| Message ID | 20240701201556.9122-1-maks.mishinFZ@gmail.com |
|---|---|
| State | Dropped |
| Headers |
Return-Path: <elfutils-devel-bounces~patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id BA873389ECA0 for <patchwork@sourceware.org>; Mon, 1 Jul 2024 20:16:12 +0000 (GMT) X-Original-To: elfutils-devel@sourceware.org Delivered-To: elfutils-devel@sourceware.org Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) by sourceware.org (Postfix) with ESMTPS id 4881E3858CDA for <elfutils-devel@sourceware.org>; Mon, 1 Jul 2024 20:16:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4881E3858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4881E3858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::135 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719864963; cv=none; b=wjaXTrwB5CHepsLQVIbjB4DhBVMcdV9gfcPOiTjlMl+wojNitZlhCHYbLQa7Pzyferl2j1WgYOQQPYgSLX4mQcF5s2QK5TpJONAXjguMCOqe5Gi4UJnBLvFaZZrRs5esNcW9GXgvH3cWYn699heclYv2Zdkppm2m95J9xvQriP8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719864963; c=relaxed/simple; bh=e8IqJxZqMR433R/YzIGObYc0/NZv4kK0EqDMnCiyUqw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Vfn8przgIva6J/kyHcjQmGly8ud9Prx9UVAEO5rhxImy10RbZPNrnW2YEvyYtDaGp5QHqEiSPVgUSkfKlCWFLJIz9DqqDrVfoUvKHMUgyOouHJ3VtrfO5uAo2vJ3wKxvj7muajG/EkgqJoBHZGxvWZUqp7lEXsBPNJdwmhLeNEM= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-52cdb0d8107so3943978e87.1 for <elfutils-devel@sourceware.org>; Mon, 01 Jul 2024 13:16:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719864959; x=1720469759; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=o4h6XsSRJefDldSMsmypjpIUpe0+Whe5vPfKtOiZ7bs=; b=EBh6o+y/OhmfLV+mGn8K+ylbYN/7qh12367RBQ8dK6uYzuyoCOy8V2Ir38MEuJOHcn CZyEVH2oTp3SilZqCMbKn7VFi5afv61WqHxm7yTk0dGQobDlBSQNETOR4dYlJBTPt6DJ U9O/4uWSXEiN3Chijo6Jj0FRK6jXARRT82syds7zMblY/qEsBItpgFVmzbxyw8tpTZAE dxcbTe5vjpjLBcdvr7eHMohZG/xEftiQ2E+XlGZcAKJGLDTLwsHkp50xY27joewL0qw5 Hr0BCUcSSy3BLPxwvjdrJCuM+b85PgvdHv0fmxp054FAMyY+2Wbu+KyWM37jXw079inN lUgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719864959; x=1720469759; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=o4h6XsSRJefDldSMsmypjpIUpe0+Whe5vPfKtOiZ7bs=; b=ukAlqJhF2+wUKMcQtpN7MhCq3x+2Ty6uvj2O30Nla/877JOpke66EmPLkvQFztEMWR /FDYHj12soHBW6S4tFDQ288RU8r1xAwrp1NiYdh9R2pxBWmsTSFzKldF/AlXAVycTDmT zOB8bz9UHMf6RJFP9AVa9Ef45qvRo0Dt8DHNqFyX1WkIQSuyVDdCDDZb0orTD2jdoAFl wwa7Ns4PX6RUG7d9ZosBouvxzbrbkmyhD+CFEOqvmpTIJaNU3w4Qgez31Sp9Os/BvQgs VU6POL3ugY3L3cl2AhcDYcMFC7ZVy42h457NJ8dFqol2a1d2hrh7KWoEP9i2hTc/wA4D ZYHg== X-Gm-Message-State: AOJu0YycmOHjecpk6S/fSVTXJbzD6KMwU0mZBZJ1lTPpOHQ/Zcq130nm /2ols2fbayxwBSEuNPZobY6OP9roQEXUj5NPySQgOk+WnvANPk7ZktF6TA== X-Google-Smtp-Source: AGHT+IE1DlnZ6zJ+V7LoU4tvUKJ1SyfoB8XrrF7J2ijsSbCv0GYLGBdY70hRzi803JJac9pBqCgZtg== X-Received: by 2002:a05:6512:15a1:b0:52c:cda0:18b9 with SMTP id 2adb3069b0e04-52e827320e5mr4733716e87.59.1719864958964; Mon, 01 Jul 2024 13:15:58 -0700 (PDT) Received: from lnb1191fv.rasu.local (89-109-46-124.dynamic.mts-nn.ru. [89.109.46.124]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52e7ab10749sm1552632e87.107.2024.07.01.13.15.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jul 2024 13:15:58 -0700 (PDT) From: Maks Mishin <maks.mishinfz@gmail.com> X-Google-Original-From: Maks Mishin <maks.mishinFZ@gmail.com> To: elfutils-devel@sourceware.org Cc: Maks Mishin <maks.mishinFZ@gmail.com> Subject: [PATCH] size: Fix deref-of-null in handle_ar() function Date: Mon, 1 Jul 2024 23:15:56 +0300 Message-Id: <20240701201556.9122-1-maks.mishinFZ@gmail.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-10.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>, <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/elfutils-devel/> List-Post: <mailto:elfutils-devel@sourceware.org> List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>, <mailto:elfutils-devel-request@sourceware.org?subject=subscribe> Errors-To: elfutils-devel-bounces~patchwork=sourceware.org@sourceware.org |
| Series |
size: Fix deref-of-null in handle_ar() function
|
|
Commit Message
Maks Mishin
July 1, 2024, 8:15 p.m. UTC
Pointer, returned from function 'elf_getarhdr' at size.c:362,
may be NULL and is dereferenced at size.c:367.
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
---
src/size.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Comments
Maks Mishin <maks.mishinfz@gmail.com> writes: > Pointer, returned from function 'elf_getarhdr' at size.c:362, > may be NULL and is dereferenced at size.c:367. > Your other patch has "Found by RASU JSC." but the rest don't. Are they all found by it? If so, please say that. (Also, consider sending the fixes as a series if they're related/from the same analyser tool batch.) > Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com> > --- > src/size.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/src/size.c b/src/size.c > index ff8ca075..d6bce203 100644 > --- a/src/size.c > +++ b/src/size.c > @@ -361,6 +361,16 @@ handle_ar (int fd, Elf *elf, const char *prefix, const char *fname) > /* The the header for this element. */ > Elf_Arhdr *arhdr = elf_getarhdr (subelf); > > + if (arhdr == NULL) > + { > + printf ("cannot get archive header in '%s': %s\n", > + fname, elf_errmsg (-1)); > + elf_end (subelf); > + elf_end (elf); > + close (fd); > + return 1; > + } > + > if (elf_kind (subelf) == ELF_K_ELF) > handle_elf (subelf, new_prefix, arhdr->ar_name); > else if (likely (elf_kind (subelf) == ELF_K_AR))
Hi, On Mon, Jul 01, 2024 at 09:54:46PM +0100, Sam James wrote: > Maks Mishin <maks.mishinfz@gmail.com> writes: > > > Pointer, returned from function 'elf_getarhdr' at size.c:362, > > may be NULL and is dereferenced at size.c:367. > > > > Your other patch has "Found by RASU JSC." but the rest don't. Are they > all found by it? If so, please say that. Also please explain why a patch is needed. Last time you submitted patches I just gave up reviewing them because most of them were just bogus. Using a tool to find issues is fine, but you do need to explain why you believe the tool reports are correct. https://inbox.sourceware.org/elfutils-devel/20240405190452.GH1292@gnu.wildebeest.org/ Cheers, Mark
diff --git a/src/size.c b/src/size.c index ff8ca075..d6bce203 100644 --- a/src/size.c +++ b/src/size.c @@ -361,6 +361,16 @@ handle_ar (int fd, Elf *elf, const char *prefix, const char *fname) /* The the header for this element. */ Elf_Arhdr *arhdr = elf_getarhdr (subelf); + if (arhdr == NULL) + { + printf ("cannot get archive header in '%s': %s\n", + fname, elf_errmsg (-1)); + elf_end (subelf); + elf_end (elf); + close (fd); + return 1; + } + if (elf_kind (subelf) == ELF_K_ELF) handle_elf (subelf, new_prefix, arhdr->ar_name); else if (likely (elf_kind (subelf) == ELF_K_AR))