URL:
  <https://savannah.gnu.org/bugs/?59133>

                 Summary: strdup without error handling in
print.c:do_fprintf()
                 Project: findutils
            Submitted by: x251
            Submitted on: Fri 18 Sep 2020 07:07:33 PM UTC
                Category: find
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
                 Release: 4.7.0
         Discussion Lock: Any
           Fixed Release: None

    _______________________________________________________

Details:

strdup() is called and the resulting pointer is dereferenced without NULL
check:


        case 'h':               /* leading directories part of path */
          /* sanitised */
          {
            char *pname = strdup (pathname);

            /* Remove trailing slashes - unless it's the root '/' directory. 
*/
            char *s = pname + strlen (pname) -1;
            for ( ; pname <= s; s--)


(Reported by Infer)




    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?59133>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/


Reply via email to