Opened 7 years ago
Last modified 7 years ago
#16835 new defect
rtlogFlush: Potential null pointer dereference — at Initial Version
| Reported by: | ColinIanKing | Owned by: | |
|---|---|---|---|
| Component: | guest control | Version: | VirtualBox 5.1.22 |
| Keywords: | log null pointer dererference | Cc: | |
| Guest type: | all | Host type: | Linux |
Description
Function rtlogFlush() in vboxguest/common/log/log.c performs a paronoid check:
/*
- If the ring buffer is active, the other destinations are only written
- to when the ring buffer is flushed by RTLogFlush(). */
if ( (pLogger->fDestFlags & RTLOGDEST_RINGBUF)
&& pLogger->pInt && pLogger->pInt->pszRingBuf /* paraoia */)
{
rtLogRingBufWrite(pLogger->pInt, pLogger->achScratch, pLogger->offScratch); pLogger->offScratch = 0; /* empty the buffer. */
} else ...
This implies that pLogger->pInt could be NULL (even if this is an unlikely paranoid case). In the else path we have the following code that dereferences pLogginer->pInt and hence we may have a NULL pointer deference:
if (pLogger->pInt->pfnFlush)
pLogger->pInt->pfnFlush(pLogger);
I guess this is unlikely, but I think it would be good to correctly sanity check this for this corner case.

