id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc
165,parser.c can possibly dereference NULL pointer,anonymous,xi,"The following code is called in several locations in parser.c

 if (first) {
        token = PEEK_TOKEN(parser);
        if (!PUSH(parser, parser->marks, token->start_mark))
            return 0;
        SKIP_TOKEN(parser);
    }

PEEK_TOKEN is defined as
((parser->token_available || yaml_parser_fetch_more_tokens(parser)) ?       \
        parser->tokens.head : NULL)
which can return NULL. This suggests that token->start_mark could cause a segfault if token is NULL.

This is hypothetical only and the checks in PEEK_TOKEN may render the situation impossible.

Output from clang --analyze parser.c below giving line numbers. 

parser.c:733:14: warning: Dereference of null pointer
        if (!PUSH(parser, parser->marks, token->start_mark))
             ^
parser.c:733:49: note: instantiated from:
        if (!PUSH(parser, parser->marks, token->start_mark))
                                                ^
parser.c:842:14: warning: Dereference of null pointer
        if (!PUSH(parser, parser->marks, token->start_mark))
             ^
parser.c:842:49: note: instantiated from:
        if (!PUSH(parser, parser->marks, token->start_mark))
                                                ^
parser.c:959:14: warning: Dereference of null pointer
        if (!PUSH(parser, parser->marks, token->start_mark))
             ^
parser.c:959:49: note: instantiated from:
        if (!PUSH(parser, parser->marks, token->start_mark))
                                                ^
parser.c:1111:14: warning: Dereference of null pointer
        if (!PUSH(parser, parser->marks, token->start_mark))
             ^
parser.c:1111:49: note: instantiated from:
        if (!PUSH(parser, parser->marks, token->start_mark))
                                                ^
",defect,new,low,libyaml,normal,,,