http://bugzilla.novell.com/show_bug.cgi?id=564733 http://bugzilla.novell.com/show_bug.cgi?id=564733#c0 Summary: acl: potential null pointer dereferences Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bphilips@novell.com ReportedBy: jslaby@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- Hi, Stanse found this error in acl of OS 11.2: pointer always points to valid memory here, but checking for not NULL.[ext_acl] acl_t acl_copy_int(const void *buf_p) { const struct __acl *ext_acl = (struct __acl *)buf_p; const struct __acl_entry *ent_p = ext_acl->x_entries, *end_p; <-- loc0 size_t size = ext_acl ? ext_acl->x_size : 0; int entries; acl_obj *acl_obj_p; acl_entry_obj *entry_obj_p; if (!ext_acl || size < sizeof(struct __acl)) { <-- here (*__errno_location ()) = 22; return ((void *)0); } It is because at loc0, ext_acl is already dereferenced. Steps to reproduce: osc co openSUSE:11.2 acl cd openSUSE:11.2/acl tar zxvf acl-2.2.48.src.tar.gz cd acl-2.2.48/ /configure && JOB_FILE=`pwd`/jf make CC=stcc stanse -Xmx3000m -c AutomatonChecker:memory.xml --jobfile jf -g -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.