Potential segfault introduced in cache_cf.cc

From: Michael Mueller <mmueller_at_vigilantsw.com>
Date: Fri, 24 Sep 2010 07:24:15 -0400

Hi all,

I'm working on a C++ static analyzer (Vigilant Sentry), and squid
is one of my test subjects. I've been analyzing squid nightly, and
last night a new defect was reported in trunk, src/config_cf.cc:

static bool
parseNamedIntList(const char *data, const String &name, Vector<int> &list)
{
    if (data && (strncmp(data, name.rawBuf(), name.size()) == 0)) {
        /* Edited for brevity */
    }
    return *data == '\0';
}

This function (added yesterday) tests 'data' for NULL, but dereferences
it without a test for NULL later. If 'data' really can be NULL, this
will cause a crash. Figured someone might want to take a look.

Mike

-- 
Mike Mueller
Phone: (401) 623-8600 x111
Email: mmueller_at_vigilantsw.com
http://www.vigilantsw.com/
Received on Sat Sep 25 2010 - 00:28:26 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 28 2010 - 12:00:13 MDT