From 7c57180a3f3517a47c8d0de39d628c4ee60385f1 Mon Sep 17 00:00:00 2001
From: guy fleury iteriteka <gfleury@disroot.org>
Date: Fri, 13 Mar 2020 14:03:52 +0200
Subject: [PATCH] fix possible dereference of NULL.

* vm/vm_object.c(vm_object_copy_call): test object return by
  vm_object_enter that it is not VM_OBJECT_NULL before continue
  and return KERN_FAILURE otherwise.
---
 vm/vm_object.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/vm/vm_object.c b/vm/vm_object.c
index a68e520..5f9f5c1 100644
--- a/vm/vm_object.c
+++ b/vm/vm_object.c
@@ -1368,18 +1368,22 @@ kern_return_t vm_object_copy_call(
 	 */
 
 	new_object = vm_object_enter(new_memory_object, size, FALSE);
-	new_object->shadow = src_object;
-	new_object->shadow_offset = src_offset;
-
-	/*
-	 *	Drop the reference for new_memory_object taken above.
-	 */
-
-	ipc_port_release_send(new_memory_object);
-	/* no longer hold the naked send right for new_memory_object */
-
-	*_result_object = new_object;
-	return KERN_SUCCESS;
+	if(new_object != VM_OBJECT_NULL) {
+	  new_object->shadow = src_object;
+	  new_object->shadow_offset = src_offset;
+	  
+	  /*
+	   *	Drop the reference for new_memory_object taken above.
+	   */
+	  
+	  ipc_port_release_send(new_memory_object);
+	  /* no longer hold the naked send right for new_memory_object */
+	  
+	  *_result_object = new_object;
+	  return KERN_SUCCESS;
+	}
+	
+	return KERN_FAILURE; 
 }
 
 /*
-- 
2.20.1