Skip to content

[All] Security : nullptr checks #5903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fredroy wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[All] Security : nullptr checks #5903

fredroy wants to merge 3 commits into from

Conversation

@fredroy
Copy link
Contributor

@fredroy fredroy commented Jan 29, 2026
edited
Loading

dynamic_cast result not checked and some other pointers were not checked

[with-all-tests]

By submitting this pull request, I acknowledge that
I have read, understand, and agree SOFA Developer Certificate of Origin (DCO).

Reviewers will merge this pull-request only if

  • it builds with SUCCESS for all platforms on the CI.
  • it does not generate new warnings.
  • it does not generate new unit test failures.
  • it does not generate new scene test failures.
  • it does not break API compatibility.
  • it is more than 1 week old (or has fast-merge label).

@fredroy fredroy added pr: fix Fix a bug pr: status to review To notify reviewers to review this pull-request pr: ai-generated Label notifying the reviewers that part or all of the PR has been generated with the help of an AI labels Jan 29, 2026
@fredroy fredroy force-pushed the fix_vulnerabilities_pointer branch from 63d135f to 0b30929 Compare January 29, 2026 03:53
@fredroy
Copy link
Contributor Author

fredroy commented Jan 29, 2026

[ci-build][with-all-tests]

bakpaul
bakpaul reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

@bakpaul bakpaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A lot of the checks are made after a dynamic cast from context to node. I don't think this is required. Maybe we could change the cast to a static one ? Because we know that somehow in a sofa simulation a context doesn't live alone and is always actually comming from a Node object.

...lugins/ArticulatedSystemPlugin/src/ArticulatedSystemPlugin/ArticulatedHierarchyContainer.inl
Comment on lines +245 to +246
if (!context)
continue;
Copy link
Contributor

@bakpaul bakpaul Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we know this is not required ? Maybe here a static_cast would work. Because context is somehow == node no ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bakpaul bakpaul bakpaul left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

pr: ai-generated Label notifying the reviewers that part or all of the PR has been generated with the help of an AI pr: fix Fix a bug pr: status to review To notify reviewers to review this pull-request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fredroy @bakpaul