notroj / neon

neon - an HTTP/1.1 and WebDAV client library with a C API

https://notroj.github.io/neon/

130 stars 33 forks source link

Crash in ne_path_escapef #134

Closed janbrummer closed 9 months ago

janbrummer commented 9 months ago

Crash in ne_path_escapef

Environment

neon version: 0.33.0
OS: Fedora 39
SSL library version: OpenSSL 3.1.1

To Reproduce Can't

Debugging output

Program terminated with signal SIGSEGV, Segmentation fault.
#0  ne_path_escapef (path=0x0, flags=<optimized out>) at ne_uri.c:497
497     for (pnt = (const unsigned char *)path; *pnt != '\0'; pnt++) {
Missing separate debuginfos, use: dnf debuginfo-install davfs2-1.7.0-3.fc39.x86_64
(gdb) q

pnt isn't checked for NULL before using it.

notroj commented 9 months ago

This is expected, passing NULL is undefined behaviour here, just as strdup(NULL) will fail. I will add the nonnull GCC attribute for the functions though.

janbrummer commented 9 months ago

That will not fix the crash here -.-

notroj commented 9 months ago

Yup, correct - it should be fixed in whatever code is passing ne_path_escape a NULL parameter.

janbrummer commented 9 months ago

Sure, so why is this ticket closed then? I cannot reopen it.

janbrummer commented 9 months ago

497 for (pnt = (const unsigned char )path; pnt && pnt != '\0'; pnt++) { Missing separate debuginfos, use: dnf debuginfo-install davfs2-1.7.0-3.fc39.x86_64 (gdb) bt

0 0x00007f8d73d1b1a8 in ne_path_escapef (path=0x0, flags=) at ne_uri.c:497

1 0x000055b1c692d8d2 in dav_get_collection.constprop ()

2 0x000055b1c692dba6 in dav_lookup.constprop ()

3 0x000055b1c691b641 in main ()

janbrummer commented 9 months ago

I'll fix it at davfs2, thanks.