From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mark@klomp.org>
Received: from outbound.soverin.net (outbound.soverin.net [116.202.65.215])
 by sourceware.org (Postfix) with ESMTPS id 8D3113857C7E
 for <elfutils-devel@sourceware.org>; Wed,  6 Oct 2021 21:44:27 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8D3113857C7E
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
Received: from smtp.soverin.net (unknown [10.10.3.24])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by outbound.soverin.net (Postfix) with ESMTPS id C3E1260DC1;
 Wed,  6 Oct 2021 21:44:25 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by
 soverin.net
Received: by reform (Postfix, from userid 1000)
 id F35712E817D9; Wed,  6 Oct 2021 23:44:22 +0200 (CEST)
Date: Wed, 6 Oct 2021 23:44:22 +0200
From: Mark Wielaard <mark@klomp.org>
To: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Cc: elfutils-devel@sourceware.org
Subject: Re: [PATCH] Tests: Fix warning in show-die-info.c
Message-ID: <YV4YtovT/5Uscsl6@wildebeest.org>
References: <20211005153216.fadk42msbpz4xvx5@lug-owl.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="83piexY0JlFsU7+N"
Content-Disposition: inline
In-Reply-To: <20211005153216.fadk42msbpz4xvx5@lug-owl.de>
X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 21:44:29 -0000


--83piexY0JlFsU7+N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi,

On Tue, Oct 05, 2021 at 05:32:16PM +0200, Jan-Benedict Glaw wrote:
> I'm running automated test compiles on Binutils, GCC, Linux, NetBSD
> and, since a few days ago, elfutils.
> 
> Building/running the tests, I noticed this little warning:
> 
> [make 2021-10-01 12:18:15] elflint.c: In function 'check_sections':
> [make 2021-10-01 12:18:15] elflint.c:4105:48: error: null pointer dereference [-Werror=null-dereference]
> [make 2021-10-01 12:18:15]  4105 |                                  idx < databits->d_size && ! bad;
> [make 2021-10-01 12:18:15]       |                                        ~~~~~~~~^~~~~~~~
> [make 2021-10-01 12:18:18] cc1: all warnings being treated as errors
> [make 2021-10-01 12:18:18] make[2]: *** [Makefile:799: elflint.o] Error 1
> [make 2021-10-01 12:18:18] make[1]: *** [Makefile:532: all-recursive] Error 1
> [make 2021-10-01 12:18:18] make: *** [Makefile:448: all] Error 2
> 
> 
> As it is tested beforehand that we should not run into this, this
> patch should fix the warning:
> 
> 
> diff --git a/src/elflint.c b/src/elflint.c
> index 1ce75684..ef7725ce 100644
> --- a/src/elflint.c
> +++ b/src/elflint.c
> @@ -4102,7 +4102,7 @@ section [%2zu] '%s' has type NOBITS but is read from the file in segment of prog
>  			    bad = (databits == NULL
>  				   || databits->d_size != shdr->sh_size);
>  			    for (size_t idx = 0;
> -				 idx < databits->d_size && ! bad;
> +				 ! bad && idx < databits->d_size;
>  				 idx++)
>  			      bad = ((char *) databits->d_buf)[idx] != 0;
>  

Thanks, that warning and the fix look correct.
I committed the attached fix.

Cheers,

Mark



--83piexY0JlFsU7+N
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment;
	filename="0001-elflint.c-Don-t-dereference-databits-if-bad.patch"

>From 3d9f12883d0c131bd4ab6045e1f60d3fe6d150ea Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Wed, 6 Oct 2021 23:37:42 +0200
Subject: [PATCH] elflint.c: Don't dereference databits if bad

elflint.c: In function 'check_sections':
elflint.c:4105:48: error: null pointer dereference [-Werror=null-dereference]
4105 |                                  idx < databits->d_size && ! bad;
     |                                        ~~~~~~~~^~~~~~~~

Fix this by testing for ! bad first.

Reported-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 src/ChangeLog | 4 ++++
 src/elflint.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 87b3dd46..316bcb6d 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2021-10-06  Mark Wielaard  <mark@klomp.org>
+
+	* elflint.c (check_sections): Don't dereference databits if bad.
+
 2021-09-09  Dmitry V. Levin  <ldv@altlinux.org>
 
 	* findtextrel.c: Include "libeu.h".
diff --git a/src/elflint.c b/src/elflint.c
index 1ce75684..ef7725ce 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -4102,7 +4102,7 @@ section [%2zu] '%s' has type NOBITS but is read from the file in segment of prog
 			    bad = (databits == NULL
 				   || databits->d_size != shdr->sh_size);
 			    for (size_t idx = 0;
-				 idx < databits->d_size && ! bad;
+				 ! bad && idx < databits->d_size;
 				 idx++)
 			      bad = ((char *) databits->d_buf)[idx] != 0;
 
-- 
2.32.0


--83piexY0JlFsU7+N--