summaryrefslogtreecommitdiffstats
path: root/libdwfl
diff options
context:
space:
mode:
authorOmar Sandoval <osandov@fb.com>2021-06-09 17:45:57 -0700
committerDmitry V. Levin <ldv@altlinux.org>2021-06-10 00:45:57 +0000
commit828024afc517e266f3226b469ba33f372b401821 (patch)
tree606de4bf81c6cd036eccec8db3de306fb885b4e8 /libdwfl
parentPR27863: debuginfod optimization for concurrent requests (diff)
downloadelfutils-828024afc517e266f3226b469ba33f372b401821.tar.gz
elfutils-828024afc517e266f3226b469ba33f372b401821.tar.bz2
elfutils-828024afc517e266f3226b469ba33f372b401821.tar.xz
libdwfl: fix potential NULL pointer dereference when reading link map
When read_addrs() was moved into file scope, there was a mistake in converting "buffer" from a closure variable to a parameter: we are checking whether the pointer argument is NULL, not whether the buffer itself is NULL. This causes a NULL pointer dereference when we try to use the NULL buffer later. Fixes: 3bf41d458fb6 ("link_map: Pull read_addrs() into file scope") Signed-off-by: Omar Sandoval <osandov@fb.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Diffstat (limited to 'libdwfl')
-rw-r--r--libdwfl/ChangeLog4
-rw-r--r--libdwfl/link_map.c2
2 files changed, 5 insertions, 1 deletions
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index fedf65a4..1fce7af2 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
12021-06-09 Omar Sandoval <osandov@fb.com>
2
3 * link_map.c (read_addrs): Fix potential NULL pointer dereference.
4
12021-04-19 Martin Liska <mliska@suse.cz> 52021-04-19 Martin Liska <mliska@suse.cz>
2 6
3 * dwfl_frame.c (dwfl_attach_state): Use startswith. 7 * dwfl_frame.c (dwfl_attach_state): Use startswith.
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index 0d8d1c17..1e7d4502 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -254,7 +254,7 @@ read_addrs (struct memory_closure *closure,
254 Dwfl *dwfl = closure->dwfl; 254 Dwfl *dwfl = closure->dwfl;
255 255
256 /* Read a new buffer if the old one doesn't cover these words. */ 256 /* Read a new buffer if the old one doesn't cover these words. */
257 if (buffer == NULL 257 if (*buffer == NULL
258 || vaddr < *read_vaddr 258 || vaddr < *read_vaddr
259 || vaddr - (*read_vaddr) + nb > *buffer_available) 259 || vaddr - (*read_vaddr) + nb > *buffer_available)
260 { 260 {