[DTrace-devel] [PATCH 2/4] Fix potential NULL pointer dereference issue
Kris Van Hees
kris.van.hees at oracle.com
Wed Jun 10 08:23:31 PDT 2020
The dt_link_stmt() function has all failure conditions (always known
to be memory allocation issues) jump to the 'fail' label to ensure
that allocated memory is freed. However, if fdp failed to be aloocated
we end up dereferencing a NULL pointer (fdp->dtdo_breltab).
Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
---
libdtrace/dt_cc.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libdtrace/dt_cc.c b/libdtrace/dt_cc.c
index 5319c173..2b687bb0 100644
--- a/libdtrace/dt_cc.c
+++ b/libdtrace/dt_cc.c
@@ -2404,9 +2404,11 @@ dt_link_stmt(dtrace_hdl_t *dtp, dtrace_prog_t *pgp, dtrace_stmtdesc_t *sdp,
return 0;
fail:
- dt_free(dtp, fdp->dtdo_breltab);
- dt_free(dtp, fdp->dtdo_buf);
- dt_free(dtp, fdp);
+ if (fdp) {
+ dt_free(dtp, fdp->dtdo_breltab);
+ dt_free(dtp, fdp->dtdo_buf);
+ dt_free(dtp, fdp);
+ }
return dt_set_errno(dtp, EDT_NOMEM);
}
--
2.26.0
More information about the DTrace-devel
mailing list