Null Pointer Dereference in lib

[mugitya03]

Description

Dear Developers,

We found function ls_vertex_add can return NULL value when key is invalid or XCALLOC fails.

	/* Check that key is valid */
	if (key == 0)
		return NULL;

	/* Create Vertex and add it to the TED */
	new = XCALLOC(MTYPE_LS_DB, sizeof(struct ls_vertex));
	if (!new)
		return NULL;

However, some caller functions don't check the return value of ls_vertex_add before dereferencing, causing potential null pointer dereference bugs.

• vertex = ls_vertex_add(ted, node); link
• vertex = ls_vertex_add(ted, node); link
• vertex = ls_vertex_add(ted, old); link
• vertex = ls_vertex_add(ted, lnode); link

We found that some call functions already perform a null value check on the return value before dereferencing (link, link). Therefore, we believe the above call sites also need to add such checks.

Version

latest master

How to reproduce

When key is invalid or XCALLOC fails, the function ls_vertex_add can return NULL value.

Expected behavior

No

Actual behavior

No

Additional context

No response

Checklist

• I have searched the open issues for this bug.
• I have not included sensitive information in this report.

[mugitya03]

@ton31337 Could you please take a look at these issues? They appear to be similar to 18072 due to missing null value checks, but I'm unsure of the best way to fix them.

[donaldsharp]

remove the key == 0 and change it to a assert so it doesn't return null. Remove the if (!new) null check it's bogus. Problem solved.