From 753d9dbbdb19df28827e8fdbb36455e1cfd3f52d Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 18 Nov 2021 22:27:20 +0000 Subject: [PATCH 1/3] src/plugins/callbacks.c: drop redundant NULL pointer check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc-12 detects redundant check against array of arrays as: src/plugins/callbacks.c: In function ‘_free_command_help’: src/plugins/callbacks.c:85:26: error: the comparison will always evaluate as ‘true’ for the address of ‘args’ will never be NULL [-Werror=address] 85 | while (help->args[i] != NULL && help->args[i][0] != NULL) { | ^~ In file included from ./src/ui/ui.h:44, from ./src/command/cmd_defs.h:42, from src/plugins/callbacks.c:41: ./src/command/cmd_funcs.h:48:12: note: ‘args’ declared here 48 | gchar* args[128][2]; | ^~~~ --- src/plugins/callbacks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/callbacks.c b/src/plugins/callbacks.c index 92c0a9f4..4a73f15b 100644 --- a/src/plugins/callbacks.c +++ b/src/plugins/callbacks.c @@ -82,7 +82,7 @@ _free_command_help(CommandHelp* help) free(help->desc); i = 0; - while (help->args[i] != NULL && help->args[i][0] != NULL) { + while (help->args[i][0] != NULL) { free(help->args[i][0]); free(help->args[i][1]); i++; From a77a57a6a45ed07c60b31f7cbe977f8e68fadbc8 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 18 Nov 2021 22:28:44 +0000 Subject: [PATCH 2/3] src/plugins/python_api.c: drop redundant NULL pointer check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc-12 detects redundant check against array of arrays as: src/plugins/python_api.c: In function ‘python_api_register_command’: src/plugins/python_api.c:199:31: error: the comparison will always evaluate as ‘true’ for the address of ‘c_arguments’ will never be NULL [-Werror=address] 199 | while (c_arguments[i] != NULL && c_arguments[i][0] != NULL) { | ^~ src/plugins/python_api.c:161:15: note: ‘c_arguments’ declared here 161 | char* c_arguments[args_len == 0 ? 0 : args_len + 1][2]; | ^~~~~~~~~~~ --- src/plugins/python_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/python_api.c b/src/plugins/python_api.c index 8ea54514..2ccd672b 100644 --- a/src/plugins/python_api.c +++ b/src/plugins/python_api.c @@ -196,7 +196,7 @@ python_api_register_command(PyObject* self, PyObject* args) free(c_synopsis[i++]); } i = 0; - while (c_arguments[i] != NULL && c_arguments[i][0] != NULL) { + while (c_arguments[i][0] != NULL) { free(c_arguments[i][0]); free(c_arguments[i][1]); i++; From f0a39a4b660cc27d40288216cb9e5a8611109c56 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 26 Nov 2021 07:51:49 +0000 Subject: [PATCH 3/3] python_api.c: enlarge `c_arguments` array to avoid OOB write Code below explicitly refers past `args_len`th element: c_arguments[args_len][0] = NULL; c_arguments[args_len][1] = NULL; Let's always allocate space for `NULL`. Noticed by Steffen Jaeckel. --- src/plugins/python_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/python_api.c b/src/plugins/python_api.c index 2ccd672b..90e33579 100644 --- a/src/plugins/python_api.c +++ b/src/plugins/python_api.c @@ -158,7 +158,7 @@ python_api_register_command(PyObject* self, PyObject* args) c_synopsis[len] = NULL; Py_ssize_t args_len = PyList_Size(arguments); - char* c_arguments[args_len == 0 ? 0 : args_len + 1][2]; + char* c_arguments[args_len + 1][2]; for (i = 0; i < args_len; i++) { PyObject* item = PyList_GetItem(arguments, i); Py_ssize_t len2 = PyList_Size(item);