diff options
author | Ken Sharp <ken.sharp@artifex.com> | 2022-11-22 11:36:22 +0000 |
---|---|---|
committer | Ken Sharp <ken.sharp@artifex.com> | 2022-11-22 11:36:22 +0000 |
commit | fec8fa30d2fa70e882f415a9b0eb4b70e4bf452b (patch) | |
tree | 6d9f4e0fb26bd16cb4ee7d5feef41d75fa1ad667 /psi | |
parent | aa785c8c7ab620ec9646551196797c930d9a8837 (diff) | |
download | ghostpdl-fec8fa30d2fa70e882f415a9b0eb4b70e4bf452b.tar.gz |
Coverity ID 382008 - NULL pointer derefernce
The pointer dereference is in a memcpy, but I believe that when this
happens (pda->base is NULL) then the input data will have been exhausted
and so 'len' the bytes to copy will always be zero.
While I don't know of any C run-time which will cause an actual problem
with this, it seems sensible to avoid it.
Diffstat (limited to 'psi')
-rw-r--r-- | psi/iscan.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/psi/iscan.c b/psi/iscan.c index 3fc14af41..0a5144619 100644 --- a/psi/iscan.c +++ b/psi/iscan.c @@ -136,7 +136,13 @@ dynamic_save(da_ptr pda) if (len > sizeof(pda->buf)) len = sizeof(pda->buf); - memcpy(pda->buf, pda->base, len); + /* This can happen if we get a /<CR> at the end of a buffer, and the file is + * not at EOF. In this case 'len' will be zero so we don't actually copy any + * bytes. So this is safe on current C run-time libraries, but it's probably + * best to avoid it. Coverity ID C382008 + */ + if (pda->base != NULL) + memcpy(pda->buf, pda->base, len); pda->next = pda->buf + len; pda->base = pda->buf; } |