net_client_pop_connect: server_msg can be NULL
libnetclient/net-client-pop.c:
net_client_pop_connect:
ang_open = strchr(server_msg, '<'); /*lint !e668 !e9034 server_msg cannot be NULL; accept char literal as int */
server_msg is picked up through
result = net_client_pop_read_reply(client, &server_msg, error);
and in there:
result = net_client_read_line(NET_CLIENT(client), &reply_buf, error);
if (result) {
if (strncmp(reply_buf, "+OK", 3U) == 0) {
if ((strlen(reply_buf) > 3U) && (reply != NULL)) {
*reply = g_strdup(&reply_buf[4]);
}
} else if (strncmp(reply_buf, "-ERR", 4U) == 0) {
When reply_buf happens to be exactly "+OK", the 3 character do match. However, the length is not >3U, and the reply won't be filled.
197 line_buf = g_data_input_stream_read_line(client->priv->istream, &length, NULL, &read_err);
(gdb) step
198 if (line_buf != NULL) {
(gdb) step
200 if ((client->priv->max_line_len > 0U) && (length > client->priv->max_line_len)) {
(gdb) step
206 g_debug("R '%s'", line_buf);
(gdb) step
208 if (recv_line != NULL) {
(gdb) step
209 *recv_line = line_buf;
(gdb) step
net_client_pop_read_reply (client=<optimized out>, reply=0x7fffbfffe7b8, error=0x7fffbfffe8c0) at net-client-pop.c:418
418 if (result) {
1: reply_buf = (gchar *) 0x7fffb8005b20 "+OK"
(gdb) step
419 if (strncmp(reply_buf, "+OK", 3U) == 0) {
1: reply_buf = (gchar *) 0x7fffb8005b20 "+OK"
(gdb) step
420 if ((strlen(reply_buf) > 3U) && (reply != NULL)) {
1: reply_buf = (gchar *) 0x7fffb8005b20 "+OK"
(gdb) step
438 g_free(reply_buf);
1: reply_buf = (gchar *) 0x7fffb8005b20 "+OK"
(gdb) step
441 return result;
1: reply_buf = (gchar *) 0x7fffb8005b20 "\200\026"
(gdb) step
net_client_pop_connect (client=client@entry=0x555555fbdb60, greeting=greeting@entry=0x0, error=error@entry=0x7fffbfffe8c0) at net-client-pop.c:130
130 if (result) {
(gdb) step
133 ang_open = strchr(server_msg, '<'); /*lint !e668 !e9034 server_msg cannot be NULL; accept char literal as int */
(gdb) disp server_msg
2: server_msg = (gchar *) 0x0
(gdb) step
Thread 8 "balsa" received signal SIGSEGV, Segmentation fault.
0x00007fffeec6f008 in __strchr_avx2 () from /lib64/libc.so.6