[pacman-dev] [PATCH 1/2] Avoid stat() on NULL path in curl_download_internal()

Lukas Fleischer archlinux at cryptocrack.de
Wed Aug 17 09:05:55 EDT 2011


On Wed, Aug 17, 2011 at 08:37:23AM -0400, Dave Reisner wrote:
> On Wed, Aug 17, 2011 at 10:15:16AM +0200, Lukas Fleischer wrote:
> > stat()'s behaviour is undefined if the first argument is NULL and might
> > be prone to segfault. Add an additional check to skip the stat()
> > invocation if no destfile is used.
> > 
> > Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
> > ---
> >  lib/libalpm/dload.c |    2 +-
> >  1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
> > index 5a63e48..731d807 100644
> > --- a/lib/libalpm/dload.c
> > +++ b/lib/libalpm/dload.c
> > @@ -260,7 +260,7 @@ static int curl_download_internal(struct dload_payload *payload,
> >  		curl_easy_setopt(handle->curl, CURLOPT_USERAGENT, useragent);
> >  	}
> >  
> > -	if(!payload->allow_resume && !payload->force && stat(destfile, &st) == 0) {
> > +	if(!payload->allow_resume && !payload->force && destfile && stat(destfile, &st) == 0) {
> >  		/* start from scratch, but only download if our local is out of date. */
> >  		curl_easy_setopt(handle->curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
> >  		curl_easy_setopt(handle->curl, CURLOPT_TIMEVALUE, (long)st.st_mtime);
> > -- 
> > 1.7.6
> > 
> > 
> 
> We already check for destfile being NULL earlier, when we try to create it, line 210ish.

Yeah, we do not check that in the else branch though.


More information about the pacman-dev mailing list