ldap/servers/slapd/back-ldbm/idl_new.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
New commits:
commit 1358e0fc5f75b2e9439d41f84079fd283af436e3
Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com>
Date: Wed Feb 20 17:33:27 2013 -0800
Coverity Fix
13138: Dereference after null check
Fix description: Variable upperkey given to idl_new_range_fetch
could be NULL or its data field could be NULL. That is interpreted
there is no upper bound. This patch adds NULL check for upperkey
and upperkey->data. Also, fixing a compiler warning.
Reviewed by Rich (Thank you!!)
diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c
b/ldap/servers/slapd/back-ldbm/idl_new.c
index 15cab55..2b52f33 100644
--- a/ldap/servers/slapd/back-ldbm/idl_new.c
+++ b/ldap/servers/slapd/back-ldbm/idl_new.c
@@ -415,14 +415,13 @@ idl_new_range_fetch(
time_t curtime;
void *saved_key = NULL;
- if (NEW_IDL_NOOP == *flag_err)
- {
- *flag_err = 0;
+ if (NULL == flag_err) {
return NULL;
}
- if(upperkey == NULL){
- LDAPDebug(LDAP_DEBUG_ANY, "idl_new_range_fetch: upperkey is
NULL\n",0,0,0);
- return ret;
+
+ *flag_err = 0;
+ if (NEW_IDL_NOOP == *flag_err) {
+ return NULL;
}
dblayer_txn_init(li, &s_txn);
if (txn) {
@@ -486,7 +485,7 @@ idl_new_range_fetch(
/* Iterate over the duplicates, amassing them into an IDL */
#ifdef DB_USE_BULK_FETCH
while (cur_key.data &&
- (upperkey->data ?
+ (upperkey && upperkey->data ?
((operator == SLAPI_OP_LESS) ?
DBTcmp(&cur_key, upperkey, ai->ai_key_cmp_fn) < 0 :
DBTcmp(&cur_key, upperkey, ai->ai_key_cmp_fn) <= 0) :
@@ -575,7 +574,8 @@ idl_new_range_fetch(
#endif
ret = cursor->c_get(cursor, &cur_key, &data,
DB_NEXT_DUP|DB_MULTIPLE);
if (ret) {
- if (DBT_EQ(&cur_key, upperkey)) { /* this is the last key */
+ if (upperkey && upperkey->data && DBT_EQ(&cur_key,
upperkey)) {
+ /* this is the last key */
break;
}
/* First set the cursor (DB_NEXT_NODUP does not take DB_MULTIPLE) */
@@ -596,7 +596,7 @@ idl_new_range_fetch(
}
}
#else
- while (upperkey->data ?
+ while (upperkey && upperkey->data ?
((operator == SLAPI_OP_LESS) ?
DBTcmp(&cur_key, upperkey, ai->ai_key_cmp_fn) < 0 :
DBTcmp(&cur_key, upperkey, ai->ai_key_cmp_fn) <= 0) :
@@ -632,7 +632,8 @@ idl_new_range_fetch(
ret = cursor->c_get(cursor,&cur_key,&data,DB_NEXT_DUP);
count++;
if (ret) {
- if (DBT_EQ(&cur_key, upperkey)) { /* this is the last key */
+ if (upperkey && upperkey->data && DBT_EQ(&cur_key,
upperkey)) {
+ /* this is the last key */
break;
}
DBT_FREE_PAYLOAD(cur_key);
Show replies by date