[PATCH GnuPG 4/7] common: check strchr for null
Sam James
sam at gentoo.org
Wed Jan 28 19:08:20 CET 2026
Werner Koch <wk at gnupg.org> writes:
> Hi!
Hi!
>
> Here is an example on why manual introspection is required on all static
> analyzer output:
>
> On Wed, 28 Jan 2026 12:35, Sam James said:
>> p = strchr (program, '|');
>> - *p++ = 0;
>> + if (p)
>> + *p++ = 0;
>
> This is is something the analyzer did not got right. This if-branch is
> only entered iff program_name already contains a '|'. program is a copy
> of program_name.
>
> A log_assert could be used but the code is short enoigh to see that this
> will never be triggred.
>
Gah, yes, I'm sorry for the noise. I clearly got carried away with
that. I'll check more carefully and see if any are still worth it in
that case.
Thank you!
>
>
> Salam-Shalom,
>
> Werner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 418 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260128/3bcfd2fe/attachment.sig>
More information about the Gnupg-devel
mailing list