Skip to content
This repository was archived by the owner on Jan 6, 2023. It is now read-only.

Check if the package is in the mapping hash before trying to update it #65

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Check if the package is in the mapping hash before trying to update it #65

wants to merge 1 commit into from

Conversation

mgpb
Copy link

@mgpb mgpb commented Nov 3, 2017

Hello!

When working with a list of faux packages and using a mapping file, I found that unless every package has a corresponding mapping entry, I get a segfault.

packages.csv:

linux,3.14-myversion,,
bash,4.3.30,,

mapping:

[Mapping]
linux_kernel,3.14 = linux

Result:

bash-4.3# cve-check-tool -M mapping packages.csv 

(cve-check-tool:7): GLib-CRITICAL **: g_strsplit: assertion 'string != NULL' failed
Segmentation fault (core dumped)

As long as I add bash to the mapping file in any way (like bash=bash or foo,3.5=bash), it works as expected. I could reproduce this as far back as 13ec561.

The code makes sure there is a mapping hash but not whether the package is a key in it, so the NULL returned by the lookup is passed to g_strsplit().

I thought g_hash_table_contains() makes sense here since the table and the loop are still using the glib functions, but I also realize you wanted to get away from glib in general, so I could alternatively wrap the stuff in that block with a check that q isn't NULL first if that's preferable..

@mgpb
Check if the package is in the mapping hash before trying to update it
a75f7df 
Otherwise, the lookup returns NULL but is still passed to g_strsplit().
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mgpb