From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <osandov@osandov.com>
Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com
 [IPv6:2607:f8b0:4864:20::636])
 by sourceware.org (Postfix) with ESMTPS id 702CD3858018
 for <elfutils-devel@sourceware.org>; Thu, 10 Jun 2021 00:46:04 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 702CD3858018
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=osandov.com
Authentication-Results: sourceware.org; spf=none smtp.mailfrom=osandov.com
Received: by mail-pl1-x636.google.com with SMTP id x19so65864pln.2
 for <elfutils-devel@sourceware.org>; Wed, 09 Jun 2021 17:46:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=osandov-com.20150623.gappssmtp.com; s=20150623;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=0H91yxPcBr3faQgO6+rujEwRoHVVVG9qnMvAq+l6X9E=;
 b=nZdHhFF8pjt64b0t7cjsdhFZTGj4JmUD1WZFnb8+sD875zSfhVdqNnfMdbkeH46cWy
 OOfWmu9Jebl2TlDG9wzeiGEF2NtcAjhVV/3DE3xkjdU3jdpMwdwD8bFM0QENG0ZmD500
 g6fjKj1wWfObM3MyEIyFn/QU7g7W0oq1bCk0wdQcvKkAQPuNyJqL4ps9pCQH55WUp626
 qJW+2VcVgHeZqvjjwr7YrEuLb1VhMbiPR2hGwz2nmL9ZUrb20iPteJn9iTaIJA51TeY/
 mF0YTN+bowsNWI1U3X/us/pdxO+OplYUDIk4FuFzMifP8SWuxMtWw1WRgg98cjnGEGoU
 jG0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=0H91yxPcBr3faQgO6+rujEwRoHVVVG9qnMvAq+l6X9E=;
 b=uWgJiPiNU8WENPfNVMnWoBnQWXnc5JZMdi8CbqtqUjnqKYDuKqxi46RI0TSd9X/cRN
 YoXofzS1H3FE5Qhqcqz5QF8lMvaYmyiHdwjKCMrs4DpIzjjeb5E/uoliF2OOzfyj90C9
 OL4hIEQACp2CuFaZF2U8GVvLf2JSRDSWB4IwOlD14BuzpZNiwhOJY8XpZld928+1WGzz
 6DmEeCWk8jGmsigpQpCC20aVj3XSpIxIFIK8eSjUokUmORb1dXrhp0I4Gguw6n0Y4VVy
 0WneUi0mhLPzLIvtiORiPDvsInexPXCLvQt+RNhWNmtCqrKFyfsA1V1DpfzazlXl1wc8
 DcxA==
X-Gm-Message-State: AOAM533Ln9GQukGq72z9Wor+XYdg78SFxS2IVXUWgjBaf0g/XTlUCNr0
 UFL6oQgyUayMWho6mT4I+z3O+JIC4Bo/gg==
X-Google-Smtp-Source: ABdhPJwWdgEaxSmxLi6/lc8hO3vZtxTC+VwzEEaQXQj388itPIK/61PJNZ9T2EjgMDC2IPu+lQR+8A==
X-Received: by 2002:a17:90a:fd05:: with SMTP id
 cv5mr462433pjb.24.1623285962914; 
 Wed, 09 Jun 2021 17:46:02 -0700 (PDT)
Received: from relinquished.tfbnw.net ([2620:10d:c090:400::5:a169])
 by smtp.gmail.com with ESMTPSA id s33sm594476pfw.150.2021.06.09.17.46.01
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 09 Jun 2021 17:46:02 -0700 (PDT)
From: Omar Sandoval <osandov@osandov.com>
To: elfutils-devel@sourceware.org
Subject: [PATCH] libdwfl: fix crash when reading link map
Date: Wed,  9 Jun 2021 17:45:57 -0700
Message-Id: <9d6fa5673b548c600c23005388bb5e909983acb1.1623285930.git.osandov@fb.com>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-11.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2021 00:46:06 -0000

From: Omar Sandoval <osandov@fb.com>

When read_addrs() was converted was converted from a nested function to
a normal function, there was a mistake in converting "buffer" from a
closure variable to a parameter: we are checking whether the pointer
argument is NULL, not whether the buffer itself is NULL. This causes a
NULL pointer dereference when we try to use the NULL buffer later.

Fixes: 3bf41d458fb6 ("link_map: Pull read_addrs() into file scope") made
Signed-off-by: Omar Sandoval <osandov@fb.com>
---
 libdwfl/ChangeLog  | 4 ++++
 libdwfl/link_map.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index fedf65a4..c57c7708 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2021-06-09  Omar Sandoval  <osandov@fb.com>
+
+	* link_map.c (read_addrs): Fix crash.
+
 2021-04-19  Martin Liska  <mliska@suse.cz>
 
 	* dwfl_frame.c (dwfl_attach_state): Use startswith.
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index 0d8d1c17..1e7d4502 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -254,7 +254,7 @@ read_addrs (struct memory_closure *closure,
   Dwfl *dwfl = closure->dwfl;
 
   /* Read a new buffer if the old one doesn't cover these words.  */
-  if (buffer == NULL
+  if (*buffer == NULL
       || vaddr < *read_vaddr
       || vaddr - (*read_vaddr) + nb > *buffer_available)
     {
-- 
2.32.0