GNOME Bugzilla – Bug 341336
NULL can be dereferenced in ORBit_POAObject_handle_request
Last modified: 2006-05-20 11:40:58 UTC
(coverity #1188) in ORBit2/src/orb/poa/poa.c : In ORBit_POAObject_handle_request, there are tests on poa being NULL, but if it occurs to be NULL, there is a goto to some cleanup code which will dereference it. 1384 clean_out: 1385 POA_UNLOCK (poa); 1386 ORBit_RootObject_release (poa); 1387 } The UNLOCK and release should be inside an if, like the LOCK and duplicate are.
Created attachment 65201 [details] [review] Check if cleanup is needed before dereferencing poa
fine - please do commit; there are other un-guarded uses of 'poa' in that method though. It's prolly best to bail early if (!poa) though - preferably add a 'goto clean_out' after the set OBJECT_NOT_EXIST path. Thanks.
After setting ex_CORBA_OBJECT_NOT_EXIST we skip the else and get at : if (ev->_major != CORBA_NO_EXCEPTION) { return_exception (recv_buffer, m_data, ev); goto clean_out; } so the goto will always occur and I don't think we need an explicit one before. Regarding commit, I don't have any cvs rights :)
Could you send a request for an account to accounts@gnome.org? I'll gladly vouch for you as would Michael I should think.
I commited this for you.