From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mark@klomp.org>
Received: from gnu.wildebeest.org (wildebeest.demon.nl [212.238.236.112])
 by sourceware.org (Postfix) with ESMTPS id C3D44383E829
 for <elfutils-devel@sourceware.org>; Sun, 10 May 2020 19:58:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org C3D44383E829
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=mark@klomp.org
Received: from librem (deer0x15.wildebeest.org [172.31.17.151])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id A91A0300B2FD;
 Sun, 10 May 2020 21:58:20 +0200 (CEST)
Received: by librem (Postfix, from userid 1000)
 id 8198FC031D; Sun, 10 May 2020 21:57:55 +0200 (CEST)
From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Cc: David Malcolm <dmalcolm@redhat.com>,
	Mark Wielaard <mark@klomp.org>
Subject: [PATCH 3/7] libelf: Check __gelf_getehdr_rdlock call doesn't fail in
 elf_getdata.
Date: Sun, 10 May 2020 21:53:36 +0200
Message-Id: <20200510195339.37191-4-mark@klomp.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200510195339.37191-1-mark@klomp.org>
References: <20200510195339.37191-1-mark@klomp.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-14.7 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sun, 10 May 2020 19:58:22 -0000

GCC10 -fanalyzer with -flto notices __gelf_getehdr_rdlock can fail
and that the result of the call in __libelf_set_rawdata_wrlock isn't
checked, which can cause a dereference of NULL.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libelf/ChangeLog     | 5 +++++
 libelf/elf_getdata.c | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 56f5354c..fcea8aa9 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2020-05-08  Mark Wielaard  <mark@klomp.org>
+
+	* elf_getdata.c (__libelf_set_rawdata_wrlock): Check
+	__gelf_getehdr_rdlock return value.
+
 2020-04-25  Mark Wielaard  <mark@klomp.org>
 
 	* elf_compress.c (__libelf_compress): Remove free (out_buf).
diff --git a/libelf/elf_getdata.c b/libelf/elf_getdata.c
index 40fe1694..0d8f8d2e 100644
--- a/libelf/elf_getdata.c
+++ b/libelf/elf_getdata.c
@@ -271,6 +271,8 @@ __libelf_set_rawdata_wrlock (Elf_Scn *scn)
 	{
 	  GElf_Ehdr ehdr_mem;
 	  GElf_Ehdr *ehdr = __gelf_getehdr_rdlock (elf, &ehdr_mem);
+	  if (unlikely (ehdr == NULL))
+	    return 1;
 	  entsize = SH_ENTSIZE_HASH (ehdr);
 	}
       else
-- 
2.20.1