You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I'm giving inih a quick look as part of the Ubuntu main inclusion process. Part of this process is a very quick security review.
Coverity has pointed out that the strcmp() in unittest.c may dereference a null pointer -- given the printf() lines above try to account for a null pointer, it seems plausible.
Of course this is a test suite and if it dies with a segfault, that might be better than papering over an error here. What do you think about adding a non-null assert in this function to declare that it's impossible? I think that would placate coverity and be noisy about this kind of failure.
Thanks
The text was updated successfully, but these errors were encountered:
Thanks @setharnold (and hi fellow Canonical employee :-). Just pushed a fix for this. This can actually happen if INI_ALLOW_NO_VALUE is set and the line has no value (a combination which didn't occur in the current test files, but worth checking anyway). Thanks.
Hello, I'm giving inih a quick look as part of the Ubuntu main inclusion process. Part of this process is a very quick security review.
Coverity has pointed out that the
strcmp()
inunittest.c
may dereference a null pointer -- given theprintf()
lines above try to account for a null pointer, it seems plausible.inih/tests/unittest.c
Line 45 in cb55f57
Of course this is a test suite and if it dies with a segfault, that might be better than papering over an error here. What do you think about adding a non-null assert in this function to declare that it's impossible? I think that would placate coverity and be noisy about this kind of failure.
Thanks
The text was updated successfully, but these errors were encountered: