find_model_params() is first dereferencing nbuckets when setting
it to 0, and then it checks it for NULL. The NULL-check will never trigger
as if the pointer was NULL, we'd crash when we dereference it.
This commit removes the redundant test, but adds an assert so that we
catch this condition if it ever happens.
---
common/quic.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/common/quic.c b/common/quic.c
index 2cffde5..cef05ae 100644
--- a/common/quic.c
+++ b/common/quic.c
@@ -954,11 +954,13 @@ static void find_model_params(Encoder *encoder,
bsize = *firstsize;
do { /* other buckets */
- if (nbuckets) { /* bucket start */
- bstart = bend + 1;
- } else {
- bstart = 0;
- }
+ /* There used to be some additional code when nbuckets is NULL, but
+ * since we dereference nbuckets a few lines before this loop, we
+ * would have crashed before reaching this test. Adding an assert
+ * for good measure, but this should never trigger */
+ spice_assert(nbuckets != NULL);
+
+ bstart = bend + 1;
if (!--repcntr) { /* bucket size */
repcntr = *repnext;
--
1.8.4.2
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel