From patchwork Thu Mar 31 15:19:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Chestnyh <d.chestnyh@omp.ru>
X-Patchwork-Id: 52530
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 35E953937415
	for <patchwork@sourceware.org>; Thu, 31 Mar 2022 15:19:37 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mxout03.lancloud.ru (mxout03.lancloud.ru [45.84.86.113])
 by sourceware.org (Postfix) with ESMTPS id 881BA3858C54
 for <libc-alpha@sourceware.org>; Thu, 31 Mar 2022 15:19:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 881BA3858C54
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=omp.ru
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=omp.ru
Received: from LanCloud
DKIM-Filter: OpenDKIM Filter v2.11.0 mxout03.lancloud.ru 5843220E7A25
Received: from LanCloud
Received: from LanCloud
Received: from LanCloud
From: Dmitry Chestnyh <d.chestnyh@omp.ru>
To: <libc-alpha@sourceware.org>
Subject: [PATCH] [iconv] Fix possible null-pointer dereference.
Date: Thu, 31 Mar 2022 18:19:18 +0300
Message-ID: <20220331151918.433882-1-d.chestnyh@omp.ru>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Originating-IP: [192.168.11.198]
X-ClientProxiedBy: LFEXT02.lancloud.ru (fd00:f066::142) To
 LFEX1912.lancloud.ru (fd00:f066::166)
X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, T_SCC_BODY_TEXT_LINE,
 UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Cc: Dmitry Chestnyh <d.chestnyh@omp.ru>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>

This issue was found by SVACE static analyzer.
Dereference can appear at line 665 and there are no
obvious checks of `irrecersible` ptr value.
And seems that we can't be sure that this pointer
isn't NULL.
---
 iconv/skeleton.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/iconv/skeleton.c b/iconv/skeleton.c
index 0356dbf92b..a296a9f944 100644
--- a/iconv/skeleton.c
+++ b/iconv/skeleton.c
@@ -659,6 +659,7 @@ FUNCTION_NAME (struct __gconv_step *step, struct __gconv_step_data *data,
 	      /* Store information about how many bytes are available.  */
 	      data->__outbuf = outbuf;
 
+	      assert(irreversible != NULL);
 	      /* Remember how many non-identical characters we
 		 converted in an irreversible way.  */
 	      *irreversible += lirreversible;