diff options
author | Omar Sandoval <osandov@fb.com> | 2021-06-09 17:45:57 -0700 |
---|---|---|
committer | Dmitry V. Levin <ldv@altlinux.org> | 2021-06-10 00:45:57 +0000 |
commit | 828024afc517e266f3226b469ba33f372b401821 (patch) | |
tree | 606de4bf81c6cd036eccec8db3de306fb885b4e8 | |
parent | ab38d167c40c995d4b3c3a2ac1347f9f2be9c810 (diff) | |
download | elfutils-828024afc517e266f3226b469ba33f372b401821.tar.gz |
libdwfl: fix potential NULL pointer dereference when reading link map
When read_addrs() was moved into file scope, there was a mistake in
converting "buffer" from a closure variable to a parameter: we are
checking whether the pointer argument is NULL, not whether the buffer
itself is NULL. This causes a NULL pointer dereference when we try
to use the NULL buffer later.
Fixes: 3bf41d458fb6 ("link_map: Pull read_addrs() into file scope")
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
-rw-r--r-- | libdwfl/ChangeLog | 4 | ||||
-rw-r--r-- | libdwfl/link_map.c | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog index fedf65a4..1fce7af2 100644 --- a/libdwfl/ChangeLog +++ b/libdwfl/ChangeLog @@ -1,3 +1,7 @@ +2021-06-09 Omar Sandoval <osandov@fb.com> + + * link_map.c (read_addrs): Fix potential NULL pointer dereference. + 2021-04-19 Martin Liska <mliska@suse.cz> * dwfl_frame.c (dwfl_attach_state): Use startswith. diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c index 0d8d1c17..1e7d4502 100644 --- a/libdwfl/link_map.c +++ b/libdwfl/link_map.c @@ -254,7 +254,7 @@ read_addrs (struct memory_closure *closure, Dwfl *dwfl = closure->dwfl; /* Read a new buffer if the old one doesn't cover these words. */ - if (buffer == NULL + if (*buffer == NULL || vaddr < *read_vaddr || vaddr - (*read_vaddr) + nb > *buffer_available) { |