From: Omar Sandoval <osandov@fb.com>
Date: Thu, 10 Jun 2021 00:45:57 +0000 (-0700)
Subject: libdwfl: fix potential NULL pointer dereference when reading link map
X-Git-Tag: elfutils-0.186~77
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=828024afc517e266f3226b469ba33f372b401821;p=thirdparty%2Felfutils.git

libdwfl: fix potential NULL pointer dereference when reading link map

When read_addrs() was moved into file scope, there was a mistake in
converting "buffer" from a closure variable to a parameter: we are
checking whether the pointer argument is NULL, not whether the buffer
itself is NULL.  This causes a NULL pointer dereference when we try
to use the NULL buffer later.

Fixes: 3bf41d458fb6 ("link_map: Pull read_addrs() into file scope")
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
---

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index fedf65a49..1fce7af2f 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2021-06-09  Omar Sandoval  <osandov@fb.com>
+
+	* link_map.c (read_addrs): Fix potential NULL pointer dereference.
+
 2021-04-19  Martin Liska  <mliska@suse.cz>
 
 	* dwfl_frame.c (dwfl_attach_state): Use startswith.
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index 0d8d1c17b..1e7d45026 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -254,7 +254,7 @@ read_addrs (struct memory_closure *closure,
   Dwfl *dwfl = closure->dwfl;
 
   /* Read a new buffer if the old one doesn't cover these words.  */
-  if (buffer == NULL
+  if (*buffer == NULL
       || vaddr < *read_vaddr
       || vaddr - (*read_vaddr) + nb > *buffer_available)
     {