Ticket #165 (new defect)
parser.c can possibly dereference NULL pointer
| Reported by: | anonymous | Owned by: | xi |
|---|---|---|---|
| Priority: | low | Component: | libyaml |
| Severity: | normal | Keywords: | |
| Cc: |
Description
The following code is called in several locations in parser.c
if (first) {
token = PEEK_TOKEN(parser); if (!PUSH(parser, parser->marks, token->start_mark))
return 0;
SKIP_TOKEN(parser);
}
PEEK_TOKEN is defined as
| yaml_parser_fetch_more_tokens(parser)) ? \ |
parser->tokens.head : NULL)
which can return NULL. This suggests that token->start_mark could cause a segfault if token is NULL.
This is hypothetical only and the checks in PEEK_TOKEN may render the situation impossible.
Output from clang --analyze parser.c below giving line numbers.
parser.c:733:14: warning: Dereference of null pointer
if (!PUSH(parser, parser->marks, token->start_mark))
parser.c:733:49: note: instantiated from:
if (!PUSH(parser, parser->marks, token->start_mark))
parser.c:842:14: warning: Dereference of null pointer
if (!PUSH(parser, parser->marks, token->start_mark))
parser.c:842:49: note: instantiated from:
if (!PUSH(parser, parser->marks, token->start_mark))
parser.c:959:14: warning: Dereference of null pointer
if (!PUSH(parser, parser->marks, token->start_mark))
parser.c:959:49: note: instantiated from:
if (!PUSH(parser, parser->marks, token->start_mark))
parser.c:1111:14: warning: Dereference of null pointer
if (!PUSH(parser, parser->marks, token->start_mark))
parser.c:1111:49: note: instantiated from:
if (!PUSH(parser, parser->marks, token->start_mark))
