From 0d3252ba068ff56007d099f9e4ac347789e84071 Mon Sep 17 00:00:00 2001 From: Junbo Zheng Date: Tue, 27 Jun 2023 20:09:58 +0800 Subject: [PATCH] =?UTF-8?q?libs/libc:=20fix=20locale/lib=5Ficonv.c:538:23:?= =?UTF-8?q?=20warning:=20dereference=20of=20NULL=20=E2=80=98scd=E2=80=99?= =?UTF-8?q?=20[CWE-690]=20[-Wanalyzer-null-dereference]=20by=20-fanalyzer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CC: signal/sig_queue.c locale/lib_iconv.c: In function ‘iconv’: locale/lib_iconv.c:538:23: warning: dereference of NULL ‘scd’ [CWE-690] [-Wanalyzer-null-dereference] 538 | if (!scd->state) | ~~~^~~~~~~ ‘iconv’: events 1-5 | | 413 | x = 0; | | ~~^~~ | | | | | (1) ‘scd’ is NULL | 414 | scd = NULL; | 415 | if (((size_t)cd & 1) == 0) | | ~ | | | | | (2) following ‘false’ branch... |...... | 421 | to = extract_to(cd); | | ~~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 428 | if (in == NULL || *in == NULL || *inb == 0) | | ~ ~~~ | | | | | | | (5) ...to here | | (4) following ‘false’ branch (when ‘in’ is non-NULL)... | ‘iconv’: events 6-8 | | 428 | if (in == NULL || *in == NULL || *inb == 0) | | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | | | (7) ...to here | | | (8) following ‘false’ branch... | | (6) following ‘false’ branch... | ‘iconv’: event 9 | |cc1: | (9): ...to here | ‘iconv’: events 10-14 | | 433 | for (; *inb; *in += l, *inb -= l) | | ^~~ | | | | | (10) following ‘true’ branch... | 434 | { | 435 | c = *(FAR unsigned char *)*in; | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here |...... | 438 | switch (type) | | ~~~~~~ | | | | | (12) following ‘case 200:’ branch... |...... | 529 | case UCS2: | | ~~~~ | | | | | (13) ...to here |...... | 538 | if (!scd->state) | | ~~~~~~~~~~ | | | | | (14) dereference of NULL ‘scd’ | locale/lib_iconv.c:565:23: warning: dereference of NULL ‘scd’ [CWE-690] [-Wanalyzer-null-dereference] 565 | if (!scd->state) | ~~~^~~~~~~ ‘iconv’: events 1-5 | | 413 | x = 0; | | ~~^~~ | | | | | (1) ‘scd’ is NULL | 414 | scd = NULL; | 415 | if (((size_t)cd & 1) == 0) | | ~ | | | | | (2) following ‘false’ branch... |...... | 421 | to = extract_to(cd); | | ~~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 428 | if (in == NULL || *in == NULL || *inb == 0) | | ~ ~~~ | | | | | | | (5) ...to here | | (4) following ‘false’ branch (when ‘in’ is non-NULL)... | ‘iconv’: events 6-8 | | 428 | if (in == NULL || *in == NULL || *inb == 0) | | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | | | (7) ...to here | | | (8) following ‘false’ branch... | | (6) following ‘false’ branch... | ‘iconv’: event 9 | |cc1: | (9): ...to here | ‘iconv’: events 10-14 | | 433 | for (; *inb; *in += l, *inb -= l) | | ^~~ | | | | | (10) following ‘true’ branch... | 434 | { | 435 | c = *(FAR unsigned char *)*in; | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here |...... | 438 | switch (type) | | ~~~~~~ | | | | | (12) following ‘case 202:’ branch... |...... | 557 | case UTF_32: | | ~~~~ | | | | | (13) ...to here |...... | 565 | if (!scd->state) | | ~~~~~~~~~~ | | | | | (14) dereference of NULL ‘scd’ | Signed-off-by: Junbo Zheng --- libs/libc/locale/lib_iconv.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/libs/libc/locale/lib_iconv.c b/libs/libc/locale/lib_iconv.c index cdd8179750..1a965a9b86 100644 --- a/libs/libc/locale/lib_iconv.c +++ b/libs/libc/locale/lib_iconv.c @@ -529,6 +529,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb, case UCS2: case UTF_16: { + if (scd == NULL) + { + goto starved; + } + l = 0; if (!scd->state) { @@ -551,6 +556,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb, case UTF_32: { + if (scd == NULL) + { + goto starved; + } + l = 0; if (!scd->state) { @@ -699,6 +709,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb, switch (128 * (c == '$') + d) { + if (scd == NULL) + { + goto starved; + } + case 'B': { scd->state = 0; @@ -733,6 +748,11 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb, goto ilseq; } + if (scd == NULL) + { + goto starved; + } + switch (scd->state) { case 1: