zh423328 / google-breakpad

Automatically exported from code.google.com/p/google-breakpad
Other
0 stars 0 forks source link

Potential crash places in the code #635

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hello,

I've just checked breakpad sources by a static code analyzer and found 
following places that could be potentially dangerous:

- linked_ptr.h: possible NULL pointer dereference (line 85)

bool depart() {
    if (next_ == this) return true;
    linked_ptr_internal const* p = next_;

    // some check for NULL is needed here, like that:
    if (p == NULL)
        return false;

    while (p->next_ != this) p = p->next_;
    p->next_ = next_;
    return false;
  }

- src\processor\postfix_evaluator-inl.h: possible NULL pointer dereference 
(line 302)

  if (token_stream >> literal && token_stream.peek() == EOF) {
    if (value) {
      *value = literal;

// this IF should go here, but not after the brace
      if (negative)
          *value = -*value;
    }

    return POP_RESULT_VALUE;

  } else {
    if (identifier) {
      *identifier = token;
    }
    return POP_RESULT_IDENTIFIER;
  }

please check these points :)

best regards,
A.Masiuk

Original issue reported on code.google.com by Ars.Mas...@gmail.com on 9 Feb 2015 at 2:00