|
From: | Paul Eggert |
Subject: | Re: [PATCH v2 02/10] gnulib/regexec: Fix possible null-dereference |
Date: | Tue, 7 Dec 2021 14:38:58 -0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 |
On 12/7/21 09:38, Robbie Harwood wrote:
My*guess* is that Coverity has noticed that `mctx->state_log` is checked against NULL in many other places in that file, and was unable to prove to itself that it couldn't be NULL there too. If that's the case, a DEBUG_ASSERT would presumably do the trick better.
Yes, I can see why Coverity can't deduce the code is safe.I installed the attached patch into Gnulib; it adds a DEBUG_ASSERT which should be a reasonable prophylactic even if we don't use Coverity. I hope this also suffices to pacify Coverity.
I put the DEBUG_ASSERT in a different place, since we shouldn't need to worry about the assertion unless top < next_state_log_idx.
0001-regex-pacify-Coverity-clean_state_log_if_needed.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |