From patchwork Tue Jan 30 12:14:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Frank Mehnert <frank.mehnert@kernkonzept.com>
X-Patchwork-Id: 1892819
Return-Path: <devel-bounces@uclibc-ng.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=kernkonzept.com header.i=@kernkonzept.com
 header.a=rsa-sha256 header.s=mx1 header.b=TAo1tCVU;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=uclibc-ng.org
 (client-ip=89.238.66.15; helo=helium.openadk.org;
 envelope-from=devel-bounces@uclibc-ng.org; receiver=patchwork.ozlabs.org)
Received: from helium.openadk.org (helium.openadk.org [89.238.66.15])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TPPPt2NpHz23dQ
	for <incoming@patchwork.ozlabs.org>; Tue, 30 Jan 2024 23:20:17 +1100 (AEDT)
Received: from helium.openadk.org (localhost [IPv6:::1])
	by helium.openadk.org (Postfix) with ESMTP id C155A3521090;
	Tue, 30 Jan 2024 13:14:07 +0100 (CET)
Authentication-Results: helium.openadk.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=kernkonzept.com header.i=@kernkonzept.com
 header.a=rsa-sha256 header.s=mx1 header.b=TAo1tCVU;
	dkim-atps=neutral
Received: from mx.kernkonzept.com (serv1.kernkonzept.com [159.69.200.6])
	by helium.openadk.org (Postfix) with ESMTPS id 800133521090
	for <devel@uclibc-ng.org>; Tue, 30 Jan 2024 13:14:04 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=kernkonzept.com; s=mx1; h=Content-Type:Content-Transfer-Encoding:
	MIME-Version:Message-ID:Date:Subject:To:From:References:In-Reply-To:Cc:
	Reply-To:Content-ID:Content-Description;
	bh=tOYN8I70Xm5T81qclJ0AXPy/kCNzfmEdSFYCJvvde7E=; b=TAo1tCVUdo1+FyL1tSo/zr3XNv
	ONh+T1KCvgZWiL9BEdwHHkfXHz98d+8n/3iW+Tr5JOQqWzmO89sl5EGDpmhKcaS1H1M5ONqDwFPOp
	tiYXR6FAdrVwu5oetZ9aLxp6+0J1v51A2inedSH7Ex4zRJGbP0xvuxmaiKj15OIwkIBIZQ0AjerBc
	FihAn7Ta/WisfQLp/Y9DmomNWQDz6eXXso8wXtDX1FiPB56K6dd5aDaJzefrYtl+ouWO/dbUjWDOW
	JyTujCiJdbSWCJvnaicSJbtL2TmkrBW+aQm68ZZd295bqqyyi1bcwzkSVBWVKWyO85JgAdXFF9psw
	BC59Jsyg==;
Received: from [10.22.3.60] (helo=noys4.localnet)
	by mx.kernkonzept.com with esmtpsa
 (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96)
	id 1rUn07-003bjx-2s
	for devel@uclibc-ng.org;
	Tue, 30 Jan 2024 13:14:03 +0100
From: Frank Mehnert <frank.mehnert@kernkonzept.com>
To: devel@uclibc-ng.org
Date: Tue, 30 Jan 2024 13:14:03 +0100
Message-ID: <6013950.lOV4Wx5bFT@noys4>
Organization: Kernkonzept
MIME-Version: 1.0
Message-ID-Hash: 7SWWBF7T3W7RE4X7YYZ3B4WHEIC5QVNK
X-Message-ID-Hash: 7SWWBF7T3W7RE4X7YYZ3B4WHEIC5QVNK
X-MailFrom: frank.mehnert@kernkonzept.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.3
Precedence: list
Subject: [uclibc-ng-devel] [PATCH] dl-elf.c: Add null-pointer check
List-Id: uClibc-ng Development <devel.uclibc-ng.org>
Archived-At: 
 <https://uclibc-ng.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/message/7SWWBF7T3W7RE4X7YYZ3B4WHEIC5QVNK/>
List-Archive: 
 <https://uclibc-ng.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/>
List-Help: <mailto:devel-request@uclibc-ng.org?subject=help>
List-Owner: <mailto:devel-owner@uclibc-ng.org>
List-Post: <mailto:devel@uclibc-ng.org>
List-Subscribe: <mailto:devel-join@uclibc-ng.org>
List-Unsubscribe: <mailto:devel-leave@uclibc-ng.org>

Hi,

static analysis tools complain that the following code lacks a null-pointer
check:

ldso/ldso/dl-elf.c:

          /*
           * Add this object into the symbol chain
           */
          if (*rpnt
  #ifdef __LDSO_STANDALONE_SUPPORT__
                  /* Do not create a new chain entry for the main executable */
                  && (*rpnt)->dyn
  #endif
                  ) {
                  (*rpnt)->next = _dl_malloc(sizeof(struct dyn_elf));
                  _dl_memset((*rpnt)->next, 0, sizeof(struct dyn_elf));
                  (*rpnt)->next->prev = (*rpnt);
                  *rpnt = (*rpnt)->next;
          }
  #ifndef SHARED
          /* When statically linked, the first time we dlopen a DSO
           * the *rpnt is NULL, so we need to allocate memory for it,
           * and initialize the _dl_symbol_table.
           */
          else {
                  *rpnt = _dl_symbol_tables = _dl_malloc(sizeof(struct dyn_elf));
                  _dl_memset(*rpnt, 0, sizeof(struct dyn_elf));
          }
  #endif
          (*rpnt)->dyn = tpnt;
          ^^^^^^^^^^^^^^^^^^^^


There is a check for (*rpnt == NULL) right after the first comment but the
"else" case which performs an allocation does only exist if SHARED is not
defined. Otherwise it may happen (at least in theory) that *rpnt=NULL when
executing

  (*rpnt)->dyn = tpnt;


Proposed fix:




Kind regards

Frank

diff --git a/ldso/ldso/dl-elf.c b/ldso/ldso/dl-elf.c
index 8210a012e..3ba3144e2 100644
--- a/ldso/ldso/dl-elf.c
+++ b/ldso/ldso/dl-elf.c
@@ -900,7 +900,8 @@ struct elf_resolve *_dl_load_elf_shared_library(unsigned int rflags,
                _dl_memset(*rpnt, 0, sizeof(struct dyn_elf));
        }
 #endif
-       (*rpnt)->dyn = tpnt;
+       if (*rpnt)
+               (*rpnt)->dyn = tpnt;
        tpnt->usage_count++;
        if (tpnt->rtld_flags & RTLD_NODELETE)
                tpnt->usage_count++;