Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Potential Null dereference #172

Closed
ManSoSec opened this issue Dec 11, 2019 · 2 comments
Closed

Potential Null dereference #172

ManSoSec opened this issue Dec 11, 2019 · 2 comments
Assignees
@rurban
Labels
fuzzing Intentional illegal input
Milestone
0.10

Comments

@ManSoSec
Copy link

I think a null check on dwg->dwg_class is missing here:

libredwg/src/print.c

Lines 588 to 594 in 785df5f

if (i > 0 && i < (int)dwg->num_classes)
{
klass = &dwg->dwg_class[i];
is_entity = klass ? dwg_class_is_entity (klass) : 0;
}
// properly dwg_decode_object/_entity for eed, reactors, xdic
if (klass && !is_entity)

While it is done here, which is a similar cases:

libredwg/src/free.c

Lines 727 to 732 in 785df5f

if (dwg->dwg_class && i >= 0 && i < (int)dwg->num_classes)
{
klass = &dwg->dwg_class[i];
is_entity = klass ? dwg_class_is_entity (klass) : 0;
}
if (klass && !is_entity)

@rurban rurban self-assigned this Dec 25, 2019
@rurban
Copy link
Contributor

rurban commented Dec 26, 2019

make scan-build complains about 6 of those.

@rurban
Copy link
Contributor

rurban commented Dec 26, 2019

Only with free we could have freed dwg->dwg_class already. Will not happen with print, where num_classes will be 0 then.

@rurban rurban closed this as completed Dec 26, 2019
@rurban rurban added this to the 0.10 milestone Jan 6, 2020
@rurban rurban added the fuzzing Intentional illegal input label Jan 16, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@rurban rurban

Labels
fuzzing Intentional illegal input
Projects
None yet
Milestone
0.10
Development

No branches or pull requests
2 participants
@rurban @ManSoSec