[PATCH GnuPG 4/7] common: check strchr for null
Werner Koch
wk at gnupg.org
Wed Jan 28 16:08:55 CET 2026
Hi!
Here is an example on why manual introspection is required on all static
analyzer output:
On Wed, 28 Jan 2026 12:35, Sam James said:
> p = strchr (program, '|');
> - *p++ = 0;
> + if (p)
> + *p++ = 0;
This is is something the analyzer did not got right. This if-branch is
only entered iff program_name already contains a '|'. program is a copy
of program_name.
A log_assert could be used but the code is short enoigh to see that this
will never be triggred.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260128/3ecf8ca3/attachment.sig>
More information about the Gnupg-devel
mailing list