mirror of
https://github.com/moparisthebest/curl
synced 2024-11-11 12:05:06 -05:00
After having studied one of the coverity.com reports at length last night, I
decided it was a good idea to properly document my thoughts in a comment near the code that was identified as a possible flaw. A false positive as far as I can see.
This commit is contained in:
parent
98b13037e7
commit
a0d906739d
@ -4240,6 +4240,13 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
|
||||
for(i = 0;
|
||||
(url = urls?glob_next_url(urls):(i?NULL:strdup(url)));
|
||||
i++) {
|
||||
/* NOTE: In the condition expression in the for() statement above, the
|
||||
'url' variable is only ever strdup()ed if (i == 0) and thus never
|
||||
when this loops later on. Further down in this function we call
|
||||
free(url) and then the code loops. Static code parsers may thus get
|
||||
tricked into believing that we have a potential access-after-free
|
||||
here. I can however not spot any such case. */
|
||||
|
||||
int infd = STDIN_FILENO;
|
||||
bool infdopen;
|
||||
char *outfile;
|
||||
|
Loading…
Reference in New Issue
Block a user