Null pointer dereference?

Null pointer dereference?

[Zubin Mevawalla]

I was curious if this was a real null pointer dereference issue, in
etags.c on line 2265?

`np_parent` is initialized to NULL on 2248. if `np` is not NULL and
`np->fdp == badfdp` then `np_parent->left` on line 2265 would result
in a null pointer dereference.

CodeAi, an automated repair tool being developed at Qbit logic,
suggested a condition tightening as a fix.

diff --git a/lib-src/etags.c b/lib-src/etags.c
index 015cbbe..1f50d06 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -2260,7 +2260,7 @@ invalidate_nodes (fdesc *badfdp, node **npp)
              np_parent = np;
              np = np->left;
            }
-         if (np)
+         if (np_parent && (np))
            {
              np_parent->left = np->left; /* detach subtree from the tree */
              np->left = NULL;            /* isolate it */

Could I submit this as a patch if it looks alright?

Thanks so much,

Zubin

Re: Null pointer dereference?

[Eli Zaretskii]

> From: Zubin Mevawalla <zubinmeva@qbitlogic.com>
> Date: Fri, 12 May 2017 11:45:53 -0400
> 
> I was curious if this was a real null pointer dereference issue, in
> etags.c on line 2265?

I don't think so.

> `np_parent` is initialized to NULL on 2248. if `np` is not NULL and
> `np->fdp == badfdp` then `np_parent->left` on line 2265 would result
> in a null pointer dereference.

np->fdp == badfdp cannot happen the first time the loop condition is
tested, because np was initialized to point to super_root, and
super_root.fdp was initialized to -1, which can never be equal to
badfdp.

Thanks.