Re: Potential Null Pointer Dereference in resizebox method from lauxlib.c

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Potential Null Pointer Dereference in resizebox method from lauxlib.c
From: Andrew Gierth <andrew@...>
Date: Sat, 22 Jul 2023 14:40:02 +0100

>>>>> "Yongchao" == Yongchao Wang <chaowyc@gmail.com> writes:

 Yongchao> Hi all,

 Yongchao> We have detected that the resizebox method may trigger a null
 Yongchao> pointer dereference. Here is a possible vulnerable trace:

Static analysis is all very well, but it leads to pointless reports of
non-bugs like this.

resizebox is called only when the referenced stack position is already
known to contain a box (provided that the luaL_Buffer protocol is being
properly followed, which is the responsibility of the caller). As such,
the lua_touserdata call cannot return NULL and there is no bug.

-- 
Andrew.

References:
- Potential Null Pointer Dereference in resizebox method from lauxlib.c, Yongchao Wang

Prev by Date: Re: order of matches for string.gsub
Next by Date: Re: Potential Null Pointer Dereference in resizebox method from lauxlib.c
Previous by thread: Re: Potential Null Pointer Dereference in resizebox method from lauxlib.c
Next by thread: Re: Potential Null Pointer Dereference in resizebox method from lauxlib.c
Index(es):
- Date
- Thread