[rrd-developers] Dereferencing of NULL-pointer in rrd_restore.c (patch attached)
Tobias Oetiker
tobi at oetiker.ch
Mon Apr 2 08:13:25 CEST 2007
Hi Florian,
there has not been put any work into makeing xml2rrd handle
'invalid' input ... if this was to be done, switching to a xml
library (and thus adding another dependency to the code would
certainly be the right thing todo ...
if you are interested into looking at this your are most welcome
... before spending too much time on it though, make sure to post
to the rrd-developers list with an outline of your plans to get
some review ...
cheers
tobi
Today Florian Forster wrote:
> Hi everybody,
>
> I tripped over this bug in rrd_restore.c, function xml2rrd:
> -- 8< --
> eat_tag(&ptr2, "params");
> skip(&ptr2);
> -- >8 --
> This is problematic, because `eat_tag' sets `ptr2' to NULL if the tag
> cannot be found, and `skip' dereferences `ptr2' without checking it
> first.
>
> The attached patch makes `xml2rrd' honor the return value and makes
> `skip' check it's arguments. I have checked the rest of the code only
> very superficially, so there may be similar problems to the one outlined
> above. To be quite honest, by the look of the code I'd be surprised if
> there wasn't.
>
> Have you ever thought about using an XML-library to parse the input? (I
> searched the archives but couldn't find anything appropriate.) I bet the
> code would get a lot smaller and easier to maintain. Also it'd probably
> be possible to get rid of the need to have the tags in a given order.
> (That's what caused the segfault in the first place and bit me in the
> leg just now..)
>
> Regards,
> -octo
> --
> Florian octo Forster
> Hacker in training
> GnuPG: 0x91523C3D
> http://verplant.org/
>
--
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten
http://it.oetiker.ch tobi at oetiker.ch ++41 62 213 9902
More information about the rrd-developers
mailing list