search

OpenKinect / libfreenect

Drivers and libraries for the Xbox Kinect device on Windows, Linux, and OS X
http://openkinect.org
3.55k stars 1.15k forks source link

Possible NULL pointer dereference on freenect_select_subdevices?? #627

Closed ycaibb closed 3 years ago

ycaibb commented 3 years ago

Dear developers: Our tool reports a NULL pointer dereference on this method freenect_select_subdevices where ctx may be NULL. It may a false positive, thank you for your confirmation.

FREENECTAPI void freenect_select_subdevices(freenect_context *ctx, freenect_device_flags subdevs)
{
    ctx->enabled_subdevices = ...; // ctx may be null
}

The method is invoked here.

static void init_thread(void)
{
    thread_running = 1;
    freenect_init(&ctx, 0); // store null to ctx.
    freenect_select_subdevices(ctx, (freenect_device_flags)(FREENECT_DEVICE_MOTOR | FREENECT_DEVICE_CAMERA));
    pthread_create(&thread, NULL, init, NULL);
}

This method store NULL to ctx on here.

FREENECTAPI int freenect_init(freenect_context **ctx, freenect_usb_context *usb_ctx)
{
    int res;

    *ctx = (freenect_context*)malloc(sizeof(freenect_context));
    if (*ctx == NULL)
        return -1;

    memset(*ctx, 0, sizeof(freenect_context));

    (*ctx)->log_level = LL_NOTICE;
    (*ctx)->enabled_subdevices = (freenect_device_flags)(FREENECT_DEVICE_MOTOR | FREENECT_DEVICE_CAMERA);
    res = fnusb_init(&(*ctx)->usb, usb_ctx);
    if (res < 0) {
        free(*ctx);
        *ctx = NULL;
    }
    return res;
}