bug-bison
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

some callers of symbol_list_n_get might get NULL and crash?


From: Mike Sullivan
Subject: some callers of symbol_list_n_get might get NULL and crash?
Date: Mon, 30 Dec 2013 13:01:08 -0800
User-agent: Mozilla/5.0 (X11; SunOS i86pc; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

I'm looking at updating the bison in Solaris and one of the requirements
is to run an internal tool (parfait) on it to check for problems. It seems
to have found that while symbol_list_n_get() can return NULL, there are
a few callers that just dereference the return value and don't check for that.

Here's the output from a run on 2.7.1, but it looks like 3.0.2 hasn't changed
in that respect:

Error: Null pointer dereference (CWE 476)
   Write to null pointer symbol_list_n_get(effective_rule, n)
at line 798 of components/bison/build/amd64/src/../../../src/scan-code.l in function 'handle_action_dollar'. Function symbol_list_n_get may return constant 'NULL' at line 193, called at line 798. Null pointer introduced at line 193 of components/bison/build/amd64/src/symlist.c in function 'symbol_list_n_get'.
Error: Null pointer dereference (CWE 476)
   Read from null pointer symbol_list_n_get(...)
at line 268 of components/bison/build/amd64/src/reader.c in function 'symbol_should_be_used'. Function symbol_list_n_get may return constant 'NULL' at line 193, called at line 268. Null pointer introduced at line 193 of components/bison/build/amd64/src/symlist.c in function 'symbol_list_n_get'.
Error: Null pointer dereference (CWE 476)
   Read from null pointer symbol_list_n_get(...)
at line 536 of components/bison/build/amd64/src/reader.c in function 'packgram'. Function symbol_list_n_get may return constant 'NULL' at line 193, called at line 536. Null pointer introduced at line 193 of components/bison/build/amd64/src/symlist.c in function 'symbol_list_n_get'.

from a quick look it does appear to be correct, but I don't know if at the
times those calls occur that a NULL would ever really be returned. So they
could be false positives, but it seems worth reporting just in case :)


    Mike



reply via email to

[Prev in Thread] Current Thread [Next in Thread]