[pacman-dev] [PATCH 1/2] Avoid stat() on NULL path in curl_download_internal()
Dave Reisner
d at falconindy.com
Wed Aug 17 09:24:01 EDT 2011
On Wed, Aug 17, 2011 at 03:05:55PM +0200, Lukas Fleischer wrote:
> On Wed, Aug 17, 2011 at 08:37:23AM -0400, Dave Reisner wrote:
> > On Wed, Aug 17, 2011 at 10:15:16AM +0200, Lukas Fleischer wrote:
> > > stat()'s behaviour is undefined if the first argument is NULL and might
> > > be prone to segfault. Add an additional check to skip the stat()
> > > invocation if no destfile is used.
> > >
> > > Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
> > > ---
> > > lib/libalpm/dload.c | 2 +-
> > > 1 files changed, 1 insertions(+), 1 deletions(-)
> > >
> > > diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
> > > index 5a63e48..731d807 100644
> > > --- a/lib/libalpm/dload.c
> > > +++ b/lib/libalpm/dload.c
> > > @@ -260,7 +260,7 @@ static int curl_download_internal(struct dload_payload *payload,
> > > curl_easy_setopt(handle->curl, CURLOPT_USERAGENT, useragent);
> > > }
> > >
> > > - if(!payload->allow_resume && !payload->force && stat(destfile, &st) == 0) {
> > > + if(!payload->allow_resume && !payload->force && destfile && stat(destfile, &st) == 0) {
> > > /* start from scratch, but only download if our local is out of date. */
> > > curl_easy_setopt(handle->curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
> > > curl_easy_setopt(handle->curl, CURLOPT_TIMEVALUE, (long)st.st_mtime);
> > > --
> > > 1.7.6
> > >
> > >
> >
> > We already check for destfile being NULL earlier, when we try to create it, line 210ish.
>
> Yeah, we do not check that in the else branch though.
>
And this is what I get for looking at this on the wrong branch. Yeah,
this makes sense.
More information about the pacman-dev
mailing list