Skip to content

tds: fix potential NULL dereference #692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
freddy77 merged 1 commit into from
Jan 15, 2026
Merged

tds: fix potential NULL dereference #692

freddy77 merged 1 commit into from
Jan 15, 2026
+1 −1

Conversation

@ProjectMutilation
Copy link
Contributor

@ProjectMutilation ProjectMutilation commented Jan 14, 2026

The result of the realloc function can be NULL if the memory allocation fails.
Found by PostgresPro with Svace Static Analyzer

@freddy77
Copy link
Contributor

freddy77 commented Jan 14, 2026
edited
Loading

It cannot fail if the size is smaller than before.

@ProjectMutilation
Copy link
Contributor Author

ProjectMutilation commented Jan 15, 2026
edited
Loading

It cannot fail if the size is smaller than before.

A realloc behavior is implementation defined. The standard isn't warranty this.

@freddy77
Copy link
Contributor

freddy77 commented Jan 15, 2026

This should do

diff --git a/src/tds/token.c b/src/tds/token.c
index 79f097ad1..c7826fb43 100644
--- a/src/tds/token.c
+++ b/src/tds/token.c
@@ -2541,7 +2541,7 @@ tds_alloc_get_string(TDSSOCKET * tds, char **string, size_t len)
                *string = NULL;
                return -1;
        }
-       s = (char*) realloc(s, out_len + 1);
+       TDS_RESIZE(s, out_len + 1);
        s[out_len] = '\0';
        *string = s;
        return 0;

@ProjectMutilation
tds: fix potential NULL dereference
5f35861 
The result of the realloc function can be NULL if the memory allocation fails.
Found by PostgresPro with Svace Static Analyzer
Signed-off-by: Maksim Korotkov <m.korotkov@postgrespro.ru>
@ProjectMutilation
Copy link
Contributor Author

ProjectMutilation commented Jan 15, 2026 

TDS_RESIZE(s, out_len + 1);

applied

@freddy77 freddy77 merged commit 3fa4d06 into FreeTDS:master Jan 15, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@freddy77 freddy77 freddy77 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ProjectMutilation @freddy77