[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential Null pointer dereference in tar 1.35

From: 2ourc3 1er
Subject: Potential Null pointer dereference in tar 1.35
Date: Thu, 21 Sep 2023 11:36:09 +0200

Hi. I was reading the code of wordsplit.c and find something that looks like a null pointer dereference vulnerability. Could you check?

static int
coalesce_segment (struct wordsplit *wsp, struct wordsplit_node *node)
struct wordsplit_node *p, *end;
size_t len = 0;
char *buf, *cur;
for (p = node; p->flags & _WSNF_JOIN; )
    len += wsnode_len (p);

//  Value assigned to field 'next'  
p = p->next;
if (!p)
// Assuming 'p' is null

if (p == node)

end = p;
buf = malloc (len + 1);
if (!buf)
// Assuming 'buf' is non-null  

cur = buf;
p = node;
for (;;)

struct wordsplit_node *next = p->next;
// 'next' initialized to a null pointer value  

// Access to field 'next' results in a dereference of a null pointer (loaded from variable 'p')
    const char *str = wsnode_ptr (wsp, p);
    size_t slen = wsnode_len (p);
    memcpy (cur, str, slen);
    cur += slen;
    if (p != node)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]