Possible NULL pointer dereference on freenect_select_subdevices?? #627

ycaibb · 2020-10-29T03:47:40Z

Dear developers:
Our tool reports a NULL pointer dereference on this method freenect_select_subdevices where ctx may be NULL. It may a false positive, thank you for your confirmation.

FREENECTAPI void freenect_select_subdevices(freenect_context *ctx, freenect_device_flags subdevs)
{
	ctx->enabled_subdevices = ...; // ctx may be null
}

The method is invoked here.

static void init_thread(void)
{
	thread_running = 1;
	freenect_init(&ctx, 0); // store null to ctx.
	freenect_select_subdevices(ctx, (freenect_device_flags)(FREENECT_DEVICE_MOTOR | FREENECT_DEVICE_CAMERA));
	pthread_create(&thread, NULL, init, NULL);
}

This method store NULL to ctx on here.

FREENECTAPI int freenect_init(freenect_context **ctx, freenect_usb_context *usb_ctx)
{
	int res;

	*ctx = (freenect_context*)malloc(sizeof(freenect_context));
	if (*ctx == NULL)
		return -1;

	memset(*ctx, 0, sizeof(freenect_context));

	(*ctx)->log_level = LL_NOTICE;
	(*ctx)->enabled_subdevices = (freenect_device_flags)(FREENECT_DEVICE_MOTOR | FREENECT_DEVICE_CAMERA);
	res = fnusb_init(&(*ctx)->usb, usb_ctx);
	if (res < 0) {
		free(*ctx);
		*ctx = NULL;
	}
	return res;
}

The text was updated successfully, but these errors were encountered:

piedar added this to the v0.6.3 milestone Jan 14, 2021

piedar modified the milestones: v0.6.3, v0.6.2 Feb 11, 2021

piedar closed this as completed in 4d6b941 Feb 11, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Possible NULL pointer dereference on freenect_select_subdevices?? #627

Possible NULL pointer dereference on freenect_select_subdevices?? #627

ycaibb commented Oct 29, 2020

Possible NULL pointer dereference on freenect_select_subdevices?? #627

Possible NULL pointer dereference on freenect_select_subdevices?? #627

Comments

ycaibb commented Oct 29, 2020