On Monday 08 October 2012 15:59:04 Peter Stuge wrote:
> Daniel Stenberg wrote:
> >> Also, I don't think that libssh2 needs to validate programmer input. If
> >> someone passes a NULL pointer to a function that is really an error, and
> >> they will then have a problem sooner or later anyway.
> >
> > Is it possibly so that we use that function internally somewhere with a
> > (possibly) NULL argument?
I cannot see any internal use of the function unless you count the examples.
> If yes, then that's what need to be fixed. I suspect that Coverity
> just notices that it is unchecked user input though.
Nope. It spotted that the pointer was dereferenced prior to the NULL check,
which is always a programming mistake:
Error: REVERSE_INULL (CWE-476):
src/channel.c:1486: deref_ptr: Directly dereferencing pointer "channel".
src/channel.c:1489: check_after_deref: Dereferencing "channel" before a null check.
Kamil
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2012-10-08