|
From: | Aymeric Moizard |
Subject: | Re: [osip-dev] Some potential null pointer dereferences in libosip2-4.0.0 |
Date: | Mon, 22 Apr 2013 12:26:55 +0200 |
Hi, all,Recently, I applied a static analysis tool Canalyze to libosip2-4.0.0 (Archive version),and it seems some null dereferences exist in the source code:1. file: osip_authorization.cfunction: osip_authorization_clonedescription:At line 556: i = osip_authorization_init (&au);osip_authorization_init returns OSIP_NOMEM(-4) when the malloc function fails.
At line 557: if (i == -1) /* allocation failed */It would be a mistake to compare i with -1 rather than OSIP_NOMEM.
2. file: osip.cfunction: osip_start_200ok_retransmissionsAt line 182: ixt_init(&ixt)ixt may be NULL.3. file: osip_accessor.cfunction: sdp_message_k_key_setAt line 462: sdp_key_init(&key)key may be NULL4. file: osip_dialog.cfunction: osip_dialog_match_as_uasAt line 239: osip_call_id_to_str (request->call_id, &tmp);tmp may be NULLfunction: osip_dialog_match_as_uacAt line 180: osip_call_id_to_str (answer->call_id, &tmp);tmp may be NULLMost of these bugs are caused by incomplete error handling of allocation failures.Maybe we should improve it.I also sent some memory leak reports to aymeric last year, which were confirmed and listed here.Hope for your replies!Beset Regards,--
Zhenbo Xu
_______________________________________________
osip-dev mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/osip-dev
[Prev in Thread] | Current Thread | [Next in Thread] |