CRITICAL BUG: NULL Pointer Dereference
Location: src/arvdevice.c:1227
Function: arv_device_set_features_from_string()
Severity: HIGH - Will cause segmentation fault
Problem:
char *value = g_match_info_fetch_named (match_info, "Value"); // line 1212
// ... no NULL check ...
int_value = g_ascii_strtoll (value, &end, 0); // line 1227 - CRASH if value is NULL!
Root Cause:
- The regex pattern at lines 1204-1206 makes the value optional: (?:\=...)?
- Input like R[0x100] (register address without a value) will match with value = NULL
- g_ascii_strtoll() does NOT accept NULL and will segfault
- The code checks for NULL value at line 1242 for regular features, but NOT for register writes
How to Trigger:
Call arv_device_set_features_from_string() with a register address pattern without a value:
arv_device_set_features_from_string(device, "R[0x1000]", &error); // SEGFAULT
Recommended Fix:
Add a NULL check before line 1227:
} else {
if (value == NULL) {
g_set_error(&local_error,
ARV_DEVICE_ERROR,
ARV_DEVICE_ERROR_INVALID_PARAMETER,
"Register write R[%s] requires a value", key);
} else {
int_value = g_ascii_strtoll(value, &end, 0);
// ... rest of the code
}
}
CRITICAL BUG: NULL Pointer Dereference
Location: src/arvdevice.c:1227
Function: arv_device_set_features_from_string()
Severity: HIGH - Will cause segmentation fault
Problem:
char *value = g_match_info_fetch_named (match_info, "Value"); // line 1212
// ... no NULL check ...
int_value = g_ascii_strtoll (value, &end, 0); // line 1227 - CRASH if value is NULL!
Root Cause:
How to Trigger:
Call arv_device_set_features_from_string() with a register address pattern without a value:
arv_device_set_features_from_string(device, "R[0x1000]", &error); // SEGFAULT
Recommended Fix:
Add a NULL check before line 1227:
} else {
if (value == NULL) {
g_set_error(&local_error,
ARV_DEVICE_ERROR,
ARV_DEVICE_ERROR_INVALID_PARAMETER,
"Register write R[%s] requires a value", key);
} else {
int_value = g_ascii_strtoll(value, &end, 0);
// ... rest of the code
}
}