In the function switch_dir() in the plugin/sudoers/toke.l file the path variable is initialized to NULL.
The read_dir_files() is then invoked to assign it a value. When this function finishes with an error (goes to oom or bad), no value is assigned to the parameter *pathsp and SIZE_MAX is returned. SIZE_MAX is the equivalent of -1, but is unsigned, so it is a very high positive value.
Function switch_dir() will then check that the result is greater than 0, which will be in case of error because the variable count and the result value are both unsigned, although the equivalent of -1. So we need to check for this particular value explicitly to avoid using path with a NULL value.
This error was found in an AI analysis (Sonnet 4.6) ran by the Fedora Project.
In the function
switch_dir()in theplugin/sudoers/toke.lfile thepathvariable is initialized toNULL.The
read_dir_files()is then invoked to assign it a value. When this function finishes with an error (goes tooomorbad), no value is assigned to the parameter*pathspandSIZE_MAXis returned.SIZE_MAXis the equivalent of-1, but is unsigned, so it is a very high positive value.Function
switch_dir()will then check that the result is greater than0, which will be in case of error because the variable count and the result value are both unsigned, although the equivalent of-1. So we need to check for this particular value explicitly to avoid usingpathwith aNULLvalue.This error was found in an AI analysis (Sonnet 4.6) ran by the Fedora Project.