[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/3] lib/argp-help: Fix possible dereference of a NULL state

From: Bruno Haible
Subject: Re: [PATCH 2/3] lib/argp-help: Fix possible dereference of a NULL state
Date: Fri, 18 Jun 2021 19:36:55 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-210-generic; KDE/5.18.0; x86_64; ; )

Darren Kenny wrote:
> All other instances of call to __argp_failure() where there is
> a dgettext() call first check whether the valie of state is NULL
> before attempting to dereference it to get the root_argp->argp_domain.
> This was originally found during a Coverity scan of GRUB2.

Thanks. I confirm that that is a possible NULL dereference here. I've
applied your patch.

The notation '(tiny change) is explained in

2021-06-18  Darren Kenny  <darren.kenny@oracle.com>  (tiny change)

        argp: Avoid possible NULL access in argp_help.
        Reported by Coverity. The invocation chain is:
        argp_help -> _help -> fill_in_uparams -> validate_uparams.
        * lib/argp-help.c (validate_uparams): Don't crash if state == NULL.

diff --git a/lib/argp-help.c b/lib/argp-help.c
index 4c89697..80cdb44 100644
--- a/lib/argp-help.c
+++ b/lib/argp-help.c
@@ -147,7 +147,8 @@ validate_uparams (const struct argp_state *state, struct 
uparams *upptr)
       if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
           __argp_failure (state, 0, 0,
-                          dgettext (state->root_argp->argp_domain,
+                          dgettext (state == NULL ? NULL
+                                    : state->root_argp->argp_domain,
 ARGP_HELP_FMT: %s value is less than or equal to %s"),
                           "rmargin", up->name);

reply via email to

[Prev in Thread] Current Thread [Next in Thread]