From ef059b8831f4e12304246bb511b9b9e077b98c4e Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Wed, 14 Jul 2021 16:03:21 +1200 Subject: [PATCH] heimdal:base: Don't perform arithmetic on a NULL pointer Doing so is undefined behaviour. Change-Id: Ic57baac0fc5fb06945c0dfbd5d4eb913a12fc13d Signed-off-by: Joseph Sutton --- lib/base/heimbase.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/base/heimbase.c b/lib/base/heimbase.c index 5783bfd97..a77e50d9c 100644 --- a/lib/base/heimbase.c +++ b/lib/base/heimbase.c @@ -86,11 +86,13 @@ struct heim_auto_release { heim_object_t heim_retain(heim_object_t ptr) { - struct heim_base *p = PTR2BASE(ptr); + struct heim_base *p; if (ptr == NULL || heim_base_is_tagged(ptr)) return ptr; + p = PTR2BASE(ptr); + if (heim_base_atomic_load(&p->ref_cnt) == heim_base_atomic_integer_max) return ptr; @@ -109,11 +111,13 @@ void heim_release(void *ptr) { heim_base_atomic_integer_type old; - struct heim_base *p = PTR2BASE(ptr); + struct heim_base *p; if (ptr == NULL || heim_base_is_tagged(ptr)) return; + p = PTR2BASE(ptr); + if (heim_base_atomic_load(&p->ref_cnt) == heim_base_atomic_integer_max) return; @@ -342,9 +346,10 @@ _heim_alloc_object(heim_type_t type, size_t size) void * _heim_get_isaextra(heim_object_t ptr, size_t idx) { - struct heim_base *p = (struct heim_base *)PTR2BASE(ptr); + struct heim_base *p; heim_assert(ptr != NULL, "internal error"); + p = (struct heim_base *)PTR2BASE(ptr); if (p->isa == &memory_object) return NULL; heim_assert(idx < 3, "invalid private heim_base extra data index"); @@ -666,13 +671,15 @@ heim_auto_release_create(void) heim_object_t heim_auto_release(heim_object_t ptr) { - struct heim_base *p = PTR2BASE(ptr); + struct heim_base *p; struct ar_tls *tls = autorel_tls(); heim_auto_release_t ar; if (ptr == NULL || heim_base_is_tagged(ptr)) return ptr; + p = PTR2BASE(ptr); + /* drop from old pool */ if ((ar = p->autorelpool) != NULL) { HEIMDAL_MUTEX_lock(&ar->pool_mutex);