From: Paul Eggert <eggert@cs.ucla.edu>
To: Darren Kenny <darren.kenny@oracle.com>
Cc: Daniel Kiper <daniel.kiper@oracle.com>, bug-gnulib@gnu.org
Subject: Re: [PATCH 1/3] lib/regexec: Fix possible null-dereference
Date: Mon, 23 Aug 2021 13:09:18 -0700 [thread overview]
Message-ID: <92b34c53-aa12-fb5e-19fd-fd0c7015bddf@cs.ucla.edu> (raw)
In-Reply-To: <m2bl5ojx2e.fsf@oracle.com>
On 8/23/21 3:05 AM, Darren Kenny wrote:
> The explanation given by Coverity boils down to:
>
> - In check_matching(), line 1069, there is a test if mctx->state_log !=
> NULL
This line number doesn't match either the current Gnulib version (commit
d3837928885e91c9ddd465240b90a97aa342fda6) nor the version in the current
Grub release (2.06). So I guess you are using some other version of
regexec.c. Could you tell us which one?
> - In transit_state(), there is a call to transit_state_mb() at line
> 2226, which in turn, at line 2497, directly references mctx->state_log
> without first checking if it is NULL.
In the Gnulib version, transit_state calls transit_state_mb only if
state->accept_mb is true, and if the state can accept multibyte
characters then in re_search_internal dfa->has_mb_node must be true,
which means that re_search_internal initializes mctx.state_log to a
nonnull pointer before we get to transit_state.
So I'm not seeing a bug here; it still appears to be a false alarm. If
I'm missing something please let us know.
> The patch we have already satisfies Coverity, once applied
Yes, I can see why the patch would pacify Coverity. However, we
shouldn't add unnecessary code merely to pacify a Coverity false alarm.
> I have not checked if a DEBUG_ASSERT() call, in a path that Coverity isn't
> including anywhere in its analysis would work.
>
> Why do you think an assert in clean_state_log_if_needed() would help?
If you tell Coverity to analyze with -DDEBUG, then adding DEBUG_ASSERT
(X != NULL) should tell Coverity that X must be nonnull at that point.
We can use this method to tell Coverity things that it can't deduce on
its own.
next prev parent reply other threads:[~2021-08-23 20:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-18 15:44 [PATCH 0/3] Some Coverity fixes from GRUB Darren Kenny
2021-06-18 15:44 ` [PATCH 1/3] lib/regexec: Fix possible null-dereference Darren Kenny
2021-08-11 7:28 ` Paul Eggert
2021-08-23 10:05 ` Darren Kenny
2021-08-23 20:09 ` Paul Eggert [this message]
2021-08-24 15:11 ` Darren Kenny
2021-08-24 18:52 ` Paul Eggert
2021-06-18 15:44 ` [PATCH 2/3] lib/argp-help: Fix possible dereference of a NULL state Darren Kenny
2021-06-18 17:36 ` Bruno Haible
2021-06-21 9:32 ` Darren Kenny
2021-06-18 15:44 ` [PATCH 3/3] lib/regexec: Resolve unused variable Darren Kenny
2021-08-11 7:24 ` Paul Eggert
2021-08-23 10:38 ` Darren Kenny
2021-08-23 13:00 ` Bruno Haible
2021-08-23 21:04 ` Paul Eggert
2021-08-06 14:29 ` [PATCH 0/3] Some Coverity fixes from GRUB Darren Kenny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=92b34c53-aa12-fb5e-19fd-fd0c7015bddf@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=bug-gnulib@gnu.org \
--cc=daniel.kiper@oracle.com \
--cc=darren.kenny@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).