NULL ptr dereferences found with Calysto static checker

Domagoj Babic babic.domagoj at
Fri Jun 22 01:33:37 EST 2007


On 6/21/07, Gert Doering <gert at> wrote:
> "The return value is the null pointer if time cannot be represented as a
> broken-down time; typically this is because the year cannot fit into an int."
> - so, OpenSSH will break in the year 4294967297.  Damn.

It says 'typically', so, there are probably also other conditions under which
that can happen. One way or another, it shouldn't be dereferenced directly
without checking. Most high-quality open source projects I've analyzed so
far check the result of localtime/gmtime. However, if community strongly
feels that this should not be reported as a bug, it's really trivial to tell
that to Calysto.


        Domagoj Babic

More information about the openssh-unix-dev mailing list