Giters

LibreDWG / libredwg

Official mirror of libredwg. With CI hooks and nightly releases. PR's ok

Home Page:https://savannah.gnu.org/projects/libredwg/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Missing NULL check

ManSoSec opened this issue · comments

commented

A NULL check on mspace is missing here:

libredwg/src/out_dxfb.c

Lines 1869 to 1879 in 785df5f

Dwg_Object *mspace = dwg->header_vars.BLOCK_RECORD_MSPACE->obj;
SECTION (ENTITIES);
for (i = 0; (BITCODE_BL)i < dwg->num_objects; i++)
{
Dwg_Object *obj = &dwg->object[i];
if (obj->supertype == DWG_SUPERTYPE_ENTITY && obj->type != DWG_TYPE_BLOCK
&& obj->type != DWG_TYPE_ENDBLK)
{
Dwg_Object_Ref *owner = obj->tio.entity->ownerhandle;
if (!owner || (owner && owner->obj == mspace))

While it is done here, which is a similar case:

libredwg/src/out_dxf.c

Lines 2261 to 2274 in 785df5f

Dwg_Object *mspace = dwg_model_space_object (dwg);
if (!mspace)
return DWG_ERR_INVALIDDWG;
SECTION (ENTITIES);
for (i = 0; (BITCODE_BL)i < dwg->num_objects; i++)
{
Dwg_Object *obj = &dwg->object[i];
if (obj->supertype == DWG_SUPERTYPE_ENTITY && obj->type != DWG_TYPE_BLOCK
&& obj->type != DWG_TYPE_ENDBLK)
{
Dwg_Object_Ref *owner = obj->tio.entity->ownerhandle;
if (!owner || (owner && owner->obj == mspace))

dwg_model_space_object might return dwg->header_vars.BLOCK_RECORD_MSPACE->obj so I think the semantic is the same.

libredwg/src/dwg.c

Line 861 in 007ebf4

return dwg->header_vars.BLOCK_RECORD_MSPACE->obj;