Potential dereference of a NULL pointer in pango-attributes.c
Submitted by Peter Williams
I've been reading the source files for pango and have noticed what I think is a bug in the function pango_attr_list_insert_internal() in the file pango-attributes.c.
At line 1244, there is an unguarded dereferencing of the pointer tmp_list to obtain the data field of the list element. Then at line 1258, there is a test to see if tmp_list null to determine if list's attributes_tail field needs to be updated. As tmp_list is not modified between line 1244 and 1258 there is no possibility it will be null at line 1258 unless it were null at line 1244 and if it were null there there would be a segment fault.
So there are two possibilities:
1 there's a chance of a segmentation fault at line 1244, or 2 the code at lines 1258-1259 is unnecessary.
In my opinion, it's the first of these.