lib/vector/vlib: Fix possible null pointer dereference #4638
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In the function `Vect_cat_list_to_array`, as part of the execution, if list turns out to not contain any numbers, `cats` internal variable is not changed from NULL. Without checking if `cats` is NULL or not, qsort or first elemnt of it is accessed, which can lead to null pointer dereference. To fix that issue, only access cats if it's not NULL. This issue was found using cppcheck tool. Signed-off-by: Mohan Yelugoti <[email protected]>
github-actions
bot
added
vector
nilason
changed the title
ymdatta
added a commit
to ymdatta/grass
that referenced
this pull request
Nov 27, 2024
Documented each supression issue with comments to distinguish between false positives and true positives awaiting resolution. For the false positives supressions, appropriate information is provided on why those were considered as false positive. True positives will be removed from the suppression file once their corresponding fixes(OSGeo#4702, OSGeo#4638, OSGeo#4500, OSGeo#4499) are merged. Run: `cppcheck --suppressions-list=.cppcheck-supressions <path>` Signed-off-by: Mohan Yelugoti <[email protected]>
ymdatta
added a commit
to ymdatta/grass
that referenced
this pull request
Nov 27, 2024
Documented each suppression issue with comments to distinguish between false positives and true positives awaiting resolution. For the false positives suppressions, appropriate information is provided on why those were considered as false positive. True positives will be removed from the suppression file once their corresponding fixes(OSGeo#4702, OSGeo#4638, OSGeo#4500, OSGeo#4499) are merged. Run: `cppcheck --suppressions-list=.cppcheck-suppressions <path>` Signed-off-by: Mohan Yelugoti <[email protected]>
nilason
reviewed
Dec 3, 2024
| @@ -493,7 +493,7 @@ int Vect_cat_list_to_array(const struct cat_list *list, int **vals, int *nvals) | |||
|
|
|||
| G_debug(1, "Vect_cat_list_to_array()"); | |||
|
|
|||
| *nvals = n_cats = 0; | |||
| *nvals = n_cats = n_ucats = 0; | |||
| cats = NULL; | |||
| for (i = 0; i < list->n_ranges; i++) { | |||
There was a problem hiding this comment.
It seems to me to be a better solution to make an early exit before this for statement, with something like:
if (list->n_ranges <= 0)
return -1;If list->n_ranges is 0 or less, cats and n_cats are never set... and the rest doesn't make any sense.
@metzm Perhaps you may have some insight in this?
There was a problem hiding this comment.
@nilason : Thanks for the review.
But, I am worried that '-1' indicates that something has gone wrong while converting using Vect_cat_list_to_array function, but here there is nothing wrong and it's just that the argument has no elements in it. What do you think about it?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the function
Vect_cat_list_to_array, as part of the execution, if list turns out to not contain any numbers,catsinternal variable is not changed from NULL. Without checking ifcatsis NULL or not, qsort or first elemnt of it is accessed, which can lead to null pointer dereference.To fix that issue, only access cats if it's not NULL.
This issue was found using cppcheck tool.