Check if the package is in the mapping hash before trying to update it #65

mgpb · 2017-11-03T21:17:48Z

Hello!

When working with a list of faux packages and using a mapping file, I found that unless every package has a corresponding mapping entry, I get a segfault.

packages.csv:

linux,3.14-myversion,,
bash,4.3.30,,

mapping:

[Mapping]
linux_kernel,3.14 = linux

Result:

bash-4.3# cve-check-tool -M mapping packages.csv 

(cve-check-tool:7): GLib-CRITICAL **: g_strsplit: assertion 'string != NULL' failed
Segmentation fault (core dumped)

As long as I add bash to the mapping file in any way (like bash=bash or foo,3.5=bash), it works as expected. I could reproduce this as far back as 13ec561.

The code makes sure there is a mapping hash but not whether the package is a key in it, so the NULL returned by the lookup is passed to g_strsplit().

I thought g_hash_table_contains() makes sense here since the table and the loop are still using the glib functions, but I also realize you wanted to get away from glib in general, so I could alternatively wrap the stuff in that block with a check that q isn't NULL first if that's preferable..

Otherwise, the lookup returns NULL but is still passed to g_strsplit().

Check if the package is in the mapping hash before trying to update it

a75f7df

Otherwise, the lookup returns NULL but is still passed to g_strsplit().

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check if the package is in the mapping hash before trying to update it #65

Check if the package is in the mapping hash before trying to update it #65

mgpb commented Nov 3, 2017

Check if the package is in the mapping hash before trying to update it #65

Are you sure you want to change the base?

Check if the package is in the mapping hash before trying to update it #65

Conversation

mgpb commented Nov 3, 2017