bridges/source/net_uno/net_data.cxx | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-)
New commits: commit 8ea8e254a3151f5390f3a10ff156fcaf8e7c5d5c Author: Mike Kaganski <[email protected]> AuthorDate: Wed Sep 17 09:31:41 2025 +0500 Commit: Mike Kaganski <[email protected]> CommitDate: Wed Sep 17 08:23:55 2025 +0200 master_win_analyze: C6011: Dereferencing NULL pointer in bridges It seems that both marshal_data and unmarshal_data are expected to take only non-null argument. Further, the checks were corrected: e.g., rtl_uString_release itself only takes a non-null argument, so *ppUnoStr must be checked before the call, not ppUnoStr. The static analyzer saw that ppUnoStr was checked if it was non-null; and was dereferenced later, outside of the check, unconditionally. The analyzer flagged that as a potential nullptr dereference. It was a useful warning, flagging the actual code problem. Unfortunately, our analyzer build in CI doesn't build DOTNET; I found this locally. Change-Id: I4bcbcd1ce8246835901c6032cae9e8b41a76dbf1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/191060 Tested-by: Jenkins Reviewed-by: Mike Kaganski <[email protected]> diff --git a/bridges/source/net_uno/net_data.cxx b/bridges/source/net_uno/net_data.cxx index 8f91c6315837..1cec51244269 100644 --- a/bridges/source/net_uno/net_data.cxx +++ b/bridges/source/net_uno/net_data.cxx @@ -78,6 +78,9 @@ uno_Sequence* alloc_uno_sequence(sal_Int32 nElements, sal_Int32 nElementSize, vo void marshal_data(void* pUnoData, void* pNetData, typelib_TypeDescriptionReference* pTDRef, Bridge& bridge) { + assert(pUnoData); + assert(pNetData); + switch (pTDRef->eTypeClass) { case typelib_TypeClass_BOOLEAN: @@ -369,6 +372,9 @@ void marshal_data(void* pUnoData, void* pNetData, typelib_TypeDescriptionReferen void unmarshal_data(void* pUnoData, void* pNetData, typelib_TypeDescriptionReference* pTDRef, bool bDestructObject, Bridge& bridge) { + assert(pUnoData); + assert(pNetData); + switch (pTDRef->eTypeClass) { case typelib_TypeClass_BOOLEAN: @@ -390,7 +396,7 @@ void unmarshal_data(void* pUnoData, void* pNetData, typelib_TypeDescriptionRefer rtl_uString** ppUnoStr = static_cast<rtl_uString**>(pUnoData); IntPtr pNetStr = *static_cast<IntPtr*>(pNetData); - if (bDestructObject && ppUnoStr) + if (bDestructObject && *ppUnoStr) rtl_uString_release(*ppUnoStr); *ppUnoStr = nullptr; @@ -408,7 +414,7 @@ void unmarshal_data(void* pUnoData, void* pNetData, typelib_TypeDescriptionRefer = static_cast<typelib_TypeDescriptionReference**>(pUnoData); IntPtr pNetType = *static_cast<IntPtr*>(pNetData); - if (bDestructObject && ppUnoType) + if (bDestructObject && *ppUnoType) typelib_typedescriptionreference_release(*ppUnoType); *ppUnoType = map_net_type_to_uno(OUString(static_cast<String>(pNetType))); @@ -421,7 +427,7 @@ void unmarshal_data(void* pUnoData, void* pNetData, typelib_TypeDescriptionRefer uno_Any* pUnoAny = static_cast<uno_Any*>(pUnoData); Value::Any* pNetAny = static_cast<Value::Any*>(pNetData); - if (bDestructObject && pUnoData) + if (bDestructObject) uno_any_destruct(pUnoAny, nullptr); typelib_TypeDescriptionReference* pValueTDRef @@ -539,7 +545,7 @@ void unmarshal_data(void* pUnoData, void* pNetData, typelib_TypeDescriptionRefer Value::Sequence* pNetSeq = static_cast<Value::Sequence*>(pNetData); TypeDescHolder type(pTDRef); - if (bDestructObject && ppUnoSeq) + if (bDestructObject && *ppUnoSeq) uno_destructData(ppUnoSeq, type.get(), nullptr); typelib_TypeDescriptionReference* pElemTDRef
