Bug 1332148 - Null dereference bug in _dwarf_file_name_is_full_path()
Summary: Null dereference bug in _dwarf_file_name_is_full_path()
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libdwarf
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tom Hughes
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-02 11:23 UTC by lieanu
Modified: 2016-05-12 16:13 UTC (History)
2 users (show)

Fixed In Version: libdwarf-20160507-1.fc24
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-12 16:13:44 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Null 01 bug (5.53 KB, application/x-object)
2016-05-02 11:23 UTC, lieanu 		no flags Details
View All

Description lieanu 2016-05-02 11:23:29 UTC 
Created attachment 1152911 [details]
Null 01 bug

Hi, 

I have informed this bug to upstream, reporting it here just for bug tracking, thanks.

Null dereference bug in lastest git code.

0x2aaaaaceba60   <_dwarf_set_line_table_regs_default_values+112>  mov    rax,QWORD PTR [rip+0x24189]        # 0x2aaaaad0fbf0 <_dwarf_line_table_regs_default_values+80>
0x2aaaaaceba67   <_dwarf_set_line_table_regs_default_values+119>  mov    QWORD PTR [rdi+0x50],rax
0x2aaaaaceba6b   <_dwarf_set_line_table_regs_default_values+123>  ret
0x2aaaaaceba6c   nop    DWORD PTR [rax+0x0]
0x2aaaaaceba70   <_dwarf_file_name_is_full_path>  movzx  edx,BYTE PTR [rdi]              <- $pc
0x2aaaaaceba73   <_dwarf_file_name_is_full_path+3>  mov    eax,0x1
0x2aaaaaceba78   <_dwarf_file_name_is_full_path+8>  cmp    dl,0x2f
0x2aaaaaceba7b   <_dwarf_file_name_is_full_path+11>  je     0x2aaaaacebaa8 <_dwarf_file_name_is_full_path+56>
0x2aaaaaceba7d   <_dwarf_file_name_is_full_path+13>  xor    eax,eax
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[source:./dwarf_line.c+84]--
  80     */
  81     int
  82     _dwarf_file_name_is_full_path(Dwarf_Small  *fname)
  83     {
  84         Dwarf_Small firstc = *fname;                <- $pc
  85         if (is_path_separator(firstc)) {
  86             /* Full path. */
  87             return 1;
  88         }
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[trace]--
#0  _dwarf_file_name_is_full_path (fname=0x0) at ./dwarf_line.c:84
#1  0x00002aaaaacf40e0 in construct_at_path_from_parts (mc=0x65bff0) at dwarf_macro5.c:700
#2  dwarf_get_macro_startend_file (macro_context=macro_context@entry=0x65bff0, op_number=op_number@entry=1, line_number=line_number@entry=0x7fffffffd898, name_index_to_line_tab=name_index_to_line_tab@entry=0x7fffffffd8a0, src_file_name=src_file_name@entry=0x7fffffffd8b0, error=error@entry=0x7fffffffd8b8) at dwarf_macro5.c:774

gef> p fname
$8 = (Dwarf_Small *) 0x0
The arg (Dwarf_Small *fname) of _dwarf_file_name_is_full_path() is not checked before using.
Comment 1 Fedora Update System 2016-05-08 10:27:15 UTC 
libdwarf-20160507-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36c5935e5
Comment 2 Fedora Update System 2016-05-09 00:54:59 UTC 
libdwarf-20160507-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36c5935e5
Comment 3 Fedora Update System 2016-05-12 16:13:07 UTC 
libdwarf-20160507-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.