[PATCH] tofu: fix null pointer dereference.
bjk at luxsci.net
Wed Jul 20 01:16:09 CEST 2016
On Tue, Jul 19, 2016 at 10:55:16AM +0200, Justus Winter wrote:
> Hi Ben :)
> did you actually see this crash or are you fixing a compiler or static
> analyzer warning? Because...
Yeah, saw this crash.
> * Thus, count > DB_CACHE_ENTRIES, and
> int skip = DB_CACHE_ENTRIES - count;
> * skip < 0.
int skip = count - DB_CACHE_ENTRIES;
while (old_head && --skip > 0)
may fix it, but in my case old_head is aways NULL and is to the initial
db_cache near the start of the function.
> > while (-- skip > 0)
> > old_head = old_head->next;
> Which means it doesn't crash here (that was my first thought).
> > - *old_head->prevp = NULL;
> > + if (old_head)
> > + *old_head->prevp = NULL;
> > while (old_head)
> But it also means that we will never free a handle in this case. Which
> means while your patch fixes a crash, the code still doesn't work in
> that case. Care to fix it?
I'll leave it to you or someone else to fix it but if you need more
information I'd be glad to give it to you.
BTW, the command line I am using is:
gpg --list-keys --with-colons --fixed-list-mode --with-fingerprint
with 'trust-model' set to tofu+pgp in gpg.conf.
More information about the Gnupg-devel