Re: possible NULL dereference bugs in libgtkhtml
- From: "Padraig O'Briain" <Padraig Obriain Sun COM>
- To: gtk-devel-list gnome org, bequw stanford edu
- Subject: Re: possible NULL dereference bugs in libgtkhtml
- Date: Wed, 4 Dec 2002 08:50:28 +0000 (GMT)
Brian,
This probably is not the correct list but as maintainer of gtkhtml2 I will study
your mail. It may be a few days before I get to it.
Padraig
> Hey all,
> First, if this is not the right list of libgtkhtml devel
> discussions, would someone please point me to the appropriate list? The
> following were picked up by an automated checker here at Stanford. They
> were found by looking at were a program checks a variable against NULL
> (meaning that its probably possible) and then latter dereferencing it
> unprotectedly. Consequently many of these reports should (hopefully) be
> either be real bugs (the variable actually could've been NULL), or
> extraneous and possibly misleading snipets of code. Your input on its
> effectiveness would be appreciated since I don't know much about this
> program.
>
>
> >>>>>>>>>>> htmlstyleborder.c:60
> if (border)
> memcpy (result, border, sizeof (HtmlStyleBorder));
> result->refcount = 0;
> if (border->top.color)
> <<<<<<<<<<
> If border ever is NULL, the check is useless because it will dereference
> it in the if test.
>
> This construction happened in these similar places
> htmlstyleinherited.c : 61
> htmlstyleoutline.c : 53
>
>
> >>>>>>>>>> htmlstylebox.c:76
> if (!(style->box && html_length_equals(&style->box->height, height))){
> if (style->box->refcount > 1)
> html_style_set_style_box(style, html_style_box_dup
(st\yle->box));
> html_length_set (&style->box->height, height);
> <<<<<<<<<<
> If style->box ever is NULL (it was checked for) then
> if test will short-circuit right after that. Since the whole thing is
> notted style->box will be derenced in the subsequent if test (and then
> *again* right after that statement). This construction happened a lot so
> I'll just list the places that it happened.
>
> htmlstylebox.c : 66, 76, 86, 96, 107, 118
> htmlstylesurround.c : 61, 71, 81, 91, 101, 111, 121, 131, 141, 151, 161,
> 171
>
> Cheers,
> Brian
>
> ps - If you have comments please make sure I'm included, since I'm not
> subscribed to this list
>
> _______________________________________________
> gtk-devel-list mailing list
> gtk-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/gtk-devel-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
