We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Description of the false positive
CodeQL warns about potential double free, in situations where there's clearly no such situation. It seems to be related to the use of negative indices
Code samples or links to source code
Cf https://github.com/MapServer/MapServer/security/code-scanning/3
The code at https://github.com/MapServer/MapServer/blob/0cb56232d4ca0e64d747efa1db602ff08e0ea42f/src/mapparser.c#L1787 (which is C code generated from a Bison grammar)
free((yyvsp[-2].strval)); free((yyvsp[0].strval));
generates "Memory pointed to by may already have been freed by. ", but this is obviously wrong as the memory locations are disjoint.
Extract of "Show path" in the report:
Step 1 pointer to free output argument Source src/mapparser.c:1787 } } free((yyvsp[-2].strval)); free((yyvsp[0].strval)); } #line 1791 "/vagrant/mapparser.c" /* yacc.c:1646 */ Step 2 *access to array [post update] [YYSTYPE] src/mapparser.c:1787 } } free((yyvsp[-2].strval)); free((yyvsp[0].strval)); } #line 1791 "/vagrant/mapparser.c" /* yacc.c:1646 */ Step 3 *access to array [YYSTYPE] src/mapparser.c:1788 } free((yyvsp[-2].strval)); free((yyvsp[0].strval)); } #line 1791 "/vagrant/mapparser.c" /* yacc.c:1646 */ break; Step 4 strval Sink src/mapparser.c:1788 } free((yyvsp[-2].strval)); free((yyvsp[0].strval)); Memory pointed to by may already have been freed by . } #line 1791 "/vagrant/mapparser.c" /* yacc.c:1646 */ break;
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description of the false positive
CodeQL warns about potential double free, in situations where there's clearly no such situation. It seems to be related to the use of negative indices
Code samples or links to source code
Cf https://github.com/MapServer/MapServer/security/code-scanning/3
The code at https://github.com/MapServer/MapServer/blob/0cb56232d4ca0e64d747efa1db602ff08e0ea42f/src/mapparser.c#L1787 (which is C code generated from a Bison grammar)
generates "Memory pointed to by may already have been freed by. ", but this is obviously wrong as the memory locations are disjoint.
Extract of "Show path" in the report:
The text was updated successfully, but these errors were encountered: