apr icon indicating copy to clipboard operation
apr copied to clipboard
verified publisher icon apache

Check for potential null pointer

Open SafeCoding233 opened this issue 1 year ago • 3 comments

apr_palloc may return NULL pointer. It may trigger undefined behavior in later usage. For example, passing a null pointer to memcpy may trigger undefined behavior. Thus it is better to check for NULL.

SafeCoding233 avatar Sep 20 '24 03:09 SafeCoding233

With APR pools, the accepted coding style is to assume apr_palloc() never fails - applications can and install an abort function using apr_pool_create_ex() which is invoked if the underlying memory allocation ever fails.

notroj avatar Oct 01 '24 16:10 notroj

With APR pools, the accepted coding style is to assume apr_palloc() never fails - applications can and install an abort function using apr_pool_create_ex() which is invoked if the underlying memory allocation ever fails.

Thank you for your kind reply and explanation! I also thought the assumption is apr_palloc() never fails. However, I made the PR because I found some code snippets in the repo that indeed check for the possible null pointers.

For example: https://github.com/apache/apr/blob/4283c6aaab8032761d1851a375a7c68a141bd073/threadproc/netware/threadpriv.c#L25-L27

https://github.com/apache/apr/blob/4283c6aaab8032761d1851a375a7c68a141bd073/jose/apr_jose.c#L71-L73

So I thought it might be good to follow a consistent assumption?

I must admit that I didn't have experience contributing to the APR repo before. My apologies if my understanding is inaccurate, and thank you again for your time!

SafeCoding233 avatar Oct 01 '24 19:10 SafeCoding233

You're right that not all APR code follows the convention, unfortunately.

notroj avatar Feb 14 '25 07:02 notroj