From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com
 [IPv6:2607:f8b0:4864:20::12a])
 by sourceware.org (Postfix) with ESMTPS id 2E8483952011
 for <binutils@sourceware.org>; Thu, 17 Mar 2022 11:02:06 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2E8483952011
Received: by mail-il1-x12a.google.com with SMTP id r2so3492305ilh.0
 for <binutils@sourceware.org>; Thu, 17 Mar 2022 04:02:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition;
 bh=Z8HXP3X9iuYjJ+drRANL8MsaWHM0ZJjGuuRYWjbkHF8=;
 b=nfr0+tT3b9grMjKzHwpDvjDLdf286/qNcNVkRyB7phMOpKKSrA9HRpNIGMfIW1lecQ
 xTrlAdq9qfAOVCegGMiE7i/N9n7rLsdOW5FgVyOXBHm1j0s/eirnJtalmi2aZrfp9FH9
 E4JnvYlTlN7a/C0smnM5mV7yR8OPo6vU4AtWQqMUmG+QF97PowGkiPNZIsbItoDgEht9
 n5m0ATO6DacrSPLaPReuXJtx9g82kQQA0TN1xCvLRtY1xmc0hEd7mpyNUaCyBQvnbS0w
 tkhwW40JSyeOS1euMv/6FMPjOY0JRwRzhHZnxr0ZQ9kX8imsG+bwSgP2svyIorg1IyAC
 seEA==
X-Gm-Message-State: AOAM533o8iZLn0sAtm/oqDcQIKsA40LlUdDf1oX6WMEmNwRtQU6RSxiN
 Ruyif/UauS4i86W15LYg2a6OqK4rgbc=
X-Google-Smtp-Source: ABdhPJx6w8oYa+ewT2/FLJSQvMg/x28CznMPnlyGYZ1pUljHyhKzvDjli1qx5zRax1hNCmSaIYzjUA==
X-Received: by 2002:a05:6e02:164e:b0:2c7:f0b5:e21d with SMTP id
 v14-20020a056e02164e00b002c7f0b5e21dmr210378ilu.222.1647514925091; 
 Thu, 17 Mar 2022 04:02:05 -0700 (PDT)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 b11-20020a056e02184b00b002c7c470ee8esm2720208ilv.2.2022.03.17.04.02.04
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 17 Mar 2022 04:02:04 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id D20EA1142F41; Thu, 17 Mar 2022 21:32:01 +1030 (ACDT)
Date: Thu, 17 Mar 2022 21:32:01 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: ubsan: Null dereference in parse_module
Message-ID: <YjMVKfnpTQr9fhm1@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3037.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 11:02:07 -0000

	* vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG
	has set module->func_table for DST__K_RTNEND.  Check return
	of bfd_zalloc.

diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 4a92574c850..1129c98f0e2 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
 
   /* Initialize tables with zero element.  */
   curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo));
+  if (!curr_srec)
+    return false;
   module->srec_table = curr_srec;
 
   curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
+  if (!curr_line)
+    return false;
   module->line_table = curr_line;
 
   while (length == -1 || ptr < maxptr)
@@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
 	case DST__K_RTNBEG:
 	  funcinfo = (struct funcinfo *)
 	    bfd_zalloc (abfd, sizeof (struct funcinfo));
+	  if (!funcinfo)
+	    return false;
 	  funcinfo->name
 	    = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
 					    maxptr - (ptr + DST_S_B_RTNBEG_NAME));
@@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
 	  break;
 
 	case DST__K_RTNEND:
+	  if (!module->func_table)
+	    return false;
 	  module->func_table->high = module->func_table->low
 	    + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1;
 

-- 
Alan Modra
Australia Development Lab, IBM