On 04/01/2012 12:10 AM, Xu Zhongxing wrote: > I scanned tar 1.26 with my static analysis tool, and found 2 potential bugs. > It is described in attached files. Could anyone take a look at them? Thank > you. >
I didn't look at the first report; although it may be real. Since your first report deals with getopt.c, which is shared code from gnulib, it may be worth reporting this upstream to gnulib and/or glibc (since tar uses gnulib's implementation, but gnulib borrows getopt from glibc). A quick glance at the second report says your tool is over-sensitive: > <event> > <type>Trigger</type> > <location> > <file>argp-help.c</file> > <line>464</line> > </location> > <description>The size passed to malloc() or realloc() is not greater than > 0.</description> > <expr>malloc(sizeof(struct hol_entry) * hol->num_entries)</expr> > </event> We guarantee (via gnulib) that malloc(0) as used in tar will always return a non-NULL pointer (except on ENOMEM error). We see no reason to change tar to guarantee a non-zero size request. -- Eric Blake [email protected] +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
