Re: [Iup-users] CID 210668 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)

Tue, 04 Jun 2019 04:53:54 -0700 

Hi,
I would not be so sure.
If value_len is exactly the size: 2

 if (data[0] == '\"' && data[value_len - 1] == '\"')
            {
              data++;
              value_len -= 2;
              len -= 2;
            }
So, when value_len -= 2; is executed, what is the final size?
value_len is zero and "if (*value_max_size < value_len)" fail!

Best regards,
Ranier Vilela
________________________________________
De: Antonio Scuri <antonio.sc...@gmail.com>
Enviado: terça-feira, 4 de junho de 2019 11:29
Para: IUP discussion list.
Assunto: Re: [Iup-users] CID 210668 (#1 of 1): Explicit null dereferenced 
(FORWARD_NULL)

  If you analyze the calling function that should never fail.



Em ter, 4 de jun de 2019 às 08:24, Ranier VF 
<ranier_...@hotmail.com<mailto:ranier_...@hotmail.com>> escreveu:
Hi,
And what happens if  "if (*value_max_size < value_len)" fail and
realloc is not called?

Best regards,
Ranier Vilela

________________________________________
De: Antonio Scuri <antonio.sc...@gmail.com<mailto:antonio.sc...@gmail.com>>
Enviado: terça-feira, 4 de junho de 2019 11:09
Para: IUP discussion list.
Assunto: Re: [Iup-users] CID 210668 (#1 of 1): Explicit null dereferenced 
(FORWARD_NULL)

  The realloc function does the malloc job. And it will only increase the size 
of the value pointer when necessary.

Best,
Scuri


Em seg, 3 de jun de 2019 às 22:29, Ranier VF 
<ranier_...@hotmail.com<mailto:ranier_...@hotmail.com><mailto:ranier_...@hotmail.com<mailto:ranier_...@hotmail.com>>>
 escreveu:
Hi,
Sorry but can't undestand the logic.
iupmatex_clipboard.c
line 505, call function:

value = iMatrixExStrCopyData(value, &value_max_size, data, value_len);

iMatrixExStrCopyData, call memcpy with value without malloc?

static char* iMatrixExStrCopyData(char* value, int *value_max_size, const char* 
data, int value_len)
{
  if (*value_max_size < value_len)  /* if fail, memcpy destroy memory pointer */
  {
    *value_max_size = value_len+10;
    value = realloc(value, *value_max_size);
  }
  memcpy(value, data, value_len);
  value[value_len] = 0;
  return value;
}

Best regards,
Ranier Vilela

_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net<mailto:Iup-users@lists.sourceforge.net><mailto:Iup-users@lists.sourceforge.net<mailto:Iup-users@lists.sourceforge.net>>
https://lists.sourceforge.net/lists/listinfo/iup-users


_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net<mailto:Iup-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/iup-users


_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/iup-users

Reply via email to