Hello,
Our team has recently been conducting research on a null-pointer-dereference (NPD) vulnerability detection tool and used it to scan zaver(the version on the master branch). After a manual review, we have identified some potentially vulnerable code snippets that may lead to null-pointer-dereference bugs.
The NULL Dereference vulnerability happens in int threadpool_free(), threadpool.c
How the NULL Pointer Dereference happens:
- When
pool->head == NULL
- NULL dereference of variable
pool->head happens at pool->head->next
static inline void Abc_NtkFinSimOneWord( Abc_Obj_t * pObj, int Type, Vec_Wrd_t * vSims, int nWords )
{
=> if ((pool->threads == NULL) || (pool->head == NULL)) {
=> goto err;
}
......
err:
if (pool) {
=> threadpool_free(pool);
}
return NULL;
}
int threadpool_free(zv_threadpool_t *pool) {
......
=> while (pool->head->next) {
......
}
......
}
Hello,
Our team has recently been conducting research on a null-pointer-dereference (NPD) vulnerability detection tool and used it to scan zaver(the version on the master branch). After a manual review, we have identified some potentially vulnerable code snippets that may lead to null-pointer-dereference bugs.
The NULL Dereference vulnerability happens in
int threadpool_free(),threadpool.cHow the NULL Pointer Dereference happens:
pool->head == NULLpool->headhappens atpool->head->next