Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Potential Bug Detected in string.c #133

Open
xyzxyzaabbcc opened this issue Oct 11, 2023 · 0 comments
Open

Potential Bug Detected in string.c #133

xyzxyzaabbcc opened this issue Oct 11, 2023 · 0 comments

Comments

@xyzxyzaabbcc
Copy link

Hello,

We have developed an automatic vulnerability detector, and it has identified a potential defect in your open source project. Here are the details:

File: string.c Line Number: 27 Method/Function: format

Description of the Issue: My tool detected a potential null dereference bug in the above-mentioned location. This could potentially lead to undefined behavior of vfprintf function.

Here is the relevant code snippet:

FILE *out = open_memstream(&buf, &buflen);

va_list ap;
va_start(ap, fmt);
vfprintf(out, fmt, ap);

Suggested Fix: add a if statement to handle the situation that open_memstream fails and return a NULL value.

I hope this helps improve the project!

Best, xyzxyzaabbcc
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xyzxyzaabbcc