[PATCH] libdwfl: fix DEREF_OF_NULL.EX in dwfl_segment_report_module.c
Report of the static analyzer:
After having been assigned to a NULL value at
dwfl_segment_report_module.c:187, pointer 'retval' is
dereferenced at dwfl_segment_report_module.c:195 by
calling function 'strcmp'. (CWE476)
Corrections explained:
When processing file notes, the code could dereference
a NULL pointer if 'retval' was not initialized. This patch
adds a check to ensure 'retval' is not NULL before using it
in strcmp.
The fix ensures that the function safely handles cases where
'retval' is NULL, avoiding potential crashes.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov
---
libdwfl/dwfl_segment_report_module.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libdwfl/dwfl_segment_report_module.c
b/libdwfl/dwfl_segment_report_module.c
index 32f44af8..565884f0 100644
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -205,8 +205,11 @@ handle_file_note (GElf_Addr module_start, GElf_Addr
module_end,
return NULL;
if (mix == firstix)
retval = fptr;
- if (firstix < mix && mix <= lastix && strcmp (fptr, retval) != 0)
- return NULL;
+ if (firstix < mix && mix <= lastix)
+ {
+if (retval == NULL || strcmp(fptr, retval) != 0)
+ return NULL;
+ }
fptr = fnext + 1;
}
return retval;
--
2.30.2
[PATCH] libelf: fix DEREF_OF_NULL.RET in objdump.c
Report of the static analyzer:
Pointer, returned from function 'elf_getarhdr' at
objdump.c:314, may be NULL and is dereferenced at
objdump.c:317. (CWE476, CWE690)
Corrections explained:
When processing archive elements, the code could dereference
a NULL pointer if 'elf_getarhdr' returns NULL. This patch adds
a check to ensure 'arhdr' is not NULL before using it.
The fix ensures that the function safely handles cases where
'elf_getarhdr' fails, avoiding potential crashes.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov
---
src/objdump.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/objdump.c b/src/objdump.c
index 1b38da23..9a66d362 100644
--- a/src/objdump.c
+++ b/src/objdump.c
@@ -312,6 +312,13 @@ handle_ar (int fd, Elf *elf, const char *prefix, const
char *fname,
/* The the header for this element. */
Elf_Arhdr *arhdr = elf_getarhdr (subelf);
+if (arhdr == NULL)
+{
+error(0, 0, _("%s: failed to get archive header"), fname);
+result = 1;
+continue;
+}
+
/* Skip over the index entries. */
if (strcmp (arhdr->ar_name, "/") != 0
&& strcmp (arhdr->ar_name, "//") != 0)
--
2.30.2
[PATCH] src: fix DEREF_AFTER_NULL.EX in elflint.c
Report of the static analyzer:
After having been compared to a NULL value at
elflint.c:252, pointer 'suffix' is dereferenced at elflint.c:260
by calling function 'stpcpy'
Corrections explained:
When processing a file with a NULL suffix, the code could dereference
a NULL pointer, leading to undefined behavior. This patch adds a check
to ensure suffix is not NULL before using it in stpcpy.
The fix ensures that new_suffix is properly initialized even when
suffix is NULL, avoiding potential crashes.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov
---
src/elflint.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/elflint.c b/src/elflint.c
index cdc6108d..fba18f5a 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -257,7 +257,10 @@ process_file (int fd, Elf *elf, const char *prefix, const
char *suffix,
{
cp = mempcpy (cp, prefix, prefix_len);
*cp++ = '(';
- strcpy (stpcpy (new_suffix, suffix), ")");
+ if(suffix != NULL)
+ strcpy (stpcpy (new_suffix, suffix), ")");
+ else
+ new_suffix[0] = '\0';
}
else
new_suffix[0] = '\0';
--
2.30.2
[PATCH] libdw: fix DEREF_AFTER_NULL.EX in dwarf_ranges.c
Report of the static analyzer:
After having been compared to a NULL value at
dwarf_ranges.c:492, pointer 'd' is dereferenced at
dwarf_ranges.c:531. (CWE476)
Corrections explained:
When processing a DIE with missing or invalid section data,
the code could dereference a NULL pointer, leading to undefined
behavior. This patch adds a check to ensure 'd' is not NULL
before using it.
The fix ensures that the function safely handles cases where
section data is missing, avoiding potential crashes.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov
---
libdw/dwarf_ranges.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libdw/dwarf_ranges.c b/libdw/dwarf_ranges.c
index b853e4b9..e42d21cd 100644
--- a/libdw/dwarf_ranges.c
+++ b/libdw/dwarf_ranges.c
@@ -532,7 +532,11 @@ dwarf_ranges (Dwarf_Die *die, ptrdiff_t offset, Dwarf_Addr
*basep,
secidx, offset, 1))
return -1;
}
-
+ if(d == NULL)
+ {
+ __libdw_seterrno(DWARF_E_INVALID_DWARF);
+ return -1
+ }
readp = d->d_buf + offset;
readendp = d->d_buf + d->d_size;
--
2.30.2
