| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | strip.c: Pointer `arhdr` created at strip.c:2741 and then dereferenced without NULL-check. |
| 2 | The same situation for the `arhdr` pointer at the objdump.c:313 and |
| 3 | the `h` pointer at the readelf.c:13545. |
| 4 | |
| 5 | Triggers found by static analyzer Svace. |
| 6 | |
| 7 | Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com> |
| 8 | --- |
| 9 | src/objdump.c | 5 +++++ |
| 10 | src/readelf.c | 5 +++++ |
| 11 | src/strip.c | 5 +++++ |
| 12 | 3 files changed, 15 insertions(+) |
| 13 | |
| 14 | --- a/src/objdump.c |
| 15 | +++ b/src/objdump.c |
| 16 | @@ -311,6 +311,11 @@ handle_ar (int fd, Elf *elf, const char |
| 17 | { |
| 18 | /* The the header for this element. */ |
| 19 | Elf_Arhdr *arhdr = elf_getarhdr (subelf); |
| 20 | + if (arhdr == NULL) |
| 21 | + { |
| 22 | + printf ("cannot get arhdr: %s\n", elf_errmsg (-1)); |
| 23 | + exit (1); |
| 24 | + } |
| 25 | |
| 26 | /* Skip over the index entries. */ |
| 27 | if (strcmp (arhdr->ar_name, "/") != 0 |
| 28 | --- a/src/readelf.c |
| 29 | +++ b/src/readelf.c |
| 30 | @@ -13543,6 +13543,11 @@ dump_archive_index (Elf *elf, const char |
| 31 | as_off, fname, elf_errmsg (-1)); |
| 32 | |
| 33 | const Elf_Arhdr *h = elf_getarhdr (subelf); |
| 34 | + if (h == NULL) |
| 35 | + { |
| 36 | + printf ("cannot get arhdr: %s\n", elf_errmsg (-1)); |
| 37 | + exit (1); |
| 38 | + } |
| 39 | |
| 40 | printf (_("Archive member '%s' contains:\n"), h->ar_name); |
| 41 | |
| 42 | --- a/src/strip.c |
| 43 | +++ b/src/strip.c |
| 44 | @@ -2739,6 +2739,11 @@ handle_ar (int fd, Elf *elf, const char |
| 45 | { |
| 46 | /* The the header for this element. */ |
| 47 | Elf_Arhdr *arhdr = elf_getarhdr (subelf); |
| 48 | + if (arhdr == NULL) |
| 49 | + { |
| 50 | + printf ("cannot get arhdr: %s\n", elf_errmsg (-1)); |
| 51 | + exit (1); |
| 52 | + } |
| 53 | |
| 54 | if (elf_kind (subelf) == ELF_K_ELF) |
| 55 | result |= handle_elf (fd, subelf, new_prefix, arhdr->ar_name, 0, NULL); |