1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 12:05:06 -05:00

After having studied one of the coverity.com reports at length last night, I

decided it was a good idea to properly document my thoughts in a comment near
the code that was identified as a possible flaw. A false positive as far as I
can see.
This commit is contained in:
Daniel Stenberg 2008-10-17 06:03:37 +00:00
parent 98b13037e7
commit a0d906739d

View File

@ -4240,6 +4240,13 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
for(i = 0;
(url = urls?glob_next_url(urls):(i?NULL:strdup(url)));
i++) {
/* NOTE: In the condition expression in the for() statement above, the
'url' variable is only ever strdup()ed if (i == 0) and thus never
when this loops later on. Further down in this function we call
free(url) and then the code loops. Static code parsers may thus get
tricked into believing that we have a potential access-after-free
here. I can however not spot any such case. */
int infd = STDIN_FILENO;
bool infdopen;
char *outfile;