mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-03-26 02:45:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

appdata: Fix a -Wanalyzer-null-argument warning

Browse Source 
OpenScanHub [1] triggered this and flagged it as CWE-688 [2]:
  common/flatpak-appdata.c:298:7: warning[-Wanalyzer-null-argument]: use
      of NULL ‘parent’ where non-null expected
  common/flatpak-appdata.c:282:6: branch_false: following ‘false’
      branch...
  common/flatpak-appdata.c:285:3: branch_false: ...to here
  common/flatpak-appdata.c:285:3: branch_true: following ‘true’
      branch...
  common/flatpak-appdata.c:287:15: branch_true: ...to here
  common/flatpak-appdata.c:289:6: branch_false: following ‘false’
      branch...
  common/flatpak-appdata.c:297:7: branch_false: ...to here
  common/flatpak-appdata.c:297:6: branch_true: following ‘true’ branch
      (when the strings are equal)...
  common/flatpak-appdata.c:298:7: branch_true: ...to here
  common/flatpak-appdata.c:298:7: danger: argument 1 (‘parent’) NULL
      where non-null expected
  #  296|     /* avoid picking up <id> elements from e.g. <provides> */
  #  297|     if (g_str_equal (element_name, "id") &&
  #  298|->       g_str_equal (parent, "component"))
  #  299|       {
  #  300|         component->id = g_steal_pointer (&text);

The parsing code doesn't throw any errors from G_MARKUP_ERROR.  It
expects the input to be valid, and relies on assertions to express that.
eg., it asserts that a <component> element or tag is encountered before
any other, and particularly <content_attribute>, <content_rating> and
<release>.

In the same vein, an assertion was added to express that an <id> element
or tag always has a parent.

Spotted by Siteshwar Vashisht.

[1] https://openscanhub.dev/

[2] https://cwe.mitre.org/data/definitions/688.html
This commit is contained in:
Debarshi Ray
2026-03-11 20:54:50 +01:00
committed by Sebastian Wick
parent 8e7b3c6829
commit 596ef2fd7a
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
common/flatpak-appdata.c
View File

@@ -294,10 +294,11 @@ end_element (GMarkupParseContext *context,
}
/* avoid picking up <id> elements from e.g. <provides> */
if (g_str_equal (element_name, "id") &&
g_str_equal (parent, "component"))
if (g_str_equal (element_name, "id"))
{
component->id = g_steal_pointer (&text);
g_assert (parent != NULL);
if (g_str_equal (parent, "component"))
component->id = g_steal_pointer (&text);
}
else if (!data->in_developer && g_str_equal (element_name, "name"))
{