From a0d906739d5fc9c612f57da187875d1abfc33e63 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 17 Oct 2008 06:03:37 +0000 Subject: After having studied one of the coverity.com reports at length last night, I decided it was a good idea to properly document my thoughts in a comment near the code that was identified as a possible flaw. A false positive as far as I can see. --- src/main.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main.c b/src/main.c index 949fc2ff8..7de7e42d9 100644 --- a/src/main.c +++ b/src/main.c @@ -4240,6 +4240,13 @@ operate(struct Configurable *config, int argc, argv_item_t argv[]) for(i = 0; (url = urls?glob_next_url(urls):(i?NULL:strdup(url))); i++) { + /* NOTE: In the condition expression in the for() statement above, the + 'url' variable is only ever strdup()ed if (i == 0) and thus never + when this loops later on. Further down in this function we call + free(url) and then the code loops. Static code parsers may thus get + tricked into believing that we have a potential access-after-free + here. I can however not spot any such case. */ + int infd = STDIN_FILENO; bool infdopen; char *outfile; -- cgit v1.2.3