automated cppcheck for gnupg

Werner Koch wk at
Wed Apr 16 09:21:20 CEST 2014

On Tue, 15 Apr 2014 23:35, ekleog at said:

> keeping it private costs virtually nothing. (The null dereference in libassuan
> that Werner said he would fix tomorrow might be specially important,

No it isn't:  The code is similar to this

   ctx = malloc (sizeof *ctx);
   if (!ctx)
         trace_error (ctx->err_source)
         return NULL;

but uses a macro for the tracing.  This is a simple NULL deref which
raises a segv (because for ages OSes do not map the first memory page).
I had to replace a macro with a inline function to avoid double
evaluation of a macro parameter.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list