Open YancyLii opened 2 months ago
The documentation of the C API for leveldb, found here, clearly states that all pointer arguments must never be NULL. It is the responsibility of the caller to ensure that they never pass a null pointer to any of the C API functions. Violating this requirement is a programmer error.
Description
The
leveldb_open
function in LevelDB is vulnerable to a null pointer dereference issue, where it directly converts aconst char* name
to astd::string
without null checks. This can lead to astd::logic_error
being thrown ifname
isnullptr
.Steps to Reproduce
leveldb_open
withname
set tonullptr
.std::logic_error
.Expected Behavior
The function should handle
nullptr
inputs gracefully, either by returning an error or by rejecting the operation without crashing.Suggested Fix
Implement a null check before using the
name
variable: