possible NULL pointer dereference

[setharnold]

Hello, I'm giving inih a quick look as part of the Ubuntu main inclusion process. Part of this process is a very quick security review.

Coverity has pointed out that the strcmp() in unittest.c may dereference a null pointer -- given the printf() lines above try to account for a null pointer, it seems plausible.

inih/tests/unittest.c

Line 45 in cb55f57

return strcmp(name, "user")==0 && strcmp(value, "parse_error")==0 ? 0 : 1;

Of course this is a test suite and if it dies with a segfault, that might be better than papering over an error here. What do you think about adding a non-null assert in this function to declare that it's impossible? I think that would placate coverity and be noisy about this kind of failure.

Thanks

[benhoyt]

Thanks @setharnold (and hi fellow Canonical employee :-). Just pushed a fix for this. This can actually happen if INI_ALLOW_NO_VALUE is set and the line has no value (a combination which didn't occur in the current test files, but worth checking anyway). Thanks.

Want me to tag a new release? (r54)

[setharnold]

Hello Ben, no, no need for a new release for this. Thanks for the quick turnaround :)