confile: pointer 'retv' is dereferenced. #2364
Conversation
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
|
This pull request didn't trigger Jenkins as its author isn't in the whitelist. An organization member must perform one of the following:
Those commands are simple Github comments of the format: "jenkins: COMMAND" |
|
jenkins: test this please |
| inlen = 0; | ||
| else | ||
| memset(retv, 0, inlen); | ||
| return -1; |
There was a problem hiding this comment.
The idea is that users can pass in NULL for retv in which case we report back the number of bytes that need to be allocated for the config item in question to be retrieved, i.e.:
/*!
* \brief Retrieve the value of a config item.
*
* \param c Container.
* \param key Name of option to get.
* \param[out] retv Caller-allocated buffer to write value of \p key
* into (or \c NULL to determine length of value).
* \param inlen Length of \p retv (may be zero).
*
* \return Length of config items value, or < 0 on error.
*
* \note The caller can (and should) determine how large a buffer to allocate for
* \p retv by initially passing its value as \c NULL and considering the return value.
* This function can then be called again passing a newly-allocated suitably-sized buffer.
* \note If \p retv is NULL, \p inlen is ignored.
* \note If \p inlen is smaller than required, nothing will be written to \p retv and still return
* the length of config item value.
*/
int (*get_config_item)(struct lxc_container *c, const char *key, char *retv, int inlen);
Your change would break this use-case. :)
There was a problem hiding this comment.
Yes, you are right. However, As far as I know, C99 allows str to be null but SUSv2 is not.
Anyway, thanks for your review.
There was a problem hiding this comment.
@2xsec, ah, I see what you're getting at here. Let me think for a sec.
There was a problem hiding this comment.
Actually, SUSv2 specifies a return value less than 1 so it should be safe but we can improve this a little.
There was a problem hiding this comment.
SUSv2 shouldn't be in use anymore but we can make it safe by passing in a non-null buffer but 0 as size.
There was a problem hiding this comment.
OK, I'll try to make it.
There was a problem hiding this comment.
Oh, sorry I jumped the gun in #2365. :) I wait for your comment next time. :)
|
Closed in favor of #2365. Thanks! |
Hello,
If 'retv' pointer is null, snprintf can derefernce a null pointer.
snprintf allows null pointer with length = 0. In case of this, calling snprintf and other codes are inefficient.
Signed-off-by: Donghwa Jeong dh48.jeong@samsung.com