[REVIEW in progress] dereference of a null pointer in xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.cxx
thb at documentfoundation.org
Fri Feb 17 16:26:20 PST 2012
> Here again a message I caught from clang :
> warning: Access to field 'parent' results in a dereference of a null pointer
> (loaded from variable 'pEncryptedData')
> xmlNodePtr pParent = pEncryptedData->parent;
> 1 warning generated.
> By taking a look at the file, we can see that pEncryptedData is never
> initialized in encrypt function (at the contrary of decrypt function).
> Then I took a look at git history and it seems IMHO there has been merge
Nice catch, yeah, seems 7d9c877dc4c8f67007f18a34874c248fb392ddcf
truly messes that function up - my hunch is, probably line 182's
pEncryptedData = pTemplate->getNativeElement() ;
needs to be just moved up before that line 152 (c.f. the decrypt
Code can't have worked in practice, though apparently digital
signatures do make use of it. Will have to punt this until later,
first have to setup some certs to actually be able to sign. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the LibreOffice