Explicitly check for pItem == NULL to satisfy Xcode analyzer (#667, #674)

As far as I can tell, the logic above this line does work correctly and calls `allocate_field()` in any case where iter->pData could point to pointer to NULL. But the logic depends on PB_SIZE_MAX and other subtle points, which may be why static analyzers complain. This commit makes it explicitly check and error out.
author: Petteri Aimonen <jpa@git.mail.kapsi.fi> 2021-06-04 08:32:54 +0300
committer: Petteri Aimonen <jpa@git.mail.kapsi.fi> 2021-06-04 08:32:54 +0300
commit: b6c6381949ed3f7101c95c79beee66a6560e2a10 (patch)
tree: 22b14fbf591e718b87212e87dba390f89251b17c
parent: 7ee9ef9f627d85cbe1b8c4f49a3ed26eed216c77 (diff)
download: nanopb-c-b6c6381949ed3f7101c95c79beee66a6560e2a10.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/pb_decode.c b/pb_decode.c
index 4efe8a3..2fee3bc 100644
--- a/pb_decode.c
+++ b/pb_decode.c
@@ -639,6 +639,12 @@ static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_
 
                     /* Decode the array entry */
                     pItem = *(char**)iter->pData + iter->pos->data_size * (*size);
+                    if (pItem == NULL)
+                    {
+                        /* Shouldn't happen, but satisfies static analyzers */
+                        status = false;
+                        break;
+                    }
                     initialize_pointer_field(pItem, iter);
                     if (!func(&substream, iter->pos, pItem))
                     {
author	Petteri Aimonen <jpa@git.mail.kapsi.fi>	2021-06-04 08:32:54 +0300
committer	Petteri Aimonen <jpa@git.mail.kapsi.fi>	2021-06-04 08:32:54 +0300
commit	b6c6381949ed3f7101c95c79beee66a6560e2a10 (patch)
tree	22b14fbf591e718b87212e87dba390f89251b17c
parent	7ee9ef9f627d85cbe1b8c4f49a3ed26eed216c77 (diff)
download	nanopb-c-b6c6381949ed3f7101c95c79beee66a6560e2a10.tar.gz