richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
9fc0f6
From 44d380fa1042c56eee959c8cf8477aa62b8d8a0e Mon Sep 17 00:00:00 2001
9fc0f6
From: Stefan Beller <stefanbeller@googlemail.com>
9fc0f6
Date: Mon, 30 Dec 2013 17:43:52 +0100
9fc0f6
Subject: [PATCH] sleep-config: Dereference pointer before check for NULL
9fc0f6
9fc0f6
This fixes a bug pointed out by http://css.csail.mit.edu/stack/
9fc0f6
(Optimization-unstable code)
9fc0f6
It is a similar fix as f146f5e159 (2013-12-30, core:
9fc0f6
Forgot to dereference pointer when checking for NULL)
9fc0f6
9fc0f6
To explain this bug consider the following similar, but simpler code:
9fc0f6
	if (!p)
9fc0f6
		free(*p)
9fc0f6
9fc0f6
Assume the if condition evaluates to true, then we will access *p,
9fc0f6
which means the compiler can assume p is a valid pointer, so it could
9fc0f6
dereference p and use the value *p.
9fc0f6
Assuming p as a valid pointer, !p will be false.
9fc0f6
But initally we assumed the condition evaluates to true.
9fc0f6
9fc0f6
By this reasoning the optimizing compiler can deduce, we have dead code.
9fc0f6
("The if will never be taken, as *p must be valid, because otherwise
9fc0f6
accessing *p inside the if would segfault")
9fc0f6
9fc0f6
This led to an error message of the static code checker, so I checked the
9fc0f6
code in question.
9fc0f6
9fc0f6
As we access *modes and *states before the check in the changed line of
9fc0f6
this patch, I assume the line to be wrong and we actually wanted to check
9fc0f6
for *modes and *states being both non null.
9fc0f6
---
9fc0f6
 src/shared/sleep-config.c | 2 +-
9fc0f6
 1 file changed, 1 insertion(+), 1 deletion(-)
9fc0f6
9fc0f6
diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
9fc0f6
index d76e3ad..b2a0787 100644
9fc0f6
--- a/src/shared/sleep-config.c
9fc0f6
+++ b/src/shared/sleep-config.c
9fc0f6
@@ -94,7 +94,7 @@ int parse_sleep_config(const char *verb, char ***modes, char ***states) {
9fc0f6
         } else
9fc0f6
                 assert_not_reached("what verb");
9fc0f6
 
9fc0f6
-        if (!modes || !states) {
9fc0f6
+        if (!*modes || !*states) {
9fc0f6
                 strv_free(*modes);
9fc0f6
                 strv_free(*states);
9fc0f6
                 return log_oom();