From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 209.51.188.0/24
X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,
	RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 4B54D1F8C6
	for <normalperson@yhbt.net>; Wed, 11 Aug 2021 07:28:33 +0000 (UTC)
Received: from localhost ([::1]:38382 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>)
	id 1mDifA-0001xz-Di
	for normalperson@yhbt.net; Wed, 11 Aug 2021 03:28:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:49772)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1mDif7-0001xr-Vu
 for bug-gnulib@gnu.org; Wed, 11 Aug 2021 03:28:30 -0400
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:46552)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1mDif6-0005Ev-GN
 for bug-gnulib@gnu.org; Wed, 11 Aug 2021 03:28:29 -0400
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 4C8011600F1;
 Wed, 11 Aug 2021 00:28:27 -0700 (PDT)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id 0DuEjeBHOMcO; Wed, 11 Aug 2021 00:28:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 91C3A1600F3;
 Wed, 11 Aug 2021 00:28:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id pF62rwJrtl5W; Wed, 11 Aug 2021 00:28:26 -0700 (PDT)
Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com
 [172.91.119.151])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 61B7E1600F1;
 Wed, 11 Aug 2021 00:28:26 -0700 (PDT)
Subject: Re: [PATCH 1/3] lib/regexec: Fix possible null-dereference
To: Darren Kenny <darren.kenny@oracle.com>
References: <cover.1624030621.git.darren.kenny@oracle.com>
 <96f2ea78b6ce05f20d2c38fee43ffe87c3ca2664.1624030621.git.darren.kenny@oracle.com>
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
Message-ID: <bc9d25c9-c4b9-d22d-5f9e-be17e9d5dc0a@cs.ucla.edu>
Date: Wed, 11 Aug 2021 00:28:26 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <96f2ea78b6ce05f20d2c38fee43ffe87c3ca2664.1624030621.git.darren.kenny@oracle.com>
Content-Type: multipart/mixed; boundary="------------1AC0EBCBA10599717D693A23"
Content-Language: en-US
Received-SPF: pass client-ip=131.179.128.68; envelope-from=eggert@cs.ucla.edu;
 helo=zimbra.cs.ucla.edu
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, NICE_REPLY_A=-0.001,
 RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnulib>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Cc: bug-gnulib@gnu.org
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: "bug-gnulib" <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>

This is a multi-part message in MIME format.
--------------1AC0EBCBA10599717D693A23
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

On 6/18/21 8:44 AM, Darren Kenny wrote:
> It appears to be possible that the mctx->state_log field may be NULL

How so? I don't see the execution path that would do that.

If you can see how it could happen, please let us know. Otherwise, does 
the attached patch pacify Coverity, and if not why not?

The DEBUG_ASSERT stuff does pacify GCC, as it tells GCC things that GCC 
isn't smart enough to figure out on its own. I hope Coverity can use 
similar advice.

--------------1AC0EBCBA10599717D693A23
Content-Type: text/x-patch; charset=UTF-8;
 name="coverity.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="coverity.diff"

diff --git a/lib/regexec.c b/lib/regexec.c
index 5e4eb497a..f25e00d83 100644
--- a/lib/regexec.c
+++ b/lib/regexec.c
@@ -1674,6 +1674,8 @@ build_sifted_states (const re_match_context_t *mctx, re_sift_context_t *sctx,
 static reg_errcode_t
 clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx)
 {
+  DEBUG_ASSERT (mctx->state_log != NULL);
+
   Idx top = mctx->state_log_top;
 
   if ((next_state_log_idx >= mctx->input.bufs_len

--------------1AC0EBCBA10599717D693A23--