libdwfl: fix potential NULL pointer dereference when reading link map

When read_addrs() was moved into file scope, there was a mistake in
converting "buffer" from a closure variable to a parameter: we are
checking whether the pointer argument is NULL, not whether the buffer
itself is NULL.  This causes a NULL pointer dereference when we try
to use the NULL buffer later.

Fixes: 3bf41d458fb6 ("link_map: Pull read_addrs() into file scope")
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index fedf65a4969849289866e2aa3a3bfb7be33f4096..1fce7af2f10b02c69bdaec708d987ec6a072950f 100644 (file)
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2021-06-09  Omar Sandoval  <osandov@fb.com>
+
+       * link_map.c (read_addrs): Fix potential NULL pointer dereference.
+
 2021-04-19  Martin Liska  <mliska@suse.cz>
 
        * dwfl_frame.c (dwfl_attach_state): Use startswith.

diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index 0d8d1c17b8fa7a43e8acaedee0d121d0f87a7a1a..1e7d4502688787b8e6ab92e43aa12701f071bff7 100644 (file)
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -254,7 +254,7 @@ read_addrs (struct memory_closure *closure,
   Dwfl *dwfl = closure->dwfl;
 
   /* Read a new buffer if the old one doesn't cover these words.  */
-  if (buffer == NULL
+  if (*buffer == NULL
       || vaddr < *read_vaddr
       || vaddr - (*read_vaddr) + nb > *buffer_available)
     {