Possible NULL pointer dereference on Lua_LLThread__delete__meth??

[ycaibb]

Dear developers:
Our static analysis tool reports an NPD bug here, since this_idx1 may be null. It may be a false positive. Thank yo for your confirmation.

lua-llthreads/src/pre_generated-llthreads.nobj.c

Line 1788 in 8dcf387

if((this_idx1->state & TSTATE_STARTED) == TSTATE_STARTED &&

static int Lua_LLThread__delete__meth(lua_State *L) {
  int this_flags_idx1 = 0;
  Lua_LLThread * this_idx1;
	Lua_LLThread_child *child;

  this_idx1 = obj_type_Lua_LLThread_delete(L,1,&(this_flags_idx1)); //execute obj_udata_luadelete_weak which may return null.
  if(!(this_flags_idx1 & OBJ_UDATA_FLAG_OWN)) { return 0; }
	/* if the thread has been started and has not been detached/joined. */
	if((this_idx1->state & TSTATE_STARTED) == TSTATE_STARTED &&
			(this_idx1->state & (TSTATE_DETACHED|TSTATE_JOINED)) == 0) {
		...;
	}
	llthread_destroy(this_idx1);

  return 0;
}

This method may return NULL.

static FUNC_UNUSED void *obj_udata_luadelete_weak(lua_State *L, int _index, obj_type *type, int *flags) {
	void *obj;
	obj_udata *ud = obj_udata_luacheck_internal(L, _index, &(obj), type, 0);
	if(ud == NULL) return NULL;
	*flags = ud->flags;
	/* null userdata. */
	ud->obj = NULL;
	ud->flags = 0;
	/* clear the metatable in invalidate userdata. */
	lua_pushnil(L);
	lua_setmetatable(L, _index);
	/* get objects weak table. */
	lua_pushlightuserdata(L, obj_udata_weak_ref_key);
	lua_rawget(L, LUA_REGISTRYINDEX); /* weak ref table. */
	/* remove object from weak table. */
	lua_pushlightuserdata(L, obj);
	lua_pushnil(L);
	lua_rawset(L, -3);
	return obj;
}

[ycaibb]

HI, any reply would be highly appreciated! @Neopallium

[Neopallium]

Sorry for the very long wait. The pointer can only be NULL if the flags are not set. With the flag check for OWN will cause the function to return.

if(!(this_flags_idx1 & OBJ_UDATA_FLAG_OWN)) { return 0; } This will always return zero when the pointer is NULL.