[Tarantool-patches] [PATCH] cppcheck: src/lua/fiber.c null pointer dereference

Alexander Turenko alexander.turenko at tarantool.org
Thu Sep 24 12:32:54 MSK 2020


On Thu, Sep 24, 2020 at 02:16:20AM +0300, Alexander Turenko wrote:
> On Mon, Sep 21, 2020 at 08:48:37PM +0300, Sergey Kaplun wrote:
> > Found and fixed possible null pointer dereference with cppcheck:
> > 
> > [src/lua/fiber.c:245] -> [src/lua/fiber.c:217]: (warning) Either the condition 'if(func)' is redundant or there is possible null pointer dereference: func.
> 
> Nit: I think there is nothing bad in carrying one-line non-prose text
> like an error message from some tool. It looks more pretty this way,
> IMHO.
> 
> The first question that comes into my mind: whether the NULL dereference
> may occur before the patch or it is the false positive. It is nice, when
> it is investigated and described right in the commit message.
> 
> In fact it influences how we take the patch: whether it is bugfix or
> refactoring. Bugfixes are usually included into future release notes (it
> is user visible change), but refactoring usually is not.

Aside of this point (and the nit below), the patch is okay. LGTM except
those points.

> 
> > ---
> > 
> > Branch: https://github.com/tarantool/tarantool/tree/skaplun/cppcheck-lua-fiber-possible-null-pointer-dereference
> > 
> >  src/lua/fiber.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/src/lua/fiber.c b/src/lua/fiber.c
> > index 45bc03787..bb6212b24 100644
> > --- a/src/lua/fiber.c
> > +++ b/src/lua/fiber.c
> > @@ -214,7 +214,7 @@ fiber_backtrace_cb(int frameno, void *frameret, const char *func, size_t offset,
> >  {
> >  	struct lua_fiber_tb_ctx *tb_ctx = (struct lua_fiber_tb_ctx *)cb_ctx;
> >  	struct lua_State *L = tb_ctx->L;
> > -	if (strstr(func, "lj_BC_FUNCC") == func) {
> > +	if (func && strstr(func, "lj_BC_FUNCC") == func) {
> 
> Nit: We usually explicitly check against NULL (or 0 for an integer type).

This nit, I meant.

> I was wonder whether 'func' actually can be NULL and found that there is
> no error handling around unw_get_proc_name(). We ignore its return value
> and just return content of our thread local buffer (not NULL).

Moved to https://github.com/tarantool/tarantool/issues/5326


More information about the Tarantool-patches mailing list