| Re: [chrony-dev] Alleged out of bounds read in cmdmon.c |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On 08/05/14 12:31, Miroslav Lichvar wrote:
>
> There was a report about issues found by the clang analyzer about a
> year ago, some bugs were confirmed and fixed [1]. With clang-3.4 that
> is currently in Fedora 20, I get 7 bugs reported for 1.30, but they
> all seem to be the old problems from the original report. Please let
> me know if you see anything new.
>
> [1] http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2013/10/msg00011.html
>
These are the ones I still get as well.
Why is the "potential null dereference" in sys_linux.c a false positive? If #365 yields null into pw, it will LOG_FATAL and then continue to fall through to #377 where the call to setgid will deref the still-null pw. No?
thanks!
Holger
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.