|
|
9fc0f6 |
From 44d380fa1042c56eee959c8cf8477aa62b8d8a0e Mon Sep 17 00:00:00 2001
|
|
|
9fc0f6 |
From: Stefan Beller <stefanbeller@googlemail.com>
|
|
|
9fc0f6 |
Date: Mon, 30 Dec 2013 17:43:52 +0100
|
|
|
9fc0f6 |
Subject: [PATCH] sleep-config: Dereference pointer before check for NULL
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
This fixes a bug pointed out by http://css.csail.mit.edu/stack/
|
|
|
9fc0f6 |
(Optimization-unstable code)
|
|
|
9fc0f6 |
It is a similar fix as f146f5e159 (2013-12-30, core:
|
|
|
9fc0f6 |
Forgot to dereference pointer when checking for NULL)
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
To explain this bug consider the following similar, but simpler code:
|
|
|
9fc0f6 |
if (!p)
|
|
|
9fc0f6 |
free(*p)
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
Assume the if condition evaluates to true, then we will access *p,
|
|
|
9fc0f6 |
which means the compiler can assume p is a valid pointer, so it could
|
|
|
9fc0f6 |
dereference p and use the value *p.
|
|
|
9fc0f6 |
Assuming p as a valid pointer, !p will be false.
|
|
|
9fc0f6 |
But initally we assumed the condition evaluates to true.
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
By this reasoning the optimizing compiler can deduce, we have dead code.
|
|
|
9fc0f6 |
("The if will never be taken, as *p must be valid, because otherwise
|
|
|
9fc0f6 |
accessing *p inside the if would segfault")
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
This led to an error message of the static code checker, so I checked the
|
|
|
9fc0f6 |
code in question.
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
As we access *modes and *states before the check in the changed line of
|
|
|
9fc0f6 |
this patch, I assume the line to be wrong and we actually wanted to check
|
|
|
9fc0f6 |
for *modes and *states being both non null.
|
|
|
9fc0f6 |
---
|
|
|
9fc0f6 |
src/shared/sleep-config.c | 2 +-
|
|
|
9fc0f6 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
|
|
|
9fc0f6 |
index d76e3ad..b2a0787 100644
|
|
|
9fc0f6 |
--- a/src/shared/sleep-config.c
|
|
|
9fc0f6 |
+++ b/src/shared/sleep-config.c
|
|
|
9fc0f6 |
@@ -94,7 +94,7 @@ int parse_sleep_config(const char *verb, char ***modes, char ***states) {
|
|
|
9fc0f6 |
} else
|
|
|
9fc0f6 |
assert_not_reached("what verb");
|
|
|
9fc0f6 |
|
|
|
9fc0f6 |
- if (!modes || !states) {
|
|
|
9fc0f6 |
+ if (!*modes || !*states) {
|
|
|
9fc0f6 |
strv_free(*modes);
|
|
|
9fc0f6 |
strv_free(*states);
|
|
|
9fc0f6 |
return log_oom();
|