GNOME Bugzilla – Bug 334121
NULL pointer deref in planner-format.c:planner_parse_duration_with_day_length()
Last modified: 2006-08-03 17:20:21 UTC
Event var_compare_op: Added "end_ptr" due to comparison "end_ptr != 0" Also see events: [var_deref_op] At conditional (1): "end_ptr != 0" taking false path 504 if (end_ptr) { 505 unit = format_get_unit_from_string (end_ptr); 506 507 /* If no unit was specified and it was the first number 508 * in the input, treat it as "day". 509 */ 510 if (unit == UNIT_NONE && p == str) { 511 unit = UNIT_DAY; 512 } 513 514 total += format_multiply_with_unit (dbl, 515 unit, 516 seconds_per_month, 517 seconds_per_week, 518 day_length); 519 } 520 Event var_deref_op: Variable "end_ptr" tracked as NULL was dereferenced. Also see events: [var_compare_op] 521 if (*end_ptr == 0) { 522 break; 523 } 524 525 p = end_ptr + 1; 526 }
Created attachment 68240 [details] [review] patch that should fix the null deref
My fix is slightly different - I've probably misunderstood the problem... Index: src/planner-format.c =================================================================== RCS file: /cvs/gnome/planner/src/planner-format.c,v retrieving revision 1.6 diff -u -b -B -p -r1.6 planner-format.c --- src/planner-format.c 8 Jul 2006 16:20:36 -0000 1.6 +++ src/planner-format.c 17 Jul 2006 21:55:26 -0000 @@ -522,7 +522,10 @@ planner_parse_duration_with_day_length ( break; } + /* Fix for bugzilla 334121 */ + if (end_ptr) { p = end_ptr + 1; + } } g_free (str);
Closing this since the patch went in it seems.