libdw: aggregate_size check NULL result from get_type.

aggregate_size can be called recursively with the result of get_type.
get_type can return NULL when dwarf_peel_type fails. Found by afl-fuzz.

dwarf_aggregate_size when called directly doesn't need a NULL check
because it calls and checks the result of dwarf_peel_type directly.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index bed63794fdc388a949e5bde0f2bd304a9b8e00b3..1e41e72aeef4e56bb22529a1431816d6a3efe565 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,7 @@
+2018-06-18  Mark Wielaard  <mark@klomp.org>
+
+       * dwarf_aggregate_size.c (aggregate_size): Check die is not NULL.
+
 2018-06-17  Luiz Angelo Daros de Luca  <luizluca@gmail.com>
 
        * dwarf_getsrclines.c (read_srclines): Intialize filelist early.

diff --git a/libdw/dwarf_aggregate_size.c b/libdw/dwarf_aggregate_size.c
index 6e501857bc2053bd133817ba1536c769b9a3ddc9..d20db71a5de98a33af094afd8561a6813475ab31 100644 (file)
--- a/libdw/dwarf_aggregate_size.c
+++ b/libdw/dwarf_aggregate_size.c
@@ -171,6 +171,9 @@ aggregate_size (Dwarf_Die *die, Dwarf_Word *size, Dwarf_Die *type_mem)
 {
   Dwarf_Attribute attr_mem;
 
+  if (die == NULL)
+    return -1;
+
   if (INTUSE(dwarf_attr_integrate) (die, DW_AT_byte_size, &attr_mem) != NULL)
     return INTUSE(dwarf_formudata) (&attr_mem, size);