Possible NULL pointer dereference on freenect_select_subdevices?? #627
Description
Dear developers:
Our tool reports a NULL pointer dereference on this method freenect_select_subdevices where ctx may be NULL. It may a false positive, thank you for your confirmation.
FREENECTAPI void freenect_select_subdevices(freenect_context *ctx, freenect_device_flags subdevs)
{
ctx->enabled_subdevices = ...; // ctx may be null
}
The method is invoked here.
static void init_thread(void)
{
thread_running = 1;
freenect_init(&ctx, 0); // store null to ctx.
freenect_select_subdevices(ctx, (freenect_device_flags)(FREENECT_DEVICE_MOTOR | FREENECT_DEVICE_CAMERA));
pthread_create(&thread, NULL, init, NULL);
}
This method store NULL to ctx on here.
FREENECTAPI int freenect_init(freenect_context **ctx, freenect_usb_context *usb_ctx)
{
int res;
*ctx = (freenect_context*)malloc(sizeof(freenect_context));
if (*ctx == NULL)
return -1;
memset(*ctx, 0, sizeof(freenect_context));
(*ctx)->log_level = LL_NOTICE;
(*ctx)->enabled_subdevices = (freenect_device_flags)(FREENECT_DEVICE_MOTOR | FREENECT_DEVICE_CAMERA);
res = fnusb_init(&(*ctx)->usb, usb_ctx);
if (res < 0) {
free(*ctx);
*ctx = NULL;
}
return res;
}