[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FYI: HEAD: fix slist_remove: return 1st match, NULL deref
|
From: |
Ralf Wildenhues |
|
Subject: |
FYI: HEAD: fix slist_remove: return 1st match, NULL deref |
|
Date: |
Wed, 29 Aug 2007 23:01:21 +0200 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
Hello Libtool patches,
while fixing another issue in libltdl (other mail coming up), I noted
this glitch in slist.c: Inside the for loop in slist_remove, if we
find the item inside the loop to be head->next, head advances by two
->next derefs, and so may be NULL if the matched item was the last one
in the list, so the subsequent loop criterion
head->next != NULL
causes a NULL dereference. Breaking out of the loop in case we found
our result fixes this, and also causes slist_remove to actually return
the first matching item always. This bug is currently not exposed in
libltdl, because our only use of slist_remove is still ineffective ATM
(which is, in effect, the other pending bug).
Cheers,
Ralf
2007-08-29 Ralf Wildenhues <address@hidden>
* libltdl/slist.c (slist_remove): When a matching item is found,
break out of the loop to return the first match; also fixes
possible NULL dereference.
Index: libltdl/slist.c
===================================================================
RCS file: /cvsroot/libtool/libtool/libltdl/slist.c,v
retrieving revision 1.8
diff -u -r1.8 slist.c
--- libltdl/slist.c 25 Mar 2007 12:12:42 -0000 1.8
+++ libltdl/slist.c 29 Aug 2007 20:58:42 -0000
@@ -1,6 +1,6 @@
/* slist.c -- generalised singly linked lists
- Copyright (C) 2000, 2004 Free Software Foundation, Inc.
+ Copyright (C) 2000, 2004, 2007 Free Software Foundation, Inc.
Written by Gary V. Vaughan, 2000
NOTE: The canonical source of this file is maintained with the
@@ -101,6 +101,7 @@
{
stale = head->next;
head->next = stale->next;
+ break;
}
}
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- FYI: HEAD: fix slist_remove: return 1st match, NULL deref,
Ralf Wildenhues <=