Learn more about these different git repos.
Other Git URLs
There is potential for dereference of a NULL value in submit-h in two places:
certmonger-0.79.14/src/submit-h.c:264:28: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ctx' 21. certmonger-0.79.14/src/submit-h.c:29: included_from: Included from here. # 262| ctx->result = NULL; # 263| } # 264|-> ctx->ret = curl_easy_perform(ctx->curl); # 265| curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, # 266| &ctx->response_code);
and
1. certmonger-0.79.14/src/submit-h.c:0: scope_hint: In function 'cm_submit_h_run' 2. certmonger-0.79.14/src/submit-h.c:240:24: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ctx' # 238| } # 239| } # 240|-> if (ctx->ctype != NULL) { # 241| header = talloc_asprintf(ctx, "Content-Type: %s", # 242| ctx->ctype);
In reality I think we should just enforce early on that ctx != NULL.
There are also two issues if a talloc() fails:
3. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/dogtag.c:275:29: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'p' where non-null expected 28. certmonger-0.79.14/src/dogtag.c:27: included_from: Included from here. 29. /usr/include/string.h:277:15: note: argument 1 of 'strcspn' must be non-null # 273| return CM_SUBMIT_STATUS_UNCONFIGURED; # 274| } # 275|-> i = strcspn(p, "="); # 276| soptions[num_soptions - 1].name = p; # 277| p[i] = '\0';
Collapse 4. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/dogtag.c:0: scope_hint: In function 'main' 2. certmonger-0.79.14/src/dogtag.c:248:29: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'p' where non-null expected 29. certmonger-0.79.14/src/dogtag.c:27: included_from: Included from here. 30. /usr/include/string.h:277:15: note: argument 1 of 'strcspn' must be non-null # 246| return CM_SUBMIT_STATUS_UNCONFIGURED; # 247| } # 248|-> i = strcspn(p, "="); # 249| aoptions[num_aoptions - 1].name = p; # 250| p[i] = '\0';
Issues related to potential NULL dereference or NULL arguments. Most of these seem to want the conditional to include (arg != NULL) && ...
1. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/submit-d.c:385:21: warning[-Wanalyzer-null-argument]: use of NULL 'v' where non-null expected 88. /usr/include/string.h:446: included_from: Included from here. 89. certmonger-0.79.14/src/submit-d.c:24: included_from: Included from here. 90. /usr/include/strings.h:116:12: note: argument 1 of 'strcasecmp' must be non-null # 383| if (bobj2 != NULL) { # 384| b2 = cm_submit_d_text_node(parent, bobj2); # 385|-> if (strcasecmp(b2, "true") != 0) { # 386| v = NULL; # 387| }
Collapse 2. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/submit-d.c:378:21: warning[-Wanalyzer-null-argument]: use of NULL 'error_code' where non-null expected 71. /usr/include/string.h:446: included_from: Included from here. 72. certmonger-0.79.14/src/submit-d.c:24: included_from: Included from here. 73. /usr/include/strings.h:116:12: note: argument 1 of 'strcasecmp' must be non-null # 376| if (bobj1 != NULL) { # 377| b1 = cm_submit_d_text_node(parent, bobj1); # 378|-> if (strcasecmp(b1, "true") != 0) { # 379| v = NULL; # 380| }
Collapse 3. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/json.c:0: scope_hint: In function 'cm_json_find' 2. certmonger-0.79.14/src/json.c:1141:37: warning[-Wanalyzer-null-argument]: use of NULL 'talloc_strndup(json, path, strcspn(path, "/"))' where non-null expected 22. certmonger-0.79.14/src/json.c:26: included_from: Included from here. 23. /usr/include/stdlib.h:176:17: note: argument 1 of 'strtol' must be non-null # 1139| this = cm_json_get(this, component); # 1140| if (this == NULL) { # 1141|-> l = strtol(component, &end, 10); # 1142| if ((end == NULL) || ((*end != '/') && (*end != '\0')) || (l < 0)) { # 1143| this = NULL;
Collapse 4. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/dogtag.c:275:29: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'p' where non-null expected 28. certmonger-0.79.14/src/dogtag.c:27: included_from: Included from here. 29. /usr/include/string.h:277:15: note: argument 1 of 'strcspn' must be non-null # 273| return CM_SUBMIT_STATUS_UNCONFIGURED; # 274| } # 275|-> i = strcspn(p, "="); # 276| soptions[num_soptions - 1].name = p; # 277| p[i] = '\0';
Collapse 5. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/dogtag.c:0: scope_hint: In function 'main' 2. certmonger-0.79.14/src/dogtag.c:248:29: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'p' where non-null expected 29. certmonger-0.79.14/src/dogtag.c:27: included_from: Included from here. 30. /usr/include/string.h:277:15: note: argument 1 of 'strcspn' must be non-null # 246| return CM_SUBMIT_STATUS_UNCONFIGURED; # 247| } # 248|-> i = strcspn(p, "="); # 249| aoptions[num_aoptions - 1].name = p; # 250| p[i] = '\0';
Collapse 6. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/certext.c:0: scope_hint: In function 'cm_certext_read_eku' 2. certmonger-0.79.14/src/certext.c:504:37: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected 35. certmonger-0.79.14/src/certext.c:40: included_from: Included from here. 61. /usr/include/rpc/netdb.h:42: included_from: Included from here. 62. /usr/include/netdb.h:32: included_from: Included from here. 63. /usr/include/nspr4/prinet.h:55: included_from: Included from here. 64. /usr/include/nspr4/prio.h:19: included_from: Included from here. 65. /usr/include/nss3/certt.h:18: included_from: Included from here. 66. certmonger-0.79.14/src/certext.c:32: included_from: Included from here. 83. /usr/include/nss3/secport.h:45: included_from: Included from here. 84. /usr/include/nss3/seccomon.h:27: included_from: Included from here. 85. /usr/include/nss3/nss.h:34: included_from: Included from here. 86. certmonger-0.79.14/src/certext.c:31: included_from: Included from here. 87. /usr/include/string.h:140:12: note: argument 2 of 'strcmp' must be non-null # 502| #if 1 # 503| /* Yeah, gotta sanity-check myself here. XXX */ # 504|-> if (strcmp(oid_to_string(entry, # 505| oid_from_string(p, # 506| -1,
Collapse 7. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/certext.c:0: scope_hint: In function 'oid_from_string' 2. certmonger-0.79.14/src/certext.c:417:21: warning[-Wanalyzer-null-argument]: use of NULL 'oid' where non-null expected 35. certmonger-0.79.14/src/certext.c:40: included_from: Included from here. 61. /usr/include/nss3/secport.h:45: included_from: Included from here. 62. /usr/include/nss3/seccomon.h:27: included_from: Included from here. 63. /usr/include/nss3/nss.h:34: included_from: Included from here. 64. certmonger-0.79.14/src/certext.c:31: included_from: Included from here. 65. /usr/include/string.h:391:15: note: argument 1 of 'strlen' must be non-null # 415| SECItem *ret; # 416| if (n == -1) { # 417|-> n = strlen(oid); # 418| } # 419| p = PORT_ArenaZAlloc(arena, n + 1);
Collapse 8. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/certext.c:378:36: warning[-Wanalyzer-null-dereference]: dereference of NULL 'oid' 34. certmonger-0.79.14/src/certext.c:40: included_from: Included from here. 58. /usr/include/rpc/netdb.h:42: included_from: Included from here. 59. /usr/include/netdb.h:32: included_from: Included from here. 60. /usr/include/nspr4/prinet.h:55: included_from: Included from here. 61. /usr/include/nspr4/prio.h:19: included_from: Included from here. 62. /usr/include/nss3/certt.h:18: included_from: Included from here. 63. certmonger-0.79.14/src/certext.c:32: included_from: Included from here. # 376| l = 0; # 377| n = 0; # 378|-> for (p = oid->data; p < oid->data + oid->len; p++) { # 379| /* Add seven more bits. */ # 380| l <<= 7;
Collapse 9. Defect type: GCC_ANALYZER_WARNING 1. certmonger-0.79.14/src/certext.c:0: scope_hint: In function 'oid_to_string' 2. certmonger-0.79.14/src/certext.c:378:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 'oid' 35. certmonger-0.79.14/src/certext.c:40: included_from: Included from here. 59. /usr/include/rpc/netdb.h:42: included_from: Included from here. 60. /usr/include/netdb.h:32: included_from: Included from here. 61. /usr/include/nspr4/prinet.h:55: included_from: Included from here. 62. /usr/include/nspr4/prio.h:19: included_from: Included from here. 63. /usr/include/nss3/certt.h:18: included_from: Included from here. 64. certmonger-0.79.14/src/certext.c:32: included_from: Included from here. # 376| l = 0; # 377| n = 0; # 378|-> for (p = oid->data; p < oid->data + oid->len; p++) { # 379| /* Add seven more bits. */ # 380| l <<= 7;
Login to comment on this ticket.