mutt/2272: NUll pointer references
>Number: 2272
>Notify-List:
>Category: mutt
>Synopsis: NUll pointer references
>Confidential: no
>Severity: normal
>Priority: medium
>Responsible: mutt-dev
>State: open
>Keywords:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jun 08 13:29:50 +0200 2006
>Originator: desclaux fabrice
>Release: mutt-1.5.11
>Organization:
EADS
>Environment:
linux 2.6
>Description:
In crypt.c: line 595:
if (!h)
{
for (i = 0; i < Context->vcount; i++)
{
.....
if (Context->hdrs[Context->v2r[i]]->env->from)
tmp = mutt_expand_aliases (h->env->from);
.....
In this test, h is a null pointer, so mutt_expand_aliases (h->env->from); will
seg fault in reading at adress 0x52
in assembly, the compilator see the null value and generate memory access
without base:(intel style)
mov %eax, DWORD PTR %ds:52
mov %eax, DWORD PTR [%eax+4]
>How-To-Repeat:
If the function void crypt_extract_keys_from_messages (HEADER * h) is called
with a null pointer, the code test this null pointer and READ at this pointer,
maybe there is no ! in the test code.
>Fix:
maybe you wanted to do if (h) ....
>Add-To-Audit-Trail:
>Unformatted: