Hello all,
I believe there may be two Null Pointer Dereference issues in the Apple-specific process iterator, process_iterator_apple.c
The issue in question comes from two different pieces of code.
Issue 1:
source = malloc(sizeof(int)*len_in);
memcpy(source, arr_in, sizeof(int)*len_in);
In lines 33 and 34 of process_iterator_apple.c, malloc() is called to allocate memory for the source buffer, but the return code of malloc is never checked. If malloc() returns NULL due to a lack of available memory, the next line will then attempt to memcpy() data into a null pointer.
Issue 2:
/* Allocate and populate it->pidlist */
if ((it->pidlist = (int *)malloc((it->count)*sizeof(int))) == NULL) {
fprintf(stderr, "malloc: %s\n", strerror(errno));
}In the init_process_iterator() function within process_iterator_apple.c, a number of checks are performed to ensure the allocation, buffer, etc. are valid before the initialization completes. In lines 62-65 (the above code chunk), a check is performed to ensure that the malloc() call does not return NULL. If it does, fprintf() is used to print an error message. However, unlike the other checks in this function, it doesn't then return -1; - it instead continues with execution. I believe this was just a minor error where the return was forgotten, and a simple one-line change could fix it.
These are two very minor issues that only affect the Apple-specific process iterator, but I still thought they were worth raising to reduce the chance of running into null pointer issues in an out of memory scenario.
Thank you! 🙂
(Also, apologies for the edit in the issue - I accidentally ctrl+enter posted it before I was done, and add to fill in the rest after)
Hello all,
I believe there may be two Null Pointer Dereference issues in the Apple-specific process iterator,
process_iterator_apple.cThe issue in question comes from two different pieces of code.
Issue 1:
In lines 33 and 34 of
process_iterator_apple.c,malloc()is called to allocate memory for the source buffer, but the return code of malloc is never checked. Ifmalloc()returnsNULLdue to a lack of available memory, the next line will then attempt tomemcpy()data into a null pointer.Issue 2:
In the
init_process_iterator()function withinprocess_iterator_apple.c, a number of checks are performed to ensure the allocation, buffer, etc. are valid before the initialization completes. In lines 62-65 (the above code chunk), a check is performed to ensure that themalloc()call does not return NULL. If it does,fprintf()is used to print an error message. However, unlike the other checks in this function, it doesn't thenreturn -1;- it instead continues with execution. I believe this was just a minor error where the return was forgotten, and a simple one-line change could fix it.These are two very minor issues that only affect the Apple-specific process iterator, but I still thought they were worth raising to reduce the chance of running into null pointer issues in an out of memory scenario.
Thank you! 🙂
(Also, apologies for the edit in the issue - I accidentally ctrl+enter posted it before I was done, and add to fill in the rest after)