diff options
author | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2021-06-04 08:32:54 +0300 |
---|---|---|
committer | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2021-06-04 08:32:54 +0300 |
commit | b6c6381949ed3f7101c95c79beee66a6560e2a10 (patch) | |
tree | 22b14fbf591e718b87212e87dba390f89251b17c | |
parent | 7ee9ef9f627d85cbe1b8c4f49a3ed26eed216c77 (diff) | |
download | nanopb-c-b6c6381949ed3f7101c95c79beee66a6560e2a10.tar.gz |
Explicitly check for pItem == NULL to satisfy Xcode analyzer (#667, #674)
As far as I can tell, the logic above this line does work correctly and
calls `allocate_field()` in any case where iter->pData could point to pointer
to NULL. But the logic depends on PB_SIZE_MAX and other subtle points, which
may be why static analyzers complain. This commit makes it explicitly check
and error out.
-rw-r--r-- | pb_decode.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pb_decode.c b/pb_decode.c index 4efe8a3..2fee3bc 100644 --- a/pb_decode.c +++ b/pb_decode.c @@ -639,6 +639,12 @@ static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_ /* Decode the array entry */ pItem = *(char**)iter->pData + iter->pos->data_size * (*size); + if (pItem == NULL) + { + /* Shouldn't happen, but satisfies static analyzers */ + status = false; + break; + } initialize_pointer_field(pItem, iter); if (!func(&substream, iter->pos, pItem)) { |