| Bug #115156 | Potential Nullptr Derefence in file `strings\ctype-ucs2.cc` | ||
|---|---|---|---|
| Submitted: | 29 May 2024 6:48 | Modified: | 29 May 2024 7:48 |
| Reporter: | Yu Xiao | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Compiling | Severity: | S3 (Non-critical) |
| Version: | mysql-trunk, 8.0 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[29 May 2024 7:48]
MySQL Verification Team
Hello! Thank you for the report and feedback. regards, Umesh
Description: File: strings\ctype-ucs2.cc Function: my_strtoll10_utf32() Detail: static long long my_strtoll10_utf32(const CHARSET_INFO *cs [[maybe_unused]], const char *nptr, const char **endptr, int *error) { ... if (endptr) { // Assuming `endptr` is `nullptr`, skip this branch. ... } else { goto no_conv; } ... no_conv: *error = MY_ERRNO_EDOM; *endptr = nptr; // `nullptr` dereference happened here return 0; } How to repeat: This is a static analyzer warning, we have not found an actual path that triggers the null pointer dereference, but we believe this is a clear logical error in the code. Suggested fix: Add check for `endptr` before dereference it: no_conv: *error = MY_ERRNO_EDOM; if (endptr) { *endptr = nptr; } return 0;