Skip Menu |

This queue is for tickets about the mod_perl CPAN distribution.

Report information
The Basics
Id: 126998
Status: new
Priority: 0/
Queue: mod_perl
People
Owner: Nobody in particular
Requestors: ppisar [...] redhat.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 2.0.10
Fixed in: (no value)

History Show all quoted text
  Thu Aug 30 09:08:13 2018 ppisar [...] redhat.com - Ticket created
Subject: Possible NULL pointer dereferences
Covscan tool identified various places in mod_perl-2.0.10 code the can dereference a NULL pointer. After a reviewing them I believe these are genuine bugs: Error: FORWARD_NULL (CWE-476): mod_perl-2.0.10/src/modules/perl/modperl_util.c:125: assign_zero: Assigning: "sv" = "NULL". mod_perl-2.0.10/src/modules/perl/modperl_util.c:168: var_deref_op: Dereferencing null pointer "sv". # 166| return NULL; # 167| } # 168|-> return INT2PTR(request_rec *, SvIV(sv)); # 169| } # 170| Error: FORWARD_NULL (CWE-476): mod_perl-2.0.10/src/modules/perl/modperl_module.c:181: var_compare_op: Comparing "tmp" to null implies that "tmp" might be null. mod_perl-2.0.10/src/modules/perl/modperl_module.c:186: var_deref_op: Dereferencing null pointer "tmp". # 184| } # 185| # 186|-> s = tmp->server; # 187| is_startup = (p == s->process->pconf); # 188| Error: FORWARD_NULL (CWE-476): mod_perl-2.0.10/src/modules/perl/modperl_interp.c:514: assign_zero: Assigning: "mip" = "NULL". mod_perl-2.0.10/src/modules/perl/modperl_interp.c:518: var_deref_model: Passing null pointer "mip" to "modperl_interp_mip_walk", which dereferences it. mod_perl-2.0.10/src/modules/perl/modperl_interp.c:469:26: deref_parm: Directly dereferencing parameter "mip". # 467| void *data) # 468| { # 469|-> modperl_list_t *head = mip->tipool ? mip->tipool->idle : NULL; # 470| # 471| if (!current_perl) { Error: FORWARD_NULL (CWE-476): mod_perl-2.0.10/src/modules/perl/modperl_common_util.c:94: var_compare_op: Comparing "mg" to null implies that "mg" might be null. mod_perl-2.0.10/src/modules/perl/modperl_common_util.c:98: var_deref_op: Dereferencing null pointer "mg". # 96| } # 97| else { # 98|-> Perl_warn(aTHX_ "Not a tied hash: (magic=%c)", mg->mg_type); # 99| } # 100| } Error: FORWARD_NULL (CWE-476): mod_perl-2.0.10/src/modules/perl/modperl_callback.c:327: var_compare_op: Comparing "av" to null implies that "av" might be null. mod_perl-2.0.10/src/modules/perl/modperl_callback.c:235: var_deref_op: Dereferencing null pointer "av". # 233| handlers = (modperl_handler_t **)av->elts; # 234| # 235|-> for (i=0; i<av->nelts; i++) { # 236| status = modperl_callback(aTHX_ handlers[i], p, r, s, av_args); # 237|