<<< Date Index >>>     <<< Thread Index >>>

mutt/2272: NUll pointer references



>Number:         2272
>Notify-List:    
>Category:       mutt
>Synopsis:       NUll pointer references
>Confidential:   no
>Severity:       normal
>Priority:       medium
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 08 13:29:50 +0200 2006
>Originator:     desclaux fabrice
>Release:        mutt-1.5.11
>Organization:
EADS
>Environment:
linux 2.6
>Description:
In crypt.c: line 595:
  if (!h)
  {
    for (i = 0; i < Context->vcount; i++)
    {
      .....
          if (Context->hdrs[Context->v2r[i]]->env->from)
            tmp = mutt_expand_aliases (h->env->from);
      .....

In this test, h is a null pointer, so mutt_expand_aliases (h->env->from); will 
seg fault in reading at adress 0x52


in assembly, the compilator see the null value and generate memory access 
without base:(intel style)
        mov     %eax, DWORD PTR %ds:52
        mov     %eax, DWORD PTR [%eax+4]

>How-To-Repeat:
If the function void crypt_extract_keys_from_messages (HEADER * h) is called 
with a null pointer, the code test this null pointer and READ at this pointer, 
maybe there is no ! in the test code.

>Fix:
maybe you wanted to do if (h) ....
>Add-To-Audit-Trail:

>Unformatted: