From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=YV0/=E3=klomp.org=mark@sourceware.org>
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
	by sourceware.org (Postfix) with ESMTPS id 6583C3858D3C
	for <elfutils-devel@sourceware.org>; Mon, 11 Sep 2023 07:42:40 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6583C3858D3C
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
Received: by gnu.wildebeest.org (Postfix, from userid 1000)
	id 5FA293013319; Mon, 11 Sep 2023 09:42:39 +0200 (CEST)
Date: Mon, 11 Sep 2023 09:42:39 +0200
From: Mark Wielaard <mark@klomp.org>
To: Evgeny Vereshchagin <evvers@ya.ru>, elfutils-devel@sourceware.org
Cc: =?utf-8?B?ZXZ24oCm?= via monorail <monorail+v2.2672886254@chromium.org>
Subject: Re: Issue 62071 in oss-fuzz: elfutils:fuzz-libdwfl: Null-dereference
 READ in chunk_compare
Message-ID: <20230911074239.GH32736@gnu.wildebeest.org>
References: <0=71cc74a7ba1af446b7ed6b9a08b414d9=1491f90a54bd791097d19cec88a861b0=oss-fuzz@monorail-prod.appspotmail.com>
 <000000000000aa01b70604c4c284@google.com>
 <2387505161d0bf24b8388b1955e517123fea0473.camel@klomp.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2387505161d0bf24b8388b1955e517123fea0473.camel@klomp.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Status: No, score=-3028.8 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <elfutils-devel.sourceware.org>

Hi,

On Thu, Sep 07, 2023 at 04:25:00PM +0200, Mark Wielaard wrote:
> Subject: [PATCH] libelf: tdelete dummy key if anything goes wrong setting up
>  rawchunk
> 
> elf_getdata_rawchunk uses a binary search tree cache. If a rawchunk is
> not yet in the cache we setup a new entry. But if anything went wrong
> setting up the new rawchunk we would leave a NULL key in the
> cache. This could blow up the next search. Fix this by removing the
> (dummy) key from the cache on any failure.
> 
> 	* libelf/elf_getdata_rawchunk.c (elf_getdata_rawchunk): Don't
> 	assign NULL to *found. Call tdelete if anything goes wrong.

Pushed,

Mark