Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
curlx_strtoofft() doesn't fully protect against null "str" argument #1950
With curl 7.46.0, in curlx_strtoofft(), there is a check for a null "str" argument, but the remaining lines of the function don't guard against null. Currently, it it would cause a null pointer dereference if str were ever null.
So, either the first condition in this while loop is unnecessary if str can never be null:
Or the remaining code should be changed to handle a null str argument (maybe just an early out at the top of the function would be simplest).
First, 7.46.0 is really old so we don't really care much how we did back then. But...
The code still has a similar construct. We just don't support a NULL pointer in the first argument so the check for that being non-NULL is completely superfluous. We should perhaps instead make than an assert.