From patchwork Thu Mar 31 15:44:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Chestnyh X-Patchwork-Id: 52533 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 38CC7385E45B for ; Thu, 31 Mar 2022 15:44:28 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mxout01.lancloud.ru (mxout01.lancloud.ru [45.84.86.81]) by sourceware.org (Postfix) with ESMTPS id E80D9383802A for ; Thu, 31 Mar 2022 15:44:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E80D9383802A Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=omp.ru Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=omp.ru Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout01.lancloud.ru 13B3E20D2E6C Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Dmitry Chestnyh To: Subject: [PATCH] [elf] Fix possible null-pointer dereference. Date: Thu, 31 Mar 2022 18:44:11 +0300 Message-ID: <20220331154411.442438-1-d.chestnyh@omp.ru> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To LFEX1912.lancloud.ru (fd00:f066::166) X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dmitry Chestnyh Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" This issue was found by SVACE static analyzer. Dereference can appear at line 203 and there are no obvious checks of `map->l_name` ptr value. And seems that we can't be sure that this pointer isn't NULL. --- elf/sotruss-lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elf/sotruss-lib.c b/elf/sotruss-lib.c index a5edd438f9..030c818a3e 100644 --- a/elf/sotruss-lib.c +++ b/elf/sotruss-lib.c @@ -200,7 +200,7 @@ la_objopen (struct link_map *map, Lmid_t lmid, uintptr_t *cookie) from or that list must be empty. In the latter case we trace only calls from the main binary. */ if (fromlist == NULL) - result |= map->l_name[0] == '\0' ? LA_FLG_BINDFROM : 0; + result |= (map->l_name && map->l_name[0] == '\0') ? LA_FLG_BINDFROM : 0; else result |= (match_file (fromlist, full_name, full_name_len, LA_FLG_BINDFROM)