Klocwork 76494 - Null ptr derefs in CERT_FormatName

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

({klocwork})

3.11
3.12
klocwork

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

In file nss/lib/certhigh/certhtml.c, in function CERT_FormatName, 
there are 8 calls to CERT_DecodeAVAValue, each of which returns a pointer.
Immediately following each call, that pointer is derefenced without first
being checked for NULL.  The function can and does occasionally return NULL.

Klockwork IDs 76494, 76496, 76498, 46500, 76502, 76504, 76506, 76508.
Keywords: klocwork
(Assignee)

Comment 1

11 years ago
Created attachment 240386 [details] [diff] [review]
check a pointer for NULL before deref it.
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #240386 - Flags: review?(nelson)
(Reporter)

Comment 2

11 years ago
Comment on attachment 240386 [details] [diff] [review]
check a pointer for NULL before deref it.

r=nelson for trunk
Attachment #240386 - Flags: review?(nelson) → review+
(Assignee)

Comment 3

11 years ago
/cvsroot/mozilla/security/nss/lib/certdb/secname.c,v  <--  secname.c
new revision: 1.20; previous revision: 1.19
/cvsroot/mozilla/security/nss/lib/certhigh/certhtml.c,v  <--  certhtml.c
new revision: 1.7; previous revision: 1.6
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
(Reporter)

Updated

11 years ago
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.