bug-tar
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential Null pointer dereference in tar 1.35

From: 2ourc3 1er
Subject: Potential Null pointer dereference in tar 1.35
Date: Thu, 21 Sep 2023 11:36:09 +0200
Hi. I was reading the code of wordsplit.c and find something that looks like a null pointer dereference vulnerability. Could you check?
Cheers

static int
coalesce_segment (struct wordsplit *wsp, struct wordsplit_node *node)
{
struct wordsplit_node *p, *end;
size_t len = 0;
char *buf, *cur;
for (p = node; p->flags & _WSNF_JOIN; )
    len += wsnode_len (p);
   

   
//  Value assigned to field 'next'  
p = p->next;
if (!p)
// Assuming 'p' is null
break;

if (p == node)
   

end = p;
buf = malloc (len + 1);
if (!buf)
   
// Assuming 'buf' is non-null  

cur = buf;
p = node;
for (;;)


struct wordsplit_node *next = p->next;
   
// 'next' initialized to a null pointer value  

// Access to field 'next' results in a dereference of a null pointer (loaded from variable 'p')
    const char *str = wsnode_ptr (wsp, p);
    size_t slen = wsnode_len (p);
    memcpy (cur, str, slen);
    cur += slen;
    if (p != node)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]