[Libosinfo] [osinfo-db-tools PATCH v2 1/1] import: Don't call unlink(NULL) in _import_extract()
Fabiano Fidêncio
fidencio at redhat.com
Wed May 22 16:10:23 UTC 2019
Similarly to the issue fixed by ae52b0fbc, here we're also potentially
passing NULL to unlink().
Error: FORWARD_NULL (CWE-476):
osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:332: var_compare_op: Comparing "source_file" to null implies that "source_file" might be null.
osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:374: var_deref_model: Passing null pointer "source_file" to "unlink", which dereferences it.
# 372| g_object_unref(file);
# 373| if (!file_is_native)
# 374|-> unlink(source_file);
# 375| g_free(source_file);
# 376| return ret;
Signed-off-by: Fabiano Fidêncio <fidencio at redhat.com>
---
tools/osinfo-db-import.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/osinfo-db-import.c b/tools/osinfo-db-import.c
index 11e68ae..675961d 100644
--- a/tools/osinfo-db-import.c
+++ b/tools/osinfo-db-import.c
@@ -370,7 +370,7 @@ static int osinfo_db_import_extract(GFile *target,
archive_read_free(arc);
if (file)
g_object_unref(file);
- if (!file_is_native)
+ if (!file_is_native && source_file != NULL)
unlink(source_file);
g_free(source_file);
return ret;
--
2.21.0
More information about the Libosinfo
mailing list