-
-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib/vector/vlib: Fix possible null pointer dereference #4638
base: main
Are you sure you want to change the base?
Conversation
In the function `Vect_cat_list_to_array`, as part of the execution, if list turns out to not contain any numbers, `cats` internal variable is not changed from NULL. Without checking if `cats` is NULL or not, qsort or first elemnt of it is accessed, which can lead to null pointer dereference. To fix that issue, only access cats if it's not NULL. This issue was found using cppcheck tool. Signed-off-by: Mohan Yelugoti <[email protected]>
Documented each supression issue with comments to distinguish between false positives and true positives awaiting resolution. For the false positives supressions, appropriate information is provided on why those were considered as false positive. True positives will be removed from the suppression file once their corresponding fixes(OSGeo#4702, OSGeo#4638, OSGeo#4500, OSGeo#4499) are merged. Run: `cppcheck --suppressions-list=.cppcheck-supressions <path>` Signed-off-by: Mohan Yelugoti <[email protected]>
Documented each suppression issue with comments to distinguish between false positives and true positives awaiting resolution. For the false positives suppressions, appropriate information is provided on why those were considered as false positive. True positives will be removed from the suppression file once their corresponding fixes(OSGeo#4702, OSGeo#4638, OSGeo#4500, OSGeo#4499) are merged. Run: `cppcheck --suppressions-list=.cppcheck-suppressions <path>` Signed-off-by: Mohan Yelugoti <[email protected]>
@@ -493,7 +493,7 @@ int Vect_cat_list_to_array(const struct cat_list *list, int **vals, int *nvals) | |||
|
|||
G_debug(1, "Vect_cat_list_to_array()"); | |||
|
|||
*nvals = n_cats = 0; | |||
*nvals = n_cats = n_ucats = 0; | |||
cats = NULL; | |||
for (i = 0; i < list->n_ranges; i++) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems to me to be a better solution to make an early exit before this for statement, with something like:
if (list->n_ranges <= 0)
return -1;
If list->n_ranges
is 0 or less, cats
and n_cats
are never set... and the rest doesn't make any sense.
@metzm Perhaps you may have some insight in this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nilason : Thanks for the review.
But, I am worried that '-1' indicates that something has gone wrong while converting using Vect_cat_list_to_array
function, but here there is nothing wrong and it's just that the argument has no elements in it. What do you think about it?
In the function
Vect_cat_list_to_array
, as part of the execution, if list turns out to not contain any numbers,cats
internal variable is not changed from NULL. Without checking ifcats
is NULL or not, qsort or first elemnt of it is accessed, which can lead to null pointer dereference.To fix that issue, only access cats if it's not NULL.
This issue was found using cppcheck tool.