diff options
| author | Aidan MacDonald <amachronic@protonmail.com> | 2022-05-02 16:48:19 +0100 |
|---|---|---|
| committer | Aidan MacDonald <amachronic@protonmail.com> | 2022-05-02 16:48:19 +0100 |
| commit | b79eefc8583536da9faa87b50d82eaef8a3e0dde (patch) | |
| tree | 1f694ae914985df2164b61ba239a733a50a10a45 | |
| parent | 6e37b318510d66fc6ec7e94f350062279b242afb (diff) | |
| download | rockbox-b79eefc8583536da9faa87b50d82eaef8a3e0dde.tar.gz rockbox-b79eefc8583536da9faa87b50d82eaef8a3e0dde.zip | |
apps: fix tagtree arithmetic on null pointers
It was possible for the tag tree's buflib move callback to turn a
null pointer non-null. The tagcache_search_clause->str can be null
for OR clauses. Also ensure that clauses are zeroed on allocation
to ensure garbage pointers don't creep in.
Change-Id: Ic823a8eecc501eeaa75798066521e427a9a89190
| -rw-r--r-- | apps/tagtree.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/tagtree.c b/apps/tagtree.c index 9fb2172e57..45d2bb991b 100644 --- a/apps/tagtree.c +++ b/apps/tagtree.c @@ -223,7 +223,8 @@ static int move_callback(int handle, void* current, void* new) { for(int l = 0; l < mentry->si.clause_count[k]; l++) { - UPDATE(mentry->si.clause[k][l]->str, diff); + if(mentry->si.clause[k][l]->str) + UPDATE(mentry->si.clause[k][l]->str, diff); UPDATE(mentry->si.clause[k][l], diff); } } @@ -702,7 +703,7 @@ static int get_condition(struct search_instruction *inst) return -2; } - new_clause = tagtree_alloc(sizeof(struct tagcache_search_clause)); + new_clause = tagtree_alloc0(sizeof(struct tagcache_search_clause)); if (!new_clause) { logf("tagtree failed to allocate %s", "search clause"); |