Sebastian, I have double checked the code, and you are probably right. It is better to put this if-check into the internal scope of "(D->error == GD_E_OK && !match)". Pipeline is passed, so I will upload it into unstable.
Thanks again. Anton Am Mo., 10. Mai 2021 um 22:42 Uhr schrieb Sebastian Ramacher < sramac...@debian.org>: > Control: tags -1 confirmed > > On 2021-05-10 22:35:28, Anton Gladky wrote: > > Control: tags -1 -moreinfo > > > > Hi Sebastian, > > > > Thanks for looking into this issue. Yes, it is intentional. We should > always > > check whether first_raw is NULL or not. > > Then please go ahead. > > Cheers > > > > > I have reproduced the issue in the CI-pipeline [1], and the proposed > patch > > fixes > > the issue [2]: no more segfault, just an error message due to exploit. > > > > [1] https://salsa.debian.org/science-team/libgetdata/-/jobs/1631525 > > [2] https://salsa.debian.org/science-team/libgetdata/-/jobs/1633848 > > > > Anton > > > > > > Am Mo., 10. Mai 2021 um 22:27 Uhr schrieb Sebastian Ramacher < > > sramac...@debian.org>: > > <skip> > > > > > > +--- libgetdata-0.10.0.orig/src/parse.c > > > > ++++ libgetdata-0.10.0/src/parse.c > > > > +@@ -2504,6 +2504,9 @@ char *_GD_ParseFragment(FILE *restrict f > > > > + if (D->error == GD_E_OK && !match) > > > > + first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols, > > > strlen(in_cols[0]), > > > > + NULL, me, 0, 1, &outstring, tok_pos); > > > > ++ if (first_raw == NULL) { > > > > ++ _GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0, > > > NULL); > > > > ++ } > > > > > > Is it intentional that newly addeded if is evaluated in any case or is > > > this patch missing curly brackets for the body of "if (D->error = > > > GD_E_OK && !match)"? > > > > > -- > Sebastian Ramacher >