|
From: | FB |
Subject: | [bug #59133] strdup without error handling in print.c:do_fprintf() |
Date: | Fri, 18 Sep 2020 15:07:34 -0400 (EDT) |
User-agent: | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 |
URL: <https://savannah.gnu.org/bugs/?59133> Summary: strdup without error handling in print.c:do_fprintf() Project: findutils Submitted by: x251 Submitted on: Fri 18 Sep 2020 07:07:33 PM UTC Category: find Severity: 3 - Normal Item Group: None Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Release: 4.7.0 Discussion Lock: Any Fixed Release: None _______________________________________________________ Details: strdup() is called and the resulting pointer is dereferenced without NULL check: case 'h': /* leading directories part of path */ /* sanitised */ { char *pname = strdup (pathname); /* Remove trailing slashes - unless it's the root '/' directory. */ char *s = pname + strlen (pname) -1; for ( ; pname <= s; s--) (Reported by Infer) _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?59133> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |