[REVIEW in progress] dereference of a null pointer in xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.cxx

Thorsten Behrens thb at documentfoundation.org
Fri Feb 17 16:26:20 PST 2012


julien2412 wrote:
> Here again a message I caught from clang :
> /home/julien/compile-libreoffice/libo/xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.cxx:152:26:
> warning: Access to field 'parent' results in a dereference of a null pointer
> (loaded from variable 'pEncryptedData')
>     xmlNodePtr pParent = pEncryptedData->parent;
>                          ^~~~~~~~~~~~~~
> 1 warning generated.
> 
> By taking a look at the file, we can see that pEncryptedData is never
> initialized in encrypt function (at the contrary of decrypt function).
> Then I took a look at git history and it seems IMHO there has been merge
> confusion.
> 
Nice catch, yeah, seems 7d9c877dc4c8f67007f18a34874c248fb392ddcf
truly messes that function up - my hunch is, probably line 182's 

 pEncryptedData = pTemplate->getNativeElement() ;

needs to be just moved up before that line 152 (c.f. the decrypt
function).

Code can't have worked in practice, though apparently digital
signatures do make use of it. Will have to punt this until later,
first have to setup some certs to actually be able to sign. ;)

Cheers,

-- Thorsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120218/9bbd0aa8/attachment.pgp>


More information about the LibreOffice mailing list