commit f58587a68dec2cdbcbf3d3d46414c05fc9dfffbd Author: Nick Mathewson nickm@torproject.org Date: Thu Mar 28 09:19:23 2019 -0400

Don't unconditionally deref pub and sub in lint_message_consistency

This can't actually result in a null pointer dereference, since pub_excl and sub_excl are only set when the corresponding smartlists are nonempty. But coverity isn't smart enough to figure that out, and we shouldn't really be depending on it.

Bug 29938; CID 1444257. Bug not in any released Tor. --- src/lib/pubsub/pubsub_check.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/pubsub/pubsub_check.c b/src/lib/pubsub/pubsub_check.c index d308dc58a..a3c22d4f2 100644 --- a/src/lib/pubsub/pubsub_check.c +++ b/src/lib/pubsub/pubsub_check.c @@ -303,14 +303,14 @@ lint_message_consistency(message_id_t msg, /* Enforce exclusive-ness for publishers and subscribers that have asked for * it. */ - if (pub_excl && smartlist_len(pub) > 1) { + if (pub_excl && smartlist_len_opt(pub) > 1) { log_warn(LD_MESG|LD_BUG, "Message "%s" has multiple publishers, but at least one is " "marked as exclusive.", get_message_id_name(msg)); ok = false; } - if (sub_excl && smartlist_len(sub) > 1) { + if (sub_excl && smartlist_len_opt(sub) > 1) { log_warn(LD_MESG|LD_BUG, "Message "%s" has multiple subscribers, but at least one is " "marked as exclusive.",