Actions
Bug #6815
openutil/decode-mime: Possible derefernce of nullptr
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Description
There is a PopStack method, which have transitive check for stack->top item and if its not null, curr->next(stack->top->next) field will be used, after that function try to release allocated memory for stack->top->bdef field.
static MimeDecStackNode * PopStack(MimeDecStack *stack)
{
/* Move stack pointer to next item */
MimeDecStackNode *curr = stack->top;
if (curr != NULL) { <---- Check that current top item not null
curr = curr->next;
}
/* Always free alloc'd memory */
SCFree(stack->top->bdef); <---- Free allocated memory for bdef field of top item
/* Now move head to free nodes list */
if (stack->free_nodes_cnt < STACK_FREE_NODES) {
stack->top->next = stack->free_nodes;
stack->free_nodes = stack->top;
stack->free_nodes_cnt++;
} else {
SCFree(stack->top);
}
stack->top = curr;
/* Return a pointer to the top of the stack */
return curr;
}
Current behaviour could lead to dereference of nullptr for cases when stack->top is null
Updated by Alexey Simakov 2 months ago
Honestly, I wasnt unable to found some execution paths to case where stack->top null when calling PopStack happened, so probably there is not direct affection on current functionality, but anyway current behaviour seems incorrect.
Could I count this like issue, or probably there is some background for current behaviour?
Updated by Philippe Antoine about 2 months ago
- Related to Feature #3487: multi-part parser in Rust added
Actions