CVE-2025-5915: Cve 2025 5915 Missing Error String
Returning an error code such as ARCHIVE_FATAL directly from a parsing function without setting an error string can lead to a NULL pointer dereference when clients query the error string. Route error paths through a common block that sets the error string via archive_set_error() before returning.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0c
greprules fetch cve-2025-5915-cve-2025-5915-missing-error-string --engine opengrepDescription
Returning an error code such as ARCHIVE_FATAL directly from a parsing function without setting an error string can lead to a NULL pointer dereference when clients query the error string. Route error paths through a common block that sets the error string via archive_set_error() before returning.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.