Opened 7 years ago
Last modified 7 years ago
#16835 new defect
rtlogFlush: Potential null pointer dereference
| Reported by: | ColinIanKing | Owned by: | |
|---|---|---|---|
| Component: | guest control | Version: | VirtualBox 5.1.22 |
| Keywords: | log null pointer dererference | Cc: | |
| Guest type: | all | Host type: | Linux |
Description (last modified by )
Function rtlogFlush() in vboxguest/common/log/log.c performs a paronoid check:
/*
* If the ring buffer is active, the other destinations are only written
* to when the ring buffer is flushed by RTLogFlush().
*/
if ( (pLogger->fDestFlags & RTLOGDEST_RINGBUF)
&& pLogger->pInt
&& pLogger->pInt->pszRingBuf /* paraoia */)
{
rtLogRingBufWrite(pLogger->pInt, pLogger->achScratch, pLogger->offScratch);
pLogger->offScratch = 0; /* empty the buffer. */
}
else ...
This implies that pLogger->pInt could be NULL (even if this is an unlikely paranoid case). In the else path we have the following code that dereferences pLogginer->pInt and hence we may have a NULL pointer deference:
if (pLogger->pInt->pfnFlush)
pLogger->pInt->pfnFlush(pLogger);
I guess this is unlikely, but I think it would be good to correctly sanity check this for this corner case.
Note:
See TracTickets
for help on using tickets.
