In this code, set can be NULL, in which case accessing set->key is a null pointer dereference.
This case is currently unreachable - _bf_matcher_generate_set_trie is only called by bf_chain_get_set_for_matcher, which validates the set exists first.
However, for defensive programming, we should check for if (!set) here as well, and error out if it's missing.
|
static int _bf_matcher_generate_set_trie(struct bf_program *program, |
|
const struct bf_matcher *matcher) |
|
{ |
|
assert(program); |
|
assert(matcher); |
|
|
|
const struct bf_set *set = |
|
bf_chain_get_set_for_matcher(program->runtime.chain, matcher); |
|
enum bf_matcher_type type = set->key[0]; |
This issue was found by cppcheck and validated by Claude Code.
In this code,
setcan beNULL, in which case accessingset->keyis a null pointer dereference.This case is currently unreachable -
_bf_matcher_generate_set_trieis only called bybf_chain_get_set_for_matcher, which validates the set exists first.However, for defensive programming, we should check for
if (!set)here as well, and error out if it's missing.bpfilter/src/libbpfilter/cgen/matcher/set.c
Lines 15 to 23 in e289171
This issue was found by cppcheck and validated by Claude Code.