[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 1/3] lib/regexec: Fix possible null-dereference
From: |
Darren Kenny |
Subject: |
[PATCH 1/3] lib/regexec: Fix possible null-dereference |
Date: |
Fri, 18 Jun 2021 15:44:21 +0000 |
It appears to be possible that the mctx->state_log field may be NULL,
and the name of this function, clean_state_log_if_needed(), suggests
that it should be checking that it is valid to be cleaned before
assuming that it does.
This was originally found during a Coverity scan of GRUB2.
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
---
lib/regexec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/regexec.c b/lib/regexec.c
index 5d4113c9d3ee..2b2ab8e4afd0 100644
--- a/lib/regexec.c
+++ b/lib/regexec.c
@@ -1672,6 +1672,9 @@ clean_state_log_if_needed (re_match_context_t *mctx, Idx
next_state_log_idx)
{
Idx top = mctx->state_log_top;
+ if (mctx->state_log == NULL)
+ return REG_NOERROR;
+
if ((next_state_log_idx >= mctx->input.bufs_len
&& mctx->input.bufs_len < mctx->input.len)
|| (next_state_log_idx >= mctx->input.valid_len
--
2.18.4