* ctf segfaults
@ 2023-03-19 11:51 Alan Modra
2023-03-24 13:35 ` Nick Alcock
0 siblings, 1 reply; 2+ messages in thread
From: Alan Modra @ 2023-03-19 11:51 UTC (permalink / raw)
To: binutils
PR 30228
PR 30229
* ctf-open.c (ctf_bufopen_internal): Check for NULL cts_data.
* ctf-archive.c (ctf_arc_bufpreamble, ctf_arc_bufopen): Likewise.
diff --git a/libctf/ctf-archive.c b/libctf/ctf-archive.c
index abae90da113..54c49b3edbb 100644
--- a/libctf/ctf-archive.c
+++ b/libctf/ctf-archive.c
@@ -402,8 +402,9 @@ ctf_arc_symsect_endianness (ctf_archive_t *arc, int little_endian)
const ctf_preamble_t *
ctf_arc_bufpreamble (const ctf_sect_t *ctfsect)
{
- if (ctfsect->cts_size > sizeof (uint64_t) &&
- (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
+ if (ctfsect->cts_data != NULL
+ && ctfsect->cts_size > sizeof (uint64_t)
+ && (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
{
struct ctf_archive *arc = (struct ctf_archive *) ctfsect->cts_data;
return (const ctf_preamble_t *) ((char *) arc + le64toh (arc->ctfa_ctfs)
@@ -424,8 +425,9 @@ ctf_arc_bufopen (const ctf_sect_t *ctfsect, const ctf_sect_t *symsect,
int is_archive;
ctf_dict_t *fp = NULL;
- if (ctfsect->cts_size > sizeof (uint64_t) &&
- (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
+ if (ctfsect->cts_data != NULL
+ && ctfsect->cts_size > sizeof (uint64_t)
+ && (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
{
/* The archive is mmappable, so this operation is trivial.
diff --git a/libctf/ctf-open.c b/libctf/ctf-open.c
index 5bcf0dd9b76..35f635b6559 100644
--- a/libctf/ctf-open.c
+++ b/libctf/ctf-open.c
@@ -1354,7 +1354,8 @@ ctf_bufopen_internal (const ctf_sect_t *ctfsect, const ctf_sect_t *symsect,
if (strsect != NULL && strsect->cts_data == NULL)
return (ctf_set_open_errno (errp, ECTF_STRBAD));
- if (ctfsect->cts_size < sizeof (ctf_preamble_t))
+ if (ctfsect->cts_data == NULL
+ || ctfsect->cts_size < sizeof (ctf_preamble_t))
return (ctf_set_open_errno (errp, ECTF_NOCTFBUF));
pp = (const ctf_preamble_t *) ctfsect->cts_data;
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ctf segfaults
2023-03-19 11:51 ctf segfaults Alan Modra
@ 2023-03-24 13:35 ` Nick Alcock
0 siblings, 0 replies; 2+ messages in thread
From: Nick Alcock @ 2023-03-24 13:35 UTC (permalink / raw)
To: Alan Modra; +Cc: binutils
On 19 Mar 2023, Alan Modra via Binutils uttered the following:
> PR 30228
> PR 30229
> * ctf-open.c (ctf_bufopen_internal): Check for NULL cts_data.
> * ctf-archive.c (ctf_arc_bufpreamble, ctf_arc_bufopen): Likewise.
Thanks! (These were fuzzed archves, right? Real archives should never
end up with, what is that, a zero-length types section?)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-24 13:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-19 11:51 ctf segfaults Alan Modra
2023-03-24 13:35 ` Nick Alcock
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).