GNU bug report logs - #79336
[PATCH] df: fix potential null pointer dereference

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: yubiao hu <huyubiaox <at> gmail.com>
Subject: bug#79336: closed (Re: bug#79336: [PATCH] df: fix potential null
 pointer dereference)
Date: Sat, 30 Aug 2025 17:53:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#79336: [PATCH] df: fix potential null pointer dereference

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 79336 <at> debbugs.gnu.org.

-- 
79336: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=79336
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Pádraig Brady <P <at> draigBrady.com>
To: yubiao hu <huyubiaox <at> gmail.com>, 79336-done <at> debbugs.gnu.org
Subject: Re: bug#79336: [PATCH] df: fix potential null pointer dereference
Date: Sat, 30 Aug 2025 18:52:40 +0100

[Message part 3 (text/plain, inline)]

On 29/08/2025 02:45, yubiao hu wrote:
> * src/df.c (get_dev): Fix potential null pointer dereference
> - Avoid dereferencing stat_file when both device and
>   mount_point are NULL
> - Handle allocation failure for cell when mount_point
>   is NULL

These are valid concerns.
I also see potential null dereferences of device.
The attached patch takes a different approach
by ensuring arguments are initialized earlier.

Marking this as done.

Will push the attached later.

cheers,
Padraig

[df-null-pointers.patch (text/x-patch, attachment)]

[Message part 5 (message/rfc822, inline)]

From: yubiao hu <huyubiaox <at> gmail.com>
To: bug-coreutils <at> gnu.org
Subject: [PATCH] df: fix potential null pointer dereference
Date: Fri, 29 Aug 2025 09:45:46 +0800

* src/df.c (get_dev): Fix potential null pointer dereference
- Avoid dereferencing stat_file when both device and
 mount_point are NULL
- Handle allocation failure for cell when mount_point
 is NULL

---
 src/df.c | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/df.c b/src/df.c
index fe2e0e3..f60319c 100644
--- a/src/df.c
+++ b/src/df.c
@@ -1050,7 +1050,7 @@ get_dev (char const *device, char const
*mount_point, char const *file,
         }
       else
         {
-          error (0, errno, "%s", quotef (stat_file));
+          error (0, errno, "%s", quotef (stat_file ? stat_file : "-"));
           exit_status = EXIT_FAILURE;
           return;
         }
@@ -1215,17 +1215,23 @@ get_dev (char const *device, char const
*mount_point, char const *file,
           break;

         case TARGET_FIELD:
+          {
+            if (! mount_point) {
+              cell = xstrdup ("-");
+              break;
+            }
 #ifdef HIDE_AUTOMOUNT_PREFIX
-          /* Don't print the first directory name in MOUNT_POINT if it's an
-             artifact of an automounter.  This is a bit too aggressive to be
-             the default.  */
-          if (STRNCMP_LIT (mount_point, "/auto/") == 0)
-            mount_point += 5;
-          else if (STRNCMP_LIT (mount_point, "/tmp_mnt/") == 0)
-            mount_point += 8;
+            /* Don't print the first directory name in MOUNT_POINT if it's an
+              artifact of an automounter.  This is a bit too aggressive to be
+              the default.  */
+            if (STRNCMP_LIT (mount_point, "/auto/") == 0)
+              mount_point += 5;
+            else if (STRNCMP_LIT (mount_point, "/tmp_mnt/") == 0)
+              mount_point += 8;
 #endif
-          cell = xstrdup (mount_point);
-          break;
+            cell = xstrdup (mount_point);
+            break;
+          }

         case INVALID_FIELD:
         default:
-- 
2.33.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.