[Libosinfo] [osinfo-db-tools PATCH v2 1/1] import: Don't call unlink(NULL) in _import_extract()

Fabiano Fidêncio Wed, 22 May 2019 09:12:07 -0700

Similarly to the issue fixed by ae52b0fbc, here we're also potentially
passing NULL to unlink().


Error: FORWARD_NULL (CWE-476):
osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:332: var_compare_op: Comparing 
"source_file" to null implies that "source_file" might be null.
osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:374: var_deref_model: Passing 
null pointer "source_file" to "unlink", which dereferences it.
 #  372|           g_object_unref(file);
 #  373|       if (!file_is_native)
 #  374|->         unlink(source_file);
 #  375|       g_free(source_file);
 #  376|       return ret;

Signed-off-by: Fabiano Fidêncio <[email protected]>
---
 tools/osinfo-db-import.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/osinfo-db-import.c b/tools/osinfo-db-import.c
index 11e68ae..675961d 100644
--- a/tools/osinfo-db-import.c
+++ b/tools/osinfo-db-import.c
@@ -370,7 +370,7 @@ static int osinfo_db_import_extract(GFile *target,
     archive_read_free(arc);
     if (file)
         g_object_unref(file);
-    if (!file_is_native)
+    if (!file_is_native && source_file != NULL)
         unlink(source_file);
     g_free(source_file);
     return ret;
-- 
2.21.0

_______________________________________________
Libosinfo mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/libosinfo

[Libosinfo] [osinfo-db-tools PATCH v2 1/1] import: Don't call unlink(NULL) in _import_extract()

Reply via email to