Re: [Iup-users] CID 210668 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)

Tue, 04 Jun 2019 04:53:54 -0700 

Hi,
I would not be so sure.
If value_len is exactly the size: 2

 if (data[0] == '\"' && data[value_len - 1] == '\"')
            {
              data++;
              value_len -= 2;
              len -= 2;
            }
So, when value_len -= 2; is executed, what is the final size?
value_len is zero and "if (*value_max_size < value_len)" fail!

Best regards,
Ranier Vilela
________________________________________
De: Antonio Scuri <[email protected]>
Enviado: terça-feira, 4 de junho de 2019 11:29
Para: IUP discussion list.
Assunto: Re: [Iup-users] CID 210668 (#1 of 1): Explicit null dereferenced 
(FORWARD_NULL)

  If you analyze the calling function that should never fail.



Em ter, 4 de jun de 2019 às 08:24, Ranier VF 
<[email protected]<mailto:[email protected]>> escreveu:
Hi,
And what happens if  "if (*value_max_size < value_len)" fail and
realloc is not called?

Best regards,
Ranier Vilela

________________________________________
De: Antonio Scuri <[email protected]<mailto:[email protected]>>
Enviado: terça-feira, 4 de junho de 2019 11:09
Para: IUP discussion list.
Assunto: Re: [Iup-users] CID 210668 (#1 of 1): Explicit null dereferenced 
(FORWARD_NULL)

  The realloc function does the malloc job. And it will only increase the size 
of the value pointer when necessary.

Best,
Scuri


Em seg, 3 de jun de 2019 às 22:29, Ranier VF 
<[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>>
 escreveu:
Hi,
Sorry but can't undestand the logic.
iupmatex_clipboard.c
line 505, call function:

value = iMatrixExStrCopyData(value, &value_max_size, data, value_len);

iMatrixExStrCopyData, call memcpy with value without malloc?

static char* iMatrixExStrCopyData(char* value, int *value_max_size, const char* 
data, int value_len)
{
  if (*value_max_size < value_len)  /* if fail, memcpy destroy memory pointer */
  {
    *value_max_size = value_len+10;
    value = realloc(value, *value_max_size);
  }
  memcpy(value, data, value_len);
  value[value_len] = 0;
  return value;
}

Best regards,
Ranier Vilela

_______________________________________________
Iup-users mailing list
[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>
https://lists.sourceforge.net/lists/listinfo/iup-users


_______________________________________________
Iup-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/iup-users


_______________________________________________
Iup-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/iup-users

Reply via email to