possible null pointer dereference in elfchk/check_FDE
Bug #1327655 reported by
Jeff Johnson
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| lsb |
Fix Committed
|
Medium
|
Unassigned | ||
| Mandriva |
Fix Released
|
Medium
|
|||
Bug Description
Coverity scan results, misc-test/
565 for (cie = cie_list; cie != 0; cie = cie->next) {
566 if ((offsetptr - fdeimage.
567 break;
568 }
after this loop we've either got a match, leaving cie set to a list element, or
we didn't, leaving cie as NULL (the end condition for the loop).
at lines 570 and 594 we run code which dereferences cie, but only after
checking it's not NULL - appropriate.
But then:
623 while (ptr < endptr)
624 ptr += check_CFI(ptr, error, cie->fde_encoding);
now we're dereferencing cie without checking, and it could be NULL.
[reply] [-] Comment 1
| Changed in mandriva: | |
| importance: | Unknown → Medium |
| status: | Unknown → Fix Released |
To post a comment you must log in.
