30 Jan
2024
30 Jan
'24
12:14 p.m.
Hi,
static analysis tools complain that the following code lacks a null-pointer
check:
ldso/ldso/dl-elf.c:
/*
* Add this object into the symbol chain
*/
if (*rpnt
#ifdef __LDSO_STANDALONE_SUPPORT__
/* Do not create a new chain entry for the main executable */
&& (*rpnt)->dyn
#endif
) {
(*rpnt)->next = _dl_malloc(sizeof(struct dyn_elf));
_dl_memset((*rpnt)->next, 0, sizeof(struct dyn_elf));
(*rpnt)->next->prev = (*rpnt);
*rpnt = (*rpnt)->next;
}
#ifndef SHARED
/* When statically linked, the first time we dlopen a DSO
* the *rpnt is NULL, so we need to allocate memory for it,
* and initialize the _dl_symbol_table.
*/
else {
*rpnt = _dl_symbol_tables = _dl_malloc(sizeof(struct dyn_elf));
_dl_memset(*rpnt, 0, sizeof(struct dyn_elf));
}
#endif
(*rpnt)->dyn = tpnt;
^^^^^^^^^^^^^^^^^^^^
There is a check for (*rpnt == NULL) right after the first comment but the
"else" case which performs an allocation does only exist if SHARED is not
defined. Otherwise it may happen (at least in theory) that *rpnt=NULL when
executing
(*rpnt)->dyn = tpnt;
Proposed fix:
diff --git a/ldso/ldso/dl-elf.c b/ldso/ldso/dl-elf.c
index 8210a012e..3ba3144e2 100644
--- a/ldso/ldso/dl-elf.c
+++ b/ldso/ldso/dl-elf.c
@@ -900,7 +900,8 @@ struct elf_resolve *_dl_load_elf_shared_library(unsigned int rflags,
_dl_memset(*rpnt, 0, sizeof(struct dyn_elf));
}
#endif
- (*rpnt)->dyn = tpnt;
+ if (*rpnt)
+ (*rpnt)->dyn = tpnt;
tpnt->usage_count++;
if (tpnt->rtld_flags & RTLD_NODELETE)
tpnt->usage_count++;
Kind regards
Frank
11 Feb
11 Feb
6:11 a.m.
Hi Frank,
could you sent a patch including your good description with your
Signed-Off-By? For example with git format-patch -s origin
Thanks in advance
Waldemar
Frank Mehnert wrote,
Hi,
static analysis tools complain that the following code lacks a null-pointer
check:
ldso/ldso/dl-elf.c:
/*
* Add this object into the symbol chain
*/
if (*rpnt
#ifdef __LDSO_STANDALONE_SUPPORT__
/* Do not create a new chain entry for the main executable */
&& (*rpnt)->dyn
#endif
) {
(*rpnt)->next = _dl_malloc(sizeof(struct dyn_elf));
_dl_memset((*rpnt)->next, 0, sizeof(struct dyn_elf));
(*rpnt)->next->prev = (*rpnt);
*rpnt = (*rpnt)->next;
}
#ifndef SHARED
/* When statically linked, the first time we dlopen a DSO
* the *rpnt is NULL, so we need to allocate memory for it,
* and initialize the _dl_symbol_table.
*/
else {
*rpnt = _dl_symbol_tables = _dl_malloc(sizeof(struct dyn_elf));
_dl_memset(*rpnt, 0, sizeof(struct dyn_elf));
}
#endif
(*rpnt)->dyn = tpnt;
^^^^^^^^^^^^^^^^^^^^
There is a check for (*rpnt == NULL) right after the first comment but the
"else" case which performs an allocation does only exist if SHARED is not
defined. Otherwise it may happen (at least in theory) that *rpnt=NULL when
executing
(*rpnt)->dyn = tpnt;
Proposed fix:
diff --git a/ldso/ldso/dl-elf.c b/ldso/ldso/dl-elf.c
index 8210a012e..3ba3144e2 100644
--- a/ldso/ldso/dl-elf.c
+++ b/ldso/ldso/dl-elf.c
@@ -900,7 +900,8 @@ struct elf_resolve *_dl_load_elf_shared_library(unsigned int rflags,
_dl_memset(*rpnt, 0, sizeof(struct dyn_elf));
}
#endif
- (*rpnt)->dyn = tpnt;
+ if (*rpnt)
+ (*rpnt)->dyn = tpnt;
tpnt->usage_count++;
if (tpnt->rtld_flags & RTLD_NODELETE)
tpnt->usage_count++;
Kind regards
Frank
_______________________________________________
devel mailing list -- devel(a)uclibc-ng.org
To unsubscribe send an email to devel-leave(a)uclibc-ng.org
20 Feb
20 Feb
8:32 a.m.
Hi Waldemar,
sure, patch attached.
Frank
On Sonntag, 11. Februar 2024 07:11:36 CET Waldemar Brodkorb wrote:
Hi Frank,
could you sent a patch including your good description with your
Signed-Off-By? For example with git format-patch -s origin
Thanks in advance
Waldemar
Frank Mehnert wrote,
> Hi,
>
> static analysis tools complain that the following code lacks a null-pointer
> check:
>
>
> ldso/ldso/dl-elf.c:
>
> /*
> * Add this object into the symbol chain
> */
>
> [...]
22 Feb
22 Feb
6:46 p.m.
Hi Frank,
finally applied and pushed,
thanks
Waldemar
Frank Mehnert wrote,
Hi Waldemar,
sure, patch attached.
Frank
On Sonntag, 11. Februar 2024 07:11:36 CET Waldemar Brodkorb wrote:
> Hi Frank,
>
> could you sent a patch including your good description with your
> Signed-Off-By? For example with git format-patch -s origin
>
> Thanks in advance
> Waldemar
>
> Frank Mehnert wrote,
>
> > Hi,
> >
> > static analysis tools complain that the following code lacks a null-pointer
> > check:
> >
> >
> > ldso/ldso/dl-elf.c:
> >
> > /*
> > * Add this object into the symbol chain
> > */
> >
> > [...]
From 85bad53b21837b6816d6f4f53c31b6a08b6d68e4 Mon Sep
17 00:00:00 2001
From: Frank Mehnert <frank.mehnert(a)kernkonzept.com>
Date: Tue, 20 Feb 2024 08:32:20 +0100
Subject: [PATCH] ldso: add null-pointer check
There is a check for (*rpnt == NULL) a few lines above but the "else"
case performing an allocation does only exist if SHARED is not defined.
If SHARED is defined, the allocation is not performed and it may happen
(at least in theory) that *rpnt == NULL when executing
(*rpnt)->dyn = tpnt;
Add the null-pointer check.
Signed-off-by: Frank Mehnert <frank.mehnert(a)kernkonzept.com>
---
ldso/ldso/dl-elf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ldso/ldso/dl-elf.c b/ldso/ldso/dl-elf.c
index ac6db59e0..4f50d62b7 100644
--- a/ldso/ldso/dl-elf.c
+++ b/ldso/ldso/dl-elf.c
@@ -900,7 +900,8 @@ struct elf_resolve *_dl_load_elf_shared_library(unsigned int rflags,
_dl_memset(*rpnt, 0, sizeof(struct dyn_elf));
}
#endif
- (*rpnt)->dyn = tpnt;
+ if (*rpnt)
+ (*rpnt)->dyn = tpnt;
tpnt->usage_count++;
if (tpnt->rtld_flags & RTLD_NODELETE)
tpnt->usage_count++;
--
2.43.0
_______________________________________________
devel mailing list -- devel(a)uclibc-ng.org
To unsubscribe send an email to devel-leave(a)uclibc-ng.org
274
days inactive
297
days old
3 comments
3 participants
participants (3)
-
Frank Mehnert -
Waldemar Brodkorb -
Waldemar Brodkorb