VirtualBox

Opened 7 years ago

Last modified 7 years ago

#16835 new defect

rtlogFlush: Potential null pointer dereference — at Initial Version

Reported by: ColinIanKing Owned by:
Component: guest control Version: VirtualBox 5.1.22
Keywords: log null pointer dererference Cc:
Guest type: all Host type: Linux

Description

Function rtlogFlush() in vboxguest/common/log/log.c performs a paronoid check:

/*

  • If the ring buffer is active, the other destinations are only written
  • to when the ring buffer is flushed by RTLogFlush(). */

if ( (pLogger->fDestFlags & RTLOGDEST_RINGBUF)

&& pLogger->pInt && pLogger->pInt->pszRingBuf /* paraoia */)

{

rtLogRingBufWrite(pLogger->pInt, pLogger->achScratch, pLogger->offScratch); pLogger->offScratch = 0; /* empty the buffer. */

} else ...

This implies that pLogger->pInt could be NULL (even if this is an unlikely paranoid case). In the else path we have the following code that dereferences pLogginer->pInt and hence we may have a NULL pointer deference:

if (pLogger->pInt->pfnFlush)

pLogger->pInt->pfnFlush(pLogger);

I guess this is unlikely, but I think it would be good to correctly sanity check this for this corner case.

Change History (0)

Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy