[Mesa-dev] mesa-dev Digest, Vol 42, Issue 98
Timothy Arceri
t_arceri at yahoo.com.au
Wed Sep 11 21:22:14 PDT 2013
>Date: Wed, 11 Sep 2013 18:27:43 -0700
>
>From: Vinson Lee <vlee at freedesktop.org>
>To: mesa-dev at lists.freedesktop.org
>Subject: [Mesa-dev] [PATCH] mesa: Return nonzero length only if memcpy
> occurs.
>Message-ID: <1378949263-18169-1-git-send-email-vlee at freedesktop.org>
>
>Fixes "Dereference after null check" reported by Coverity.
>
>Signed-off-by: Vinson Lee <vlee at freedesktop.org>
>---
>src/mesa/main/objectlabel.c | 3 +--
>1 file changed, 1 insertion(+), 2 deletions(-)
>
>diff --git a/src/mesa/main/objectlabel.c b/src/mesa/main/objectlabel.c
>index 90d9e09..e34df13 100644
>--- a/src/mesa/main/objectlabel.c
>+++ b/src/mesa/main/objectlabel.c
>@@ -92,10 +92,9 @@ copy_label(char **labelPtr, char *label, int *length, int bufSize)
>{
> int labelLen = 0;
>
>- if (*labelPtr)
>+ if (label && *labelPtr) {
> labelLen = strlen(*labelPtr);
>
>- if (label) {
> if (bufSize <= labelLen)
> labelLen = bufSize-1;
>
>--
>1.8.3.2
Hi Vinson,
Maybe you might want to also add the below quotes from the spec but I think you need to leave the two if statements (I thought I had fixed up this NULL check but obviously I didnt).
I think the correct code is (although I can't test this just yet):
if (label) {
+ if (*labelPtr) {
if (bufSize <= labelLen)
labelLen = bufSize-1; memcpy(label, *labelPtr, labelLen);
+ }
label[labelLen] = '\0';
"If no debug label was specified for the object then <label> will contain a null-terminated empty string, and zero will be returned in <length>. If <label> is NULL and <length> is non-NULL then no string will be returned and the length of the label will be returned in <length>."
Thanks,
Tim
More information about the mesa-dev
mailing list