Bug Summary

File:sal/rtl/source/byteseq.cxx
Location:line 243, column 34
Description:Access to field 'nElements' results in a dereference of a null pointer (loaded from variable 'pSequence2')

Annotated Source Code

1/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2/*************************************************************************
3 *
4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5 *
6 * Copyright 2000, 2010 Oracle and/or its affiliates.
7 *
8 * OpenOffice.org - a multi-platform office productivity suite
9 *
10 * This file is part of OpenOffice.org.
11 *
12 * OpenOffice.org is free software: you can redistribute it and/or modify
13 * it under the terms of the GNU Lesser General Public License version 3
14 * only, as published by the Free Software Foundation.
15 *
16 * OpenOffice.org is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU Lesser General Public License version 3 for more details
20 * (a copy is included in the LICENSE file that accompanied this code).
21 *
22 * You should have received a copy of the GNU Lesser General Public License
23 * version 3 along with OpenOffice.org. If not, see
24 * <http://www.openoffice.org/license.html>
25 * for a copy of the LGPLv3 License.
26 *
27 ************************************************************************/
28
29#include <string.h>
30
31#include <osl/diagnose.h>
32#include <osl/interlck.h>
33
34#include <rtl/byteseq.h>
35#include <rtl/alloc.h>
36#include <rtl/memory.h>
37
38/* static data to be referenced by all empty strings
39 * the refCount is predefined to 1 and must never become 0 !
40 */
41static sal_Sequence aEmpty_rtl_ByteSeq =
42{
43 1, /* sal_Int32 refCount; */
44 0, /* sal_Int32 length; */
45 { 0 } /* sal_Unicode buffer[1]; */
46};
47
48//==================================================================================================
49void SAL_CALL rtl_byte_sequence_reference2One(
50 sal_Sequence ** ppSequence ) SAL_THROW_EXTERN_C()throw ()
51{
52 sal_Sequence * pSequence, * pNew;
53 sal_Int32 nElements;
54
55 OSL_ENSURE( ppSequence, "### null ptr!" )do { if (true && (!(ppSequence))) { sal_detail_logFormat
((SAL_DETAIL_LOG_LEVEL_WARN), ("legacy.osl"), ("/usr/local/src/libreoffice/sal/rtl/source/byteseq.cxx"
":" "55" ": "), "%s", "### null ptr!"); } } while (false)
;
56 pSequence = *ppSequence;
57
58 if (pSequence->nRefCount > 1)
59 {
60 nElements = pSequence->nElements;
61 if (nElements)
62 {
63 pNew = (sal_Sequence *)rtl_allocateMemory( SAL_SEQUENCE_HEADER_SIZE((sal_Size)&((sal_Sequence *)0)->elements) + nElements );
64
65 if ( pNew != 0 )
66 memcpy( pNew->elements, pSequence->elements, nElements );
67
68 if (! osl_decrementInterlockedCount( &pSequence->nRefCount ))
69 rtl_freeMemory( pSequence );
70 }
71 else
72 {
73 pNew = (sal_Sequence *)rtl_allocateMemory( SAL_SEQUENCE_HEADER_SIZE((sal_Size)&((sal_Sequence *)0)->elements) );
74 }
75
76 if ( pNew != 0 )
77 {
78 pNew->nRefCount = 1;
79 pNew->nElements = nElements;
80 }
81
82 *ppSequence = pNew;
83 }
84}
85
86//==================================================================================================
87void SAL_CALL rtl_byte_sequence_realloc(
88 sal_Sequence ** ppSequence, sal_Int32 nSize ) SAL_THROW_EXTERN_C()throw ()
89{
90 sal_Sequence * pSequence, * pNew;
91 sal_Int32 nElements;
92
93 OSL_ENSURE( ppSequence, "### null ptr!" )do { if (true && (!(ppSequence))) { sal_detail_logFormat
((SAL_DETAIL_LOG_LEVEL_WARN), ("legacy.osl"), ("/usr/local/src/libreoffice/sal/rtl/source/byteseq.cxx"
":" "93" ": "), "%s", "### null ptr!"); } } while (false)
;
94 pSequence = *ppSequence;
95 nElements = pSequence->nElements;
96
97 if (nElements == nSize)
98 return;
99
100 if (pSequence->nRefCount > 1) // split
101 {
102 pNew = (sal_Sequence *)rtl_allocateMemory( SAL_SEQUENCE_HEADER_SIZE((sal_Size)&((sal_Sequence *)0)->elements) + nSize );
103
104 if ( pNew != 0 )
105 {
106 if (nSize > nElements)
107 {
108 memcpy( pNew->elements, pSequence->elements, nElements );
109 memset( pNew->elements + nElements, 0, nSize - nElements );
110 }
111 else
112 {
113 memcpy( pNew->elements, pSequence->elements, nSize );
114 }
115 }
116
117 if (! osl_decrementInterlockedCount( &pSequence->nRefCount ))
118 rtl_freeMemory( pSequence );
119 pSequence = pNew;
120 }
121 else
122 {
123 pSequence = (sal_Sequence *)rtl_reallocateMemory(
124 pSequence, SAL_SEQUENCE_HEADER_SIZE((sal_Size)&((sal_Sequence *)0)->elements) + nSize );
125 }
126
127 if ( pSequence != 0 )
128 {
129 pSequence->nRefCount = 1;
130 pSequence->nElements = nSize;
131 }
132
133 *ppSequence = pSequence;
134}
135
136//==================================================================================================
137void SAL_CALL rtl_byte_sequence_acquire( sal_Sequence *pSequence )
138 SAL_THROW_EXTERN_C()throw ()
139{
140 OSL_ASSERT( pSequence )do { if (true && (!(pSequence))) { sal_detail_logFormat
((SAL_DETAIL_LOG_LEVEL_WARN), ("legacy.osl"), ("/usr/local/src/libreoffice/sal/rtl/source/byteseq.cxx"
":" "140" ": "), "OSL_ASSERT: %s", "pSequence"); } } while (
false)
;
141 osl_incrementInterlockedCount( &(pSequence->nRefCount) );
142}
143
144//==================================================================================================
145void SAL_CALL rtl_byte_sequence_release( sal_Sequence *pSequence )
146 SAL_THROW_EXTERN_C()throw ()
147{
148 if ( pSequence != 0 )
149 {
150 if (! osl_decrementInterlockedCount( &(pSequence->nRefCount )) )
151 {
152 rtl_freeMemory( pSequence );
153 }
154 }
155}
156
157//==================================================================================================
158void SAL_CALL rtl_byte_sequence_construct( sal_Sequence **ppSequence , sal_Int32 nLength )
159 SAL_THROW_EXTERN_C()throw ()
160{
161 OSL_ASSERT( ppSequence )do { if (true && (!(ppSequence))) { sal_detail_logFormat
((SAL_DETAIL_LOG_LEVEL_WARN), ("legacy.osl"), ("/usr/local/src/libreoffice/sal/rtl/source/byteseq.cxx"
":" "161" ": "), "OSL_ASSERT: %s", "ppSequence"); } } while (
false)
;
162 if( *ppSequence )
163 {
164 rtl_byte_sequence_release( *ppSequence );
165 *ppSequence = 0;
166 }
167
168 if( nLength )
169 {
170 *ppSequence = (sal_Sequence *) rtl_allocateZeroMemory( SAL_SEQUENCE_HEADER_SIZE((sal_Size)&((sal_Sequence *)0)->elements) + nLength );
171
172 if ( *ppSequence != 0 )
173 {
174 (*ppSequence)->nRefCount = 1;
175 (*ppSequence)->nElements = nLength;
176 }
177 }
178 else
179 {
180 *ppSequence = &aEmpty_rtl_ByteSeq;
181 rtl_byte_sequence_acquire( *ppSequence );
182 }
183}
184
185//==================================================================================================
186void SAL_CALL rtl_byte_sequence_constructNoDefault( sal_Sequence **ppSequence , sal_Int32 nLength )
187 SAL_THROW_EXTERN_C()throw ()
188{
189 OSL_ASSERT( ppSequence )do { if (true && (!(ppSequence))) { sal_detail_logFormat
((SAL_DETAIL_LOG_LEVEL_WARN), ("legacy.osl"), ("/usr/local/src/libreoffice/sal/rtl/source/byteseq.cxx"
":" "189" ": "), "OSL_ASSERT: %s", "ppSequence"); } } while (
false)
;
190 if( *ppSequence )
191 {
192 rtl_byte_sequence_release( *ppSequence );
193 *ppSequence = 0;
194 }
195
196 *ppSequence = (sal_Sequence *) rtl_allocateMemory( SAL_SEQUENCE_HEADER_SIZE((sal_Size)&((sal_Sequence *)0)->elements) + nLength );
197
198 if ( *ppSequence != 0 )
199 {
200 (*ppSequence)->nRefCount = 1;
201 (*ppSequence)->nElements = nLength;
202 }
203}
204
205//==================================================================================================
206void SAL_CALL rtl_byte_sequence_constructFromArray(
207 sal_Sequence **ppSequence, const sal_Int8 *pData , sal_Int32 nLength )
208 SAL_THROW_EXTERN_C()throw ()
209{
210 rtl_byte_sequence_constructNoDefault( ppSequence , nLength );
211 if ( *ppSequence != 0 )
212 memcpy( (*ppSequence)->elements, pData, nLength );
213}
214
215//==================================================================================================
216void SAL_CALL rtl_byte_sequence_assign( sal_Sequence **ppSequence , sal_Sequence *pSequence )
217 SAL_THROW_EXTERN_C()throw ()
218{
219 if ( *ppSequence != pSequence)
220 {
221 if( *ppSequence )
222 {
223 rtl_byte_sequence_release( *ppSequence );
224 }
225 *ppSequence = pSequence;
226 rtl_byte_sequence_acquire( *ppSequence );
227 }
228// else
229// nothing to do
230
231}
232
233//==================================================================================================
234sal_Bool SAL_CALL rtl_byte_sequence_equals( sal_Sequence *pSequence1 , sal_Sequence *pSequence2 )
235 SAL_THROW_EXTERN_C()throw ()
236{
237 OSL_ASSERT( pSequence1 )do { if (true && (!(pSequence1))) { sal_detail_logFormat
((SAL_DETAIL_LOG_LEVEL_WARN), ("legacy.osl"), ("/usr/local/src/libreoffice/sal/rtl/source/byteseq.cxx"
":" "237" ": "), "OSL_ASSERT: %s", "pSequence1"); } } while (
false)
;
238 OSL_ASSERT( pSequence2 )do { if (true && (!(pSequence2))) { sal_detail_logFormat
((SAL_DETAIL_LOG_LEVEL_WARN), ("legacy.osl"), ("/usr/local/src/libreoffice/sal/rtl/source/byteseq.cxx"
":" "238" ": "), "OSL_ASSERT: %s", "pSequence2"); } } while (
false)
;
239 if (pSequence1 == pSequence2)
1
Taking false branch
240 {
241 return sal_True((sal_Bool)1);
242 }
243 if (pSequence1->nElements != pSequence2->nElements)
2
Access to field 'nElements' results in a dereference of a null pointer (loaded from variable 'pSequence2')
244 {
245 return sal_False((sal_Bool)0);
246 }
247 return (sal_Bool)
248 (rtl_compareMemory(
249 pSequence1->elements, pSequence2->elements, pSequence1->nElements )
250 == 0);
251}
252
253
254//==================================================================================================
255const sal_Int8 *SAL_CALL rtl_byte_sequence_getConstArray( sal_Sequence *pSequence )
256 SAL_THROW_EXTERN_C()throw ()
257{
258 return ((const sal_Int8*)(pSequence->elements));
259}
260
261//==================================================================================================
262sal_Int32 SAL_CALL rtl_byte_sequence_getLength( sal_Sequence *pSequence )
263 SAL_THROW_EXTERN_C()throw ()
264{
265 return pSequence->nElements;
266}
267
268/* vim:set shiftwidth=4 softtabstop=4 expandtab: */