diff options
| author | Kevin Svetlitski <svetlitski@meta.com> | 2023-05-11 14:20:30 -0700 |
|---|---|---|
| committer | Qi Wang <interwq@gmail.com> | 2023-05-11 14:47:50 -0700 |
| commit | 0288126d9cc0d061766e37cbbaabaa78aff3aff5 (patch) | |
| tree | 0b46b6e31313b0e54c13d20ebf878174037a6eaf | |
| parent | d4a2b8bab10980d4677d43560f27ac9ef66cde45 (diff) | |
| download | jemalloc-0288126d9cc0d061766e37cbbaabaa78aff3aff5.tar.gz | |
Fix possible `NULL` pointer dereference from `mallctl("prof.prefix", ...)`
Static analysis flagged this issue. Here is a minimal program which
causes a segfault within Jemalloc:
```
#include <jemalloc/jemalloc.h>
const char *malloc_conf = "prof:true";
int main() {
mallctl("prof.prefix", NULL, NULL, NULL, 0);
}
```
Fixed by checking if `prefix` is `NULL`.
| -rw-r--r-- | src/prof_sys.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/prof_sys.c b/src/prof_sys.c index 3f7196f8..3cbb3a85 100644 --- a/src/prof_sys.c +++ b/src/prof_sys.c @@ -749,6 +749,9 @@ bool prof_prefix_set(tsdn_t *tsdn, const char *prefix) { cassert(config_prof); ctl_mtx_assert_held(tsdn); + if (prefix == NULL) { + return true; + } malloc_mutex_lock(tsdn, &prof_dump_filename_mtx); if (prof_prefix == NULL) { malloc_mutex_unlock(tsdn, &prof_dump_filename_mtx); |