[PR #6859] [MERGED] bugfix: fix potential infinite loop in checkcfg (-fanalyzer) #6202

New issue

Closed

opened 2026-05-05 10:52:38 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented 2026-05-05 10:52:38 -06:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6859
Author: @kmk3
Created: 8/13/2025
Status: ✅ Merged
Merged: 8/15/2025
Merged by: @kmk3

Base: master ← Head: checkcfg-fix-infinite-loop

---

📝 Commits (1)

• 3f85fa2 bugfix: fix potential infinite loop in checkcfg (-fanalyzer)

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 src/firejail/checkcfg.c (+1 -1)

📄 Description

It looks like it could happen if a line in /etc/firejail/firejail.config
starts with netfilter-default and there is a space or tab right after
that.

$ pacman -Q gcc14 glibc
gcc14 14.3.1+r25+g42e99e057bd7-1
glibc 2.42+r3+gbc13db739377-1
$ ./configure --enable-analyzer CC=gcc-14 >/dev/null &&
  make clean >/dev/null && make >/dev/null
[...]
../../src/firejail/checkcfg.c: In function ‘checkcfg’:
../../src/firejail/checkcfg.c:137:40: warning: infinite loop [CWE-835] [-Wanalyzer-infinite-loop]
  137 |                                 while (*fname == ' ' || *fname == '\t')
      |                                        ^~~~~~
  ‘checkcfg’: events 1-5
    |
    |  137 |                                 while (*fname == ' ' || *fname == '\t')
    |      |                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                                        |             |
    |      |                                        |             (2) if it ever follows ‘true’ branch, it will always do so...
    |      |                                        (1) infinite loop here
    |      |                                        (5) ...to here
    |  138 |                                         ptr++;
    |      |                                         ~~~~~
    |      |                                            |
    |      |                                            (3) ...to here
    |      |                                            (4) looping back...
    |
[...]

Added on commit 340a6b2ee ("added netfilter-default config option in
/etc/firejail/firejail.config", 2016-07-28).

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6859 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 8/13/2025 **Status:** ✅ Merged **Merged:** 8/15/2025 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `checkcfg-fix-infinite-loop` --- ### 📝 Commits (1) - [`3f85fa2`](https://github.com/netblue30/firejail/commit/3f85fa29cad3a844d73ac03011c7f3eb7ead1ceb) bugfix: fix potential infinite loop in checkcfg (-fanalyzer) ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/firejail/checkcfg.c` (+1 -1) </details> ### 📄 Description It looks like it could happen if a line in /etc/firejail/firejail.config starts with `netfilter-default ` and there is a space or tab right after that. $ pacman -Q gcc14 glibc gcc14 14.3.1+r25+g42e99e057bd7-1 glibc 2.42+r3+gbc13db739377-1 $ ./configure --enable-analyzer CC=gcc-14 >/dev/null && make clean >/dev/null && make >/dev/null [...] ../../src/firejail/checkcfg.c: In function ‘checkcfg’: ../../src/firejail/checkcfg.c:137:40: warning: infinite loop [CWE-835] [-Wanalyzer-infinite-loop] 137 | while (*fname == ' ' || *fname == '\t') | ^~~~~~ ‘checkcfg’: events 1-5 | | 137 | while (*fname == ' ' || *fname == '\t') | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (2) if it ever follows ‘true’ branch, it will always do so... | | (1) infinite loop here | | (5) ...to here | 138 | ptr++; | | ~~~~~ | | | | | (3) ...to here | | (4) looping back... | [...] Added on commit 340a6b2ee ("added netfilter-default config option in /etc/firejail/firejail.config", 2016-07-28). --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

gitea-mirror 2026-05-05 10:52:38 -06:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6202

No description provided.