summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOmar Sandoval <osandov@fb.com>2021-06-09 17:45:57 -0700
committerDmitry V. Levin <ldv@altlinux.org>2021-06-10 00:45:57 +0000
commit828024afc517e266f3226b469ba33f372b401821 (patch)
tree606de4bf81c6cd036eccec8db3de306fb885b4e8
parentab38d167c40c995d4b3c3a2ac1347f9f2be9c810 (diff)
downloadelfutils-828024afc517e266f3226b469ba33f372b401821.tar.gz
libdwfl: fix potential NULL pointer dereference when reading link map
When read_addrs() was moved into file scope, there was a mistake in converting "buffer" from a closure variable to a parameter: we are checking whether the pointer argument is NULL, not whether the buffer itself is NULL. This causes a NULL pointer dereference when we try to use the NULL buffer later. Fixes: 3bf41d458fb6 ("link_map: Pull read_addrs() into file scope") Signed-off-by: Omar Sandoval <osandov@fb.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Diffstat
-rw-r--r--libdwfl/ChangeLog4
-rw-r--r--libdwfl/link_map.c2
2 files changed, 5 insertions, 1 deletions
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index fedf65a4..1fce7af2 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2021-06-09 Omar Sandoval <osandov@fb.com>
+
+ * link_map.c (read_addrs): Fix potential NULL pointer dereference.
+
2021-04-19 Martin Liska <mliska@suse.cz>
* dwfl_frame.c (dwfl_attach_state): Use startswith.
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index 0d8d1c17..1e7d4502 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -254,7 +254,7 @@ read_addrs (struct memory_closure *closure,
Dwfl *dwfl = closure->dwfl;
/* Read a new buffer if the old one doesn't cover these words. */
- if (buffer == NULL
+ if (*buffer == NULL
|| vaddr < *read_vaddr
|| vaddr - (*read_vaddr) + nb > *buffer_available)
{
View Lorry Controller Status