With curl 7.46.0, in curlx_strtoofft(), there is a check for a null "str" argument, but the remaining lines of the function don't guard against null. Currently, it it would cause a null pointer dereference if str were ever null.
So, either the first condition in this while loop is unnecessary if str can never be null:
while(str && *str && ISSPACE(*str))
Or the remaining code should be changed to handle a null str argument (maybe just an early out at the top of the function would be simplest).
The text was updated successfully, but these errors were encountered:
First, 7.46.0 is really old so we don't really care much how we did back then. But...
The code still has a similar construct. We just don't support a NULL pointer in the first argument so the check for that being non-NULL is completely superfluous. We should perhaps instead make than an assert.