On 5/22/19 12:10 PM, Fabiano Fidêncio wrote: > Similarly to the issue fixed by ae52b0fbc, here we're also potentially > passing NULL to unlink(). > > Error: FORWARD_NULL (CWE-476): > osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:332: var_compare_op: Comparing "source_file" to null implies that "source_file" might be null. > osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:374: var_deref_model: Passing null pointer "source_file" to "unlink", which dereferences it. > # 372| g_object_unref(file); > # 373| if (!file_is_native) > # 374|-> unlink(source_file); > # 375| g_free(source_file); > # 376| return ret; > > Signed-off-by: Fabiano Fidêncio <fidencio@xxxxxxxxxx> > --- > tools/osinfo-db-import.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/osinfo-db-import.c b/tools/osinfo-db-import.c > index 11e68ae..675961d 100644 > --- a/tools/osinfo-db-import.c > +++ b/tools/osinfo-db-import.c > @@ -370,7 +370,7 @@ static int osinfo_db_import_extract(GFile *target, > archive_read_free(arc); > if (file) > g_object_unref(file); > - if (!file_is_native) > + if (!file_is_native && source_file != NULL) > unlink(source_file); > g_free(source_file); > return ret; > Reviewed-by: Cole Robinson <crobinso@xxxxxxxxxx> - Cole _______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
