On Tue, Sep 06, 2016 at 05:10:39PM +0000, Mark Lumsden wrote: > Source Joachim Nilsson: > > Found by Coverity Scan. The popbuf() function iterated over a list to > find a wp pointer, then sent it to showbuffer() which immediately went > ahead and dereferenced it. This patch simply adds a NULL pointer check > before calling showbuffer(), if NULL then just return NULL to callee. > > The missing NULL check is actually referenced in a comment a few lines > earlier in the code. ok? > > -lum >
I tested the diff and that's OK awolk@ with a slight suggestion to also grab the for loop with { } since you are already adding it for the dangling else. > Index: buffer.c > =================================================================== > RCS file: /cvs/src/usr.bin/mg/buffer.c,v > retrieving revision 1.101 > diff -u -p -u -p -r1.101 buffer.c > --- buffer.c 31 Aug 2016 12:22:28 -0000 1.101 > +++ buffer.c 6 Sep 2016 17:04:22 -0000 > @@ -713,12 +713,16 @@ popbuf(struct buffer *bp, int flags) > > while (wp != NULL && wp == curwp) > wp = wp->w_wndp; > - } else > + } else { > for (wp = wheadp; wp != NULL; wp = wp->w_wndp) > if (wp->w_bufp == bp) { > wp->w_rflag |= WFFULL | WFFRAME; > return (wp); > } > + } > + if (!wp) > + return (NULL); > + > if (showbuffer(bp, wp, WFFULL) != TRUE) > return (NULL); > return (wp); >