_get may return constant 'NULL' at line
193, called at line 536.
Null pointer introduced at line 193 of
components/bison/build/amd64/src/symlist.c in function 'symbol_list_n_get'.
from a quick look it does appear to be correct, but I don't know if at the
times those calls occur that a NULL would ever really be returned. So they
could be false positives, but it seems worth reporting just in case :)
Mike
