From patchwork Thu Mar 31 16:20:48 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Chestnyh <d.chestnyh@omp.ru>
X-Patchwork-Id: 52536
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 36B8B389EC65
	for <patchwork@sourceware.org>; Thu, 31 Mar 2022 16:21:54 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mxout03.lancloud.ru (mxout03.lancloud.ru [45.84.86.113])
 by sourceware.org (Postfix) with ESMTPS id 4A70D3899434
 for <libc-alpha@sourceware.org>; Thu, 31 Mar 2022 16:20:53 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4A70D3899434
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=omp.ru
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=omp.ru
Received: from LanCloud
DKIM-Filter: OpenDKIM Filter v2.11.0 mxout03.lancloud.ru 8ABE820E8441
Received: from LanCloud
Received: from LanCloud
Received: from LanCloud
From: Dmitry Chestnyh <d.chestnyh@omp.ru>
To: <libc-alpha@sourceware.org>
Subject: [PATCH] [elf] Fix possible null-pointer dereference.
Date: Thu, 31 Mar 2022 19:20:48 +0300
Message-ID: <20220331162048.449551-1-d.chestnyh@omp.ru>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Originating-IP: [192.168.11.198]
X-ClientProxiedBy: LFEXT02.lancloud.ru (fd00:f066::142) To
 LFEX1912.lancloud.ru (fd00:f066::166)
X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE,
 UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Cc: Dmitry Chestnyh <d.chestnyh@omp.ru>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>

This issue was found by SVACE static analyzer.
Dereference can appear at line 2223 and there are no
obvious checks of `name` ptr value.
Jump to label `no_file` from elf/dl-load.c:2066
can trigger it.
---
 elf/dl-load.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 892e8ef2f6..0bced6cd8a 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -2271,6 +2271,7 @@ _dl_map_object (struct link_map *loader, const char *name,
 	     have.  */
 	  static const Elf_Symndx dummy_bucket = STN_UNDEF;
 
+	  assert(name != NULL);
 	  /* Allocate a new object map.  */
 	  if ((name_copy = __strdup (name)) == NULL
 	      || (l = _dl_new_object (name_copy, name, type, loader,