GNU bug report logs - #79336
[PATCH] df: fix potential null pointer dereference

Previous Next

Full log

Message #22 received at 79336 <at> debbugs.gnu.org (full text, mbox):

From: yubiao hu <huyubiaox <at> gmail.com>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 79336 <at> debbugs.gnu.org
Subject: Re: bug#79336: [PATCH] df: fix potential null pointer dereference
Date: Mon, 1 Sep 2025 09:58:52 +0800

> On 2025-08-28 18:45, yubiao hu wrote:
>> * src/df.c (get_dev): Fix potential null pointer dereference
>> - Avoid dereferencing stat_file when both device and
>>   mount_point are NULL
>> - Handle allocation failure for cell when mount_point
>>   is NULL
>
> Why is this patch needed? Can you give an example df invocation in which
> mount_point is null there? As far as I can see, that cannot happen.
>
> Did your bug report come from static analysis? If so, which static
> analyzer did you use and how did you use it? Does the attached patch
> pacify your static analyzer?

Yes, this bug was identified via static code analysis. The initial
finding that core dump would occur in `cell = xstrdup (mount_point);`
when mount_point is NULL.

I attempted to inject code to set the mount_point of get_dev() to
NULL, which still results in a core within IS_ABSOLUTE_FILE_NAME.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.