Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch
Dear Maintainer,
>From 7e8a88fd854a4c07f9df9c1c14929870d073fdcf Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason <bjarn...@rhi.hi.is>
>Date: Thu, 1 Apr 2021 02:23:54 +0000
>Subject: [PATCH] db.c: add code to account for the case "line == NULL"
Indicated by the compiler option "-fanalyzer":
In function 'readtimfile':
db.c:1427:22: warning: use of NULL 'line' where non-null expected [CWE-690]
[-Wanalyzer-null-argument]
1427 | char *p = strchr(line, ' ');
| ^~~~~~~~~~~~~~~~~
...
In file included from db.c:10:
/usr/include/string.h:226:14: note: argument 1 of 'strchr' must be non-null
226 | extern char *strchr (const char *__s, int __c)
| ^~~~~~
Signed-off-by: Bjarni Ingi Gislason <bjarn...@rhi.hi.is>
---
db.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/db.c b/db.c
index 251be35..257ee5c 100644
--- a/db.c
+++ b/db.c
@@ -1423,9 +1423,13 @@ readtimfile(void)
#endif /* NNTP */
{
- char *line = strkeep(timline, 0, POOL_TIM);
- char *p = strchr(line, ' ');
-
+ char *line = strkeep(timline, 0, POOL_TIM);
+ if (line == NULL) {
+ char *p = NULL;
+ }
+ else {
+ char *p = strchr(line, ' ');
+ }
if (p == NULL)
continue;
*p++ = NUL;
--
2.30.2
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.24-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1),
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
-- debconf information excluded
--
Bjarni I. Gislason
