Bug 1332148

Summary: Null dereference bug in _dwarf_file_name_is_full_path()
Product: [Fedora] Fedora Reporter: lieanu <liuyue0310>
Component: libdwarfAssignee: Tom Hughes <tom>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: orion, tom
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libdwarf-20160507-1.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 16:13:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Null 01 bug none

Description lieanu 2016-05-02 11:23:29 UTC 
Created attachment 1152911 [details]
Null 01 bug

Hi, 

I have informed this bug to upstream, reporting it here just for bug tracking, thanks.

Null dereference bug in lastest git code.

0x2aaaaaceba60   <_dwarf_set_line_table_regs_default_values+112>  mov    rax,QWORD PTR [rip+0x24189]        # 0x2aaaaad0fbf0 <_dwarf_line_table_regs_default_values+80>
0x2aaaaaceba67   <_dwarf_set_line_table_regs_default_values+119>  mov    QWORD PTR [rdi+0x50],rax
0x2aaaaaceba6b   <_dwarf_set_line_table_regs_default_values+123>  ret
0x2aaaaaceba6c   nop    DWORD PTR [rax+0x0]
0x2aaaaaceba70   <_dwarf_file_name_is_full_path>  movzx  edx,BYTE PTR [rdi]              <- $pc
0x2aaaaaceba73   <_dwarf_file_name_is_full_path+3>  mov    eax,0x1
0x2aaaaaceba78   <_dwarf_file_name_is_full_path+8>  cmp    dl,0x2f
0x2aaaaaceba7b   <_dwarf_file_name_is_full_path+11>  je     0x2aaaaacebaa8 <_dwarf_file_name_is_full_path+56>
0x2aaaaaceba7d   <_dwarf_file_name_is_full_path+13>  xor    eax,eax
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[source:./dwarf_line.c+84]--
  80     */
  81     int
  82     _dwarf_file_name_is_full_path(Dwarf_Small  *fname)
  83     {
  84         Dwarf_Small firstc = *fname;                <- $pc
  85         if (is_path_separator(firstc)) {
  86             /* Full path. */
  87             return 1;
  88         }
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[trace]--
#0  _dwarf_file_name_is_full_path (fname=0x0) at ./dwarf_line.c:84
#1  0x00002aaaaacf40e0 in construct_at_path_from_parts (mc=0x65bff0) at dwarf_macro5.c:700
#2  dwarf_get_macro_startend_file (macro_context=macro_context@entry=0x65bff0, op_number=op_number@entry=1, line_number=line_number@entry=0x7fffffffd898, name_index_to_line_tab=name_index_to_line_tab@entry=0x7fffffffd8a0, src_file_name=src_file_name@entry=0x7fffffffd8b0, error=error@entry=0x7fffffffd8b8) at dwarf_macro5.c:774

gef> p fname
$8 = (Dwarf_Small *) 0x0
The arg (Dwarf_Small *fname) of _dwarf_file_name_is_full_path() is not checked before using.
Comment 1 Fedora Update System 2016-05-08 10:27:15 UTC 
libdwarf-20160507-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36c5935e5
Comment 2 Fedora Update System 2016-05-09 00:54:59 UTC 
libdwarf-20160507-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36c5935e5
Comment 3 Fedora Update System 2016-05-12 16:13:07 UTC 
libdwarf-20160507-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.