Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lib/vector/vlib: Fix possible null pointer dereference #4638

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ymdatta
Copy link
Contributor

@ymdatta ymdatta commented Nov 2, 2024

In the function Vect_cat_list_to_array, as part of the execution, if list turns out to not contain any numbers, cats internal variable is not changed from NULL. Without checking if cats is NULL or not, qsort or first elemnt of it is accessed, which can lead to null pointer dereference.

To fix that issue, only access cats if it's not NULL.

This issue was found using cppcheck tool.

In the function `Vect_cat_list_to_array`, as part of the
execution, if list turns out to not contain any numbers,
`cats` internal variable is not changed from NULL. Without
checking if `cats` is NULL or not, qsort or first elemnt of
it is accessed, which can lead to null pointer dereference.

To fix that issue, only access cats if it's not NULL.

This issue was found using cppcheck tool.

Signed-off-by: Mohan Yelugoti <[email protected]>
@github-actions github-actions bot added vector Related to vector data processing C Related code is in C libraries labels Nov 2, 2024
@nilason nilason changed the title lib:vector:vlib: Fix possible null pointer dereference lib/vector/vlib: Fix possible null pointer dereference Nov 5, 2024
@nilason nilason added this to the 8.5.0 milestone Nov 5, 2024
ymdatta added a commit to ymdatta/grass that referenced this pull request Nov 27, 2024
Documented each supression issue with comments to distinguish between
false positives and true positives awaiting resolution.

For the false positives supressions, appropriate information is
provided on why those were considered as false positive.

True positives will be removed from the suppression file once
their corresponding fixes(OSGeo#4702, OSGeo#4638, OSGeo#4500, OSGeo#4499) are merged.

Run:

`cppcheck --suppressions-list=.cppcheck-supressions <path>`

Signed-off-by: Mohan Yelugoti <[email protected]>
ymdatta added a commit to ymdatta/grass that referenced this pull request Nov 27, 2024
Documented each suppression issue with comments to distinguish between
false positives and true positives awaiting resolution.

For the false positives suppressions, appropriate information is
provided on why those were considered as false positive.

True positives will be removed from the suppression file once
their corresponding fixes(OSGeo#4702, OSGeo#4638, OSGeo#4500, OSGeo#4499) are merged.

Run:

`cppcheck --suppressions-list=.cppcheck-suppressions <path>`

Signed-off-by: Mohan Yelugoti <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C Related code is in C libraries vector Related to vector data processing
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants