[DTrace-devel] [PATCH 2/4] Fix potential NULL pointer dereference issue

[Kris Van Hees]

The dt_link_stmt() function has all failure conditions (always known
to be memory allocation issues) jump to the 'fail' label to ensure
that allocated memory is freed.  However, if fdp failed to be aloocated
we end up dereferencing a NULL pointer (fdp->dtdo_breltab).

Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
---
 libdtrace/dt_cc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libdtrace/dt_cc.c b/libdtrace/dt_cc.c
index 5319c173..2b687bb0 100644
--- a/libdtrace/dt_cc.c
+++ b/libdtrace/dt_cc.c
@@ -2404,9 +2404,11 @@ dt_link_stmt(dtrace_hdl_t *dtp, dtrace_prog_t *pgp, dtrace_stmtdesc_t *sdp,
 	return 0;
 
 fail:
-	dt_free(dtp, fdp->dtdo_breltab);
-	dt_free(dtp, fdp->dtdo_buf);
-	dt_free(dtp, fdp);
+	if (fdp) {
+		dt_free(dtp, fdp->dtdo_breltab);
+		dt_free(dtp, fdp->dtdo_buf);
+		dt_free(dtp, fdp);
+	}
 
 	return dt_set_errno(dtp, EDT_NOMEM);
 }
-- 
2.26.0