mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-26 10:54:59 -04:00
d7f83c0db1
OpenScanHub [1] triggered this and flagged it as CWE-476 [2]:
app/flatpak-builtins-document-unexport.c:90:7:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘doc_id’
app/flatpak-builtins-document-unexport.c:48:1: enter_function: entry
to ‘flatpak_builtin_document_unexport’
app/flatpak-builtins-document-unexport.c:56:20: release_memory:
‘doc_id’ is NULL
app/flatpak-builtins-document-unexport.c:61:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:66:7: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:66:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:69:6: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:69:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:72:3: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:75:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:78:15: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:82:6: branch_false: following
‘false’ branch...
app/flatpak-builtins-document-unexport.c:85:7: branch_false: ...to
here
app/flatpak-builtins-document-unexport.c:85:6: branch_true: following
‘true’ branch...
app/flatpak-builtins-document-unexport.c:86:14: call_function: inlined
call to ‘g_strdup_inline’ from ‘flatpak_builtin_document_unexport’
app/flatpak-builtins-document-unexport.c:90:7: release_memory:
‘doc_id’ is NULL
app/flatpak-builtins-document-unexport.c:90:7: danger: dereference of
NULL ‘doc_id’
# 88| return FALSE;
# 89|
# 90|-> if (strcmp (doc_id, "") == 0)
# 91| {
# 92| g_print (_("Not exported\n"));
Add an assertion to express that 'doc_id' can't be NULL unless there's a
programmer error.
Spotted by Siteshwar Vashisht.
[1] https://openscanhub.dev/
[2] https://cwe.mitre.org/data/definitions/476.html
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
See https://flatpak.org/ for more information.
Flatpak is available in the package repositories of most Linux distributions and can be installed from there. See https://flatpak.org/setup/ for quick setup instructions for many distributions.
Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.
Read documentation for Flatpak here.
Contributing
Flatpak welcomes contributions from anyone! Here are some ways you can help:
- Fix one of the issues and submit a PR
- Update flatpak's translations and submit a PR
- Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
- Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
- Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
- Improve the Flatpak support in your favorite Linux distribution
Hacking
See CONTRIBUTING.md
Related Projects
Here are some notable projects in the Flatpak ecosystem:
- Flatseal: An app for managing permissions of Flatpak apps without using the CLI
- Flat-manager: A tool for managing Flatpak repositories