AppJailLauncher icon indicating copy to clipboard operation
AppJailLauncher copied to clipboard

Published 20 hours ago verified publisher icon trailofbits

Null pointer dereference

Open ariccio opened this issue 7 years ago • 0 comments

I'm screwing around with /analyze, and it's picked up a couple of issues for AppJailLauncher. This may cause crashes.

At lines 52, 53, and 57, in utils.cpp, you're dereferencing a pointer that might be NULL.

Pointer p is declared struct addrinfo *p = NULL, and assigned to in the for loop:

for (p = servinfo; p != NULL; p = p->ai_next) {

If the loop terminates because p == NULL, then you're dereferencing a NULL pointer here:

	LOG(
		"Socket bound on %s:%i\n",
		InetNtop(
			p->ai_family,
			(PVOID) &((struct sockaddr_in *) p->ai_addr)->sin_addr,
			szAddr,
			sizeof(szAddr) / sizeof(_TCHAR)
			),
		htons(((struct sockaddr_in *) p->ai_addr)->sin_port)
		);

ariccio avatar Nov 30 '16 00:11 ariccio