similar to: Potential NULL pointer dereference

If visit_guest() fails, then it returns a null pointer; later on, free_tree() is called unconditionally on the variables, thus dereferencing null pointers. Thus guard the free_tree() invocations. --- diff/diff.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/diff/diff.c b/diff/diff.c index 5851a1c9c..1f1ab6933 100644 --- a/diff/diff.c +++ b/diff/diff.c @@ -389,8

On 11/03/2017 11:19 AM, Pino Toscano wrote: > If visit_guest() fails, then it returns a null pointer; later on, > free_tree() is called unconditionally on the variables, thus > dereferencing null pointers. > > Thus guard the free_tree() invocations. Would it be any better to teach free_tree() to be more free()-like by being a no-op on NULL? -- Eric Blake, Principal Software

On Fri, Nov 03, 2017 at 12:48:37PM -0500, Eric Blake wrote: > On 11/03/2017 11:19 AM, Pino Toscano wrote: > > If visit_guest() fails, then it returns a null pointer; later on, > > free_tree() is called unconditionally on the variables, thus > > dereferencing null pointers. > > > > Thus guard the free_tree() invocations. > > Would it be any better to teach

comments? allows % ssh host 'tail -f /var/log/messages | grep bla' ^C Index: clientloop.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v retrieving revision 1.86 diff -u -r1.86 clientloop.c --- clientloop.c 24 Oct 2001 19:57:40 -0000 1.86 +++ clientloop.c 29 Oct 2001 19:08:37 -0000 @@ -103,6 +103,8 @@ */ static

I was curious if this was a real null pointer dereference issue in R-devel/src/library/grDevices/src/devPS.c on line 1009? 1000: static type1fontinfo makeType1Font() 1001: { 1002: type1fontinfo font = (Type1FontInfo *) malloc(sizeof(Type1FontInfo)); 1003: /* 1004: * Initialise font->metrics.KernPairs to NULL 1005: * so that we know NOT to free it if we fail to 1006: *

On Wed, Feb 14, 2018 at 1:40 AM, Gustavo A. R. Silva <garsilva at embeddedor.com> wrote: > > Hi all, > > While doing some static analysis I ran into the following piece of code at > drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c:957: > > 957#define node(root, dir) ((root)->head.dir == &vmm->list) ? NULL : > \ > 958 list_entry((root)->head.dir,

On Sep 23, 2013 10:06 PM, "Felipe Pena" <felipensp at gmail.com> wrote: > > Possibly authority variable (initialized with NULL) might be dereferenced when > an arbitrary path (without "//" on it) is supplied to parse_uri() function > > Signed-off-by: Felipe Pena <felipensp at gmail.com> > --- > gpxe/src/core/uri.c | 2 +- > 1 file

On 09/23/2013 06:05 PM, Felipe Pena wrote: > Possibly authority variable (initialized with NULL) might be dereferenced when > an arbitrary path (without "//" on it) is supplied to parse_uri() function > > Signed-off-by: Felipe Pena <felipensp at gmail.com> > --- > gpxe/src/core/uri.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > We should

Possibly authority variable (initialized with NULL) might be dereferenced when an arbitrary path (without "//" on it) is supplied to parse_uri() function Signed-off-by: Felipe Pena <felipensp at gmail.com> --- gpxe/src/core/uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gpxe/src/core/uri.c b/gpxe/src/core/uri.c index 6a1f2e5..4987821 100644 ---

Hi all, While doing some static analysis I ran into the following piece of code at drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c:957: 957#define node(root, dir) ((root)->head.dir == &vmm->list) ? NULL : \ 958 list_entry((root)->head.dir, struct nvkm_vma, head) 959 960void 961nvkm_vmm_unmap_region(struct nvkm_vmm *vmm, struct nvkm_vma *vma) 962{

Here is a patch to implement a handy new feature proposed by John Hardin <johnh at aproposretail.com>. This is his description of the feature: New option for OpenSSH: Delay before exit. Command line option: -S delay Config file option: sleep {delay} Purpose: Wait the specified number of seconds after last traffic before dropping the connection and exiting. If ports are forwarded, this

Here is a patch to implement an exit delay in OpenSSH-3.0.2p1, proposed by John Hardin. This is his description of the feature: New option for OpenSSH: Delay before exit. Command line option: -S delay Config file option: sleep {delay} Purpose: Wait the specified number of seconds after last traffic before dropping the connection and exiting. If ports are forwarded, this causes the ssh client

does somebody like this? Index: Makefile.inc =================================================================== RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v retrieving revision 1.21 diff -u -r1.21 Makefile.inc --- Makefile.inc 30 Oct 2001 20:32:31 -0000 1.21 +++ Makefile.inc 16 Nov 2001 12:07:22 -0000 @@ -10,7 +10,7 @@ CDIAGFLAGS+= -Wmissing-prototypes CDIAGFLAGS+= -Wunused -#DEBUG=-g

As you are now probably aware, the portability team for openssh still has not fixed the hang-on-exit bug in the 2.9.9p2 release. Attached is a patch for 2.9.9p2 that fixes the hang-on-exit bug for Linux systems. It also adds a useful exit delay feature that has also not yet been incorporated into the main sources. For more information, see the SNFS (secure NFS) web page:

Hi, I'm a developer of a static analysis tool canalyze. Recently I applied it to Openssh-6.2p1. It seems some reports are real after by manually checking: 1. Use undefined value file: dispatch.c function: dispatch_run At line 93: type = packet_read_poll_seqnr(&seqnr); seqnr may not be override at file: packet.c function: packet_read_poll_seqnr line 1442 where compat20 is 0. 2. Null

The hang-on-exit bug still hasn't been fixed in OpenSSH-3.0p1... :-( Here again is the patch to fix this bug under Linux, updated for OpenSSH-3.0p1. This has been exhaustively tested for six months now. It also add an exit delay option that can be useful. The patch does not lead to data loss under Linux. Please see the Secure NFS page (SNFS) for further details:

On 05/23/2017 05:12 AM, Gustavo A. R. Silva wrote: > Add null check before dereferencing pointer asyc I've taken the patch into my tree, thanks! Ben. > > Addresses-Coverity-ID: 1397932 > Signed-off-by: Gustavo A. R. Silva <garsilva at embeddedor.com> > --- > drivers/gpu/drm/nouveau/nv50_display.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) >

Add null check before dereferencing pointer asyc Addresses-Coverity-ID: 1397932 Signed-off-by: Gustavo A. R. Silva <garsilva at embeddedor.com> --- drivers/gpu/drm/nouveau/nv50_display.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nv50_display.c b/drivers/gpu/drm/nouveau/nv50_display.c index a766324..052a60a 100644 ---

The variable IV does can be NULL when passed into the function. However, IV is dereferenced in CMP, therefore, IV should be checked before sending it to this macro. This patch adds what is common in other parts of the code but is missing on this particular check. This entire set of patches passed the regression tests on my system. Null dereference bug found by Coverity. Signed-off-by: Kylene

The Coverity checker found that if req was NULL because find_request returned NULL, this resulted in a break from the switch, but req was later dereferenced (look at the last line of this patch). Signed-off-by: Adrian Bunk <bunk@stusta.de> --- linux-2.6.12-rc1-mm2-full/fs/smbfs/request.c.old 2005-03-25 00:45:08.000000000 +0100 +++ linux-2.6.12-rc1-mm2-full/fs/smbfs/request.c 2005-03-25