search

gorilla / schema

Package gorilla/schema fills a struct with form values.
https://gorilla.github.io
BSD 3-Clause "New" or "Revised" License
1.39k stars 231 forks source link

Not checking for nil might lead to nil pointer dereference #190

Closed rzajac closed 5 months ago

rzajac commented 2 years ago

https://github.com/gorilla/schema/blob/8285576f31afd6804df356a38883f4fa05014373/encoder.go#L167-L173

The f should be checked for nil before it is used in closure.

zak905 commented 2 years ago

Hi @rzajac, do you have an example that triggers a panic ? I think that if f is nil than v will be nil as well, and therefore the closure will return always "null" value, so f(v.Elem()) statement will not be reached

I tried to trigger the case you mentionned but I was not able to 

func TestNilPointerDeference(t *testing.T) {
    type C struct {
        R int `schema:"R"`
    }

    type B struct {
        C *C `schema:"C"`
    }

    b := B{C: (*C)(nil)}

    encoder := NewEncoder()

    vals := url.Values{}

    if err := encoder.Encode(b, vals); err != nil {
        t.Fatalf(err.Error())
    }
}

The test is passing without errors.

zak905 commented 2 years ago

@elithrar this can be closed I think

jaitaiwan commented 5 months ago

Thanks heaps @zak905 closing

zak905 commented 5 months ago

sure thing!