From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.smtpout.orange.fr (smtp-20.smtpout.orange.fr [80.12.242.20]) by sourceware.org (Postfix) with ESMTPS id 28D113856967 for ; Tue, 12 Sep 2023 15:24:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 28D113856967 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=jacob.remcomp.fr Authentication-Results: sourceware.org; spf=none smtp.mailfrom=jacob.remcomp.fr Received: from smtpclient.apple ([90.22.252.13]) by smtp.orange.fr with ESMTPS id g5FNqOP4TwvAYg5FNqzTp8; Tue, 12 Sep 2023 17:24:14 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wanadoo.fr; s=t20230301; t=1694532254; bh=7hKJQu+j7EMmEmeauchC1rexvP/LM8qxWAp5kYL5Upw=; h=From:Subject:Date:To; b=Ol7Hgw13YKIfO0Un50ou8aom3QMobX6VaTu9PLTXaeK8IoS7CIyllG2WW4iVGLeKQ oXMBWKrEOyLbVQ/ZMTkQdtRPOoXtpCDkHAPi5Ls+m/1aBnq/oe7YMpja9bGhC00fhK LtqOvd74ZkkQj1j+E4dG8oJi0nlZG2H93Z5YuO8VFTAki6WKYXNGxBWIXAlrQH6hUq x5i27kZ1MPQMkKNfkXKrIi9XtQD5WvYDAZZiOq1mdzBB8W2Ujiq8jE4edZhIpwwQrO uYsorFo0Oef5S18aBTk44zCdUrbmFgcIAqkxRJlcQo2XzsNFR1pGgEIpQVrBL7tW8m Wc3F4BOVNUerA== X-ME-Helo: smtpclient.apple X-ME-Date: Tue, 12 Sep 2023 17:24:14 +0200 X-ME-IP: 90.22.252.13 From: jacob navia Content-Type: multipart/alternative; boundary="Apple-Mail=_6C598441-E5A2-4452-84B8-C4697F627E00" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Missing check for NULL Message-Id: Date: Tue, 12 Sep 2023 17:24:03 +0200 To: binutils@sourceware.org X-Mailer: Apple Mail (2.3731.700.6) X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --Apple-Mail=_6C598441-E5A2-4452-84B8-C4697F627E00 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi A missing check for NULL. FILE: elf.c line 3091 Function: _bfd_elf_init_reloc_shdr static bool _bfd_elf_init_reloc_shdr (bfd *abfd, struct bfd_elf_section_reloc_data *reldata, const char *sec_name, bool use_rela_p, bool delay_st_name_p) { Elf_Internal_Shdr *rel_hdr; const struct elf_backend_data *bed =3D get_elf_backend_data (abfd); BFD_ASSERT (reldata->hdr =3D=3D NULL);<<<<<<<<<<<<<<< Next line BUG! rel_hdr =3D bfd_zalloc (abfd, sizeof (*rel_hdr)); // bfd_zalloc can retur= n NULL reldata->hdr =3D rel_hdr; if (delay_st_name_p) rel_hdr->sh_name =3D (unsigned int) -1; else if (!_bfd_elf_set_reloc_sh_name (abfd, rel_hdr, sec_name, use_rela_p)) return false; rel_hdr->sh_type =3D use_rela_p ? SHT_RELA : SHT_REL; // Possible crash rel_hdr->sh_entsize =3D (use_rela_p ? bed->s->sizeof_rela : bed->s->sizeof_rel); rel_hdr->sh_addralign =3D (bfd_vma) 1 << bed->s->log_file_align; rel_hdr->sh_flags =3D 0; rel_hdr->sh_addr =3D 0; rel_hdr->sh_size =3D 0; rel_hdr->sh_offset =3D 0; return true; } DESCRIPTION: bfd_zalloc can return NULL. This is not checked, and then the = result is used=20 HOW TO FIX: Add a check after the allocation: If (rel_hdr =3D=3D NULL) return false; PRIORITY: low. Jacob --Apple-Mail=_6C598441-E5A2-4452-84B8-C4697F627E00--