[3/6] libsemanage: never call memcpy with a NULL value

Commit Message

William Roberts Feb. 28, 2017, 4:05 a.m. UTC

On Feb 27, 2017 2:16 PM, "William Roberts" <bill.c.roberts@gmail.com> wrote:



On Feb 27, 2017 12:42, "Nicolas Iooss" <nicolas.iooss@m4x.org> wrote:

clang's static analyzer reports "Argument with 'nonnull' attribute
passed null" in append_str(), because argument t may be NULL but is used
in a call to memcpy().

Make append_str() do nothing when called with t=NULL.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsemanage/src/semanage_store.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)



I guess since s and t lengths come from strlen() and the architectures we
worry about running code on, overflowing would be pretty impossible here.


        if (new_s == NULL) {
                return NULL;
        }
--
2.11.1

Patch

diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_sto
re.c
index f468faba4b64..47ec93185e06 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -1194,8 +1194,14 @@  static char *append(char *s, char c)
 static char *append_str(char *s, const char *t)
 {
        size_t s_len = (s == NULL ? 0 : strlen(s));
-       size_t t_len = (t == NULL ? 0 : strlen(t));
-       char *new_s = realloc(s, s_len + t_len + 1);
+       size_t t_len;
+       char *new_s;
+
+       if (t == NULL) {
+               return s;
+       }
+       t_len = strlen(t);
+       new_s = realloc(s, s_len + t_len + 1);


Overflow possibility here?