search

aremmell / libsir

The Standard Incident Reporter library: A lightweight, cross-platform library for information distribution.
https://libsir.rml.dev/
MIT License
34 stars 5 forks source link

Potential null pointer dereference in sirfilecache.c:394-395 (branch: syslog) #32

Closed johnsonjh closed 1 year ago

johnsonjh commented 1 year ago 
            if (!_sir_bittest(sf->opts, SIRO_NOHDR))
                _sirfile_writeheader(sf, SIR_FHBEGIN);
aremmell commented 1 year ago 
if (_sirfile_validate(sf)) {
     sfc->files[sfc->count++] = sf;

     if (!_sir_bittest(sf->opts, SIRO_NOHDR))
          _sirfile_writeheader(sf, SIR_FHBEGIN);

Actualy, that _sirfile_validate checks sf... must be a false positive.

johnsonjh commented 1 year ago

I'll run it with another tool just to see what it says, but possibly so.

aremmell commented 1 year ago

I'm 100% sure:

bool _sirfile_validate(sirfile* sf) {
    return _sir_validptrnofail(sf) && _sir_validptrnofail(sf->f) &&
           _sir_validstrnofail(sf->path) && _sir_validfd(sf->id);
}