On 11 September 2015 at 10:45, Felipe Sateler <fsateler at debian.org> wrote:
> On 11 September 2015 at 08:20, Tanu Kaskinen <tanuk at iki.fi> wrote:
>> On Thu, 2015-09-10 at 21:42 -0300, Felipe Sateler wrote:
>>> Found by coverity
>>> ---
>>> src/pulse/util.c | 5 ++++-
>>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/pulse/util.c b/src/pulse/util.c
>>> index 305673f..e4e8207 100644
>>> --- a/src/pulse/util.c
>>> +++ b/src/pulse/util.c
>>> @@ -311,8 +311,11 @@ char *pa_get_fqdn(char *s, size_t l) {
>>> hints.ai_family = AF_UNSPEC;
>>> hints.ai_flags = AI_CANONNAME;
>>>
>>> - if (getaddrinfo(hn, NULL, &hints, &a) < 0 || !a || !a
>>> ->ai_canonname || !*a->ai_canonname)
>>> + if (getaddrinfo(hn, NULL, &hints, &a) < 0 || !a || !a
>>> ->ai_canonname || !*a->ai_canonname) {
>>> + if (a)
>>> + freeaddrinfo(a);
>>> return pa_strlcpy(s, hn, l);
>>> + }
>>
>> I don't know if getaddrinfo() is guaranteed to always initialize a, but
>> if not, this code may access a while it's uninitialized. I think we
>> should initialize a to NULL.
>
> My man pages do not say anything about this. So this seems like a sane
> thing to do anyway, or split the check in two: successful getaddrinfo
> and canonname is set.
I just realized my manpage doesn't say anything about the sign of the
return codes. So the check is bad, (which is why I suspect there was
the extra !a check, and has been there since the beginning).
--
Saludos,
Felipe Sateler
