-
Notifications
You must be signed in to change notification settings - Fork 7.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Null Pointer Dereference Vulnerability in leveldb_open #1183
Comments
The documentation of the C API for leveldb, found here, clearly states that all pointer arguments must never be NULL. It is the responsibility of the caller to ensure that they never pass a null pointer to any of the C API functions. Violating this requirement is a programmer error. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The
leveldb_open
function in LevelDB is vulnerable to a null pointer dereference issue, where it directly converts aconst char* name
to astd::string
without null checks. This can lead to astd::logic_error
being thrown ifname
isnullptr
.Steps to Reproduce
leveldb_open
withname
set tonullptr
.std::logic_error
.Expected Behavior
The function should handle
nullptr
inputs gracefully, either by returning an error or by rejecting the operation without crashing.Suggested Fix
Implement a null check before using the
name
variable:The text was updated successfully, but these errors were encountered: