Hide Forgot
Description of problem: Please check suspicious code in file /shell/hush.c. line 5475: assigning to variable p return value of function strchr, which may be NULL. line 5545: dereferencing potentially NULL variable p. Version-Release number of selected component (if applicable): 1.2.0 Additional info: This defect was not present in current supported version of busybox package.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
(In reply to comment #0) > Description of problem: > > Please check suspicious code in file /shell/hush.c. > line 5475: assigning to variable p return value of function strchr, which may > be NULL. > line 5545: dereferencing potentially NULL variable p. The code in question is: while ((p = strchr(arg, SPECIAL_VAR_SYMBOL)) != NULL) { char first_ch; char *to_be_freed = NULL; const char *val = NULL; #if defined CONFIG_HUSH_TICK o_string subst_result = NULL_O_STRING; #endif #if defined CONFIG_SH_MATH_SUPPORT char arith_buf[sizeof(arith_t)*3 + 2]; #endif o_addblock(output, arg, p - arg); debug_print_list("expand_vars_to_list[1]", output, n); arg = ++p; p = strchr(p, SPECIAL_VAR_SYMBOL); ... ... ... arg = ++p; } /* end of "while (SPECIAL_VAR_SYMBOL is found) ..." */ Here we process a "compiled" representation of string, where every $var reference is encoded as <SPECIAL_VAR_SYMBOL>var<SPECIAL_VAR_SYMBOL>. IOW: SPECIAL_VAR_SYMBOL's always appear in pairs here. This is not a bug.