[PATCH] libdw: aggregate_size check NULL result from get_type.

[PATCH] libdw: aggregate_size check NULL result from get_type.

[Mark Wielaard]

aggregate_size can be called recursively with the result of get_type.
get_type can return NULL when dwarf_peel_type fails. Found by afl-fuzz.

dwarf_aggregate_size when called directly doesn't need a NULL check
because it calls and checks the result of dwarf_peel_type directly.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libdw/ChangeLog              | 4 ++++
 libdw/dwarf_aggregate_size.c | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 329a994d..5dc70ba9 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,7 @@
+2018-06-18  Mark Wielaard  <mark@klomp.org>
+
+	* dwarf_aggregate_size.c (aggregate_size): Check die is not NULL.
+
 2018-06-15  Mark Wielaard  <mark@klomp.org>
 
 	* dwarf_getlocation.c (check_constant_offset): Clarify DW_FORM_data16
diff --git a/libdw/dwarf_aggregate_size.c b/libdw/dwarf_aggregate_size.c
index 6e501857..d20db71a 100644
--- a/libdw/dwarf_aggregate_size.c
+++ b/libdw/dwarf_aggregate_size.c
@@ -171,6 +171,9 @@ aggregate_size (Dwarf_Die *die, Dwarf_Word *size, Dwarf_Die *type_mem)
 {
   Dwarf_Attribute attr_mem;
 
+  if (die == NULL)
+    return -1;
+
   if (INTUSE(dwarf_attr_integrate) (die, DW_AT_byte_size, &attr_mem) != NULL)
     return INTUSE(dwarf_formudata) (&attr_mem, size);
 
-- 
2.17.0

Re: [PATCH] libdw: aggregate_size check NULL result from get_type.

[Mark Wielaard]

On Mon, 2018-06-18 at 10:37 +0200, Mark Wielaard wrote:
> aggregate_size can be called recursively with the result of get_type.
> get_type can return NULL when dwarf_peel_type fails. Found by afl-
> fuzz.
> 
> dwarf_aggregate_size when called directly doesn't need a NULL check
> because it calls and checks the result of dwarf_peel_type directly.

Pushed to master.