Alice, that's right. Rich, I'm sorry, but it's now always possible to test a particular function. Can you tell me how you are testing the library? This will help me make more meaningful patches. пн, 25 мар. 2024 г. в 11:53, alice : > On Sun Mar 24, 2024 at 7:33 PM UTC, Rich Felker wrote: > > On Sun, Mar 24, 2024 at 10:25:03PM +0300, Maks Mishin wrote: > > > After having been assigned to a NULL value at iconv.c:230, > > > pointer 'scd' is dereferenced at iconv.c:383. > > > > > > Found by RASU JSC. > > > > > > Signed-off-by: Maks Mishin > > > --- > > > src/locale/iconv.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/src/locale/iconv.c b/src/locale/iconv.c > > > index 7fb2e1ef..e0d200b8 100644 > > > --- a/src/locale/iconv.c > > > +++ b/src/locale/iconv.c > > > @@ -232,6 +232,8 @@ size_t iconv(iconv_t cd, char **restrict in, > size_t *restrict inb, char **restri > > > scd = (void *)cd; > > > cd = scd->base_cd; > > > } > > > + if (scd == NULL) return x; > > > + > > > unsigned to = extract_to(cd); > > > unsigned from = extract_from(cd); > > > const unsigned char *map = charmaps+from+1; > > > -- > > > 2.30.2 > > > > This makes iconv non-functional for non-stateful conversions. The > > claim by the static analysis tool is false. It is not dereferenced in > > the code path where it's null because in that code path, > > type==ISO2022_JP is never true. > > > > This tool you are using is really junk. You should stop sending > > untested and obviously incorrect patches to projects, and advise any > > projects that have accepted your patches that they may have been > > dangerously incorrect. > > I'm pretty sure RASU JSC is not a tool but rather the Rusatom State Atomic > Corporation JSC, i.e. a branch at the Russian atomic energy company. > > > > > Rich > > -- С уважением, Максим Мишин +7 (915) 958-41-07 maks.mishinFZ@gmail.com