#16835 new defect
rtlogFlush: Potential null pointer dereference
| 回報者: | ColinIanKing | 負責人: | |
|---|---|---|---|
| 元件: | guest control | 版本: | VirtualBox 5.1.22 |
| 關鍵字: | log null pointer dererference | 副本: | |
| Guest type: | all | Host type: | Linux |
描述 (由 作最後更新)
Function rtlogFlush() in vboxguest/common/log/log.c performs a paronoid check:
/*
* If the ring buffer is active, the other destinations are only written
* to when the ring buffer is flushed by RTLogFlush().
*/
if ( (pLogger->fDestFlags & RTLOGDEST_RINGBUF)
&& pLogger->pInt
&& pLogger->pInt->pszRingBuf /* paraoia */)
{
rtLogRingBufWrite(pLogger->pInt, pLogger->achScratch, pLogger->offScratch);
pLogger->offScratch = 0; /* empty the buffer. */
}
else ...
This implies that pLogger->pInt could be NULL (even if this is an unlikely paranoid case). In the else path we have the following code that dereferences pLogginer->pInt and hence we may have a NULL pointer deference:
if (pLogger->pInt->pfnFlush)
pLogger->pInt->pfnFlush(pLogger);
I guess this is unlikely, but I think it would be good to correctly sanity check this for this corner case.
注意:
瀏覽 TracTickets
來幫助您使用待辦事項功能
