Bug 15596 - NULL_AFTER_DEREF in /source3/smbd/files.c
Summary: NULL_AFTER_DEREF in /source3/smbd/files.c
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.16.11
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-02 15:37 UTC by e.bykhanova@fobos-nt.ru
Modified: 2024-03-02 15:37 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description e.bykhanova@fobos-nt.ru 2024-03-02 15:37:41 UTC
The static analyzer has detected NULL_AFTER_DEREF: dPointer 'fsp', which is dereferenced at files.c:99 by passing as 1st parameter to function 'fsp_set_gen_id' at files.c:472, is compared to a NULL value at files.c:576.


The correctness of 'fsp' is checked at files.c:467, so the code at files.c:576-578 looks redundant.

By the way, in other branches this nuance has been fixed. Foe example, there is no such redundant code [here](https://github.com/samba-team/samba/commit/f292b1ae0025af6d7432116aee3decb16a1699cf).


GitHub:
1) files.c:472
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source3/smbd/files.c#L472

2) files.c:576-578
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source3/smbd/files.c#L576-L578

3) files.c:466-469
https://github.com/samba-team/samba/blob/225a003a043eee399b6d266d94440c399b6877e4/source3/smbd/files.c#L466C1-L469C3

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author E. Bykhanova (e.bykhanova@fobos-nt.ru).