| Summary: | Read from pointer after free at rmaliases function, ash.c file | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Marcin <marcin.w.nowakowski> |
| Component: | Other | Assignee: | unassigned |
| Status: | NEW --- | ||
| Severity: | major | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.37.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
Static analyses tool shows an issue in ash.c file, rmaliases function. The issue is Read from pointer after free (USE_AFTER_FREE). The detailed information is provided below. 3515static void 3516rmaliases(void) 3517{ 3518 struct alias *ap, **app; 3519 int i; 3520 3521 INT_OFF; 1. Condition i < 39, taking true branch. 3522 for (i = 0; i < ATABSIZE; i++) { 3523 app = &atab[i]; 2. Condition ap, taking true branch. 5. alias: Assigning: ap = *app. Now both point to the same storage. 6. Condition ap, taking true branch. 3524 for (ap = *app; ap; ap = *app) { 7. freed_arg: freealias frees *app.["show details"] 3525 *app = freealias(*app); 3. Condition ap == *app, taking true branch. 8. Condition ap == *app, taking true branch. 3526 if (ap == *app) { CID 5896585: (#1 of 1): Read from pointer after free (USE_AFTER_FREE) 9. deref_after_free: Dereferencing freed pointer ap. 3527 app = &ap->next; 3528 } 4. Jumping back to the beginning of the loop. 3529 } 3530 } 3531 INT_ON; 3532}