[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: suspicious code in convert_xml_string_to_value()
From: |
John Darrington |
Subject: |
Re: suspicious code in convert_xml_string_to_value() |
Date: |
Tue, 16 Feb 2010 07:24:33 +0000 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
I think the correct behaviour when text is NULL, is to
set v->f to SYSMIS in the case of numeric variables,
and to the empty string for string variables.
J'
On Mon, Feb 15, 2010 at 03:46:50PM -0800, Ben Pfaff wrote:
The "Clang" static analyzer pointed out that
convert_xml_string_to_value(), in gnumeric-reader.c, contains
some suspicious code. In particular, it checks at the top
whether the 'text' parameter is null, but both branches of the
"if" then depend on 'text' being nonnull. I think that this must
be a bug, but I do not know what the solution should be.
I'm happy to file this as a bug if that is what you want me to
do.
--
"Long noun chains don't automatically imply security."
--Bruce Schneier
--
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://pgp.mit.edu or any PGP keyserver for public key.
signature.asc
Description: Digital signature