[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from
From: |
Christian Jullien |
Subject: |
Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen() |
Date: |
Mon, 28 Feb 2022 06:18:19 +0100 |
Thanks,
This is unfortunately not the only case where returned value is not tested,
just for fdopen, if maintainers agree, we can probably apply:
Wdyt?
git diff tcc*.c
diff --git a/tccelf.c b/tccelf.c
index 507e83c..bd0a1d9 100644
--- a/tccelf.c
+++ b/tccelf.c
@@ -2428,6 +2428,9 @@ static int tcc_write_elf_file(TCCState *s1, const char
*filename, int phnum,
return -1;
}
f = fdopen(fd, "wb");
+ if (f == NULL) {
+ tcc_error("Unable to fdopen %s for output", filename);
+ }
if (s1->verbose)
printf("<- %s\n", filename);
diff --git a/tccmacho.c b/tccmacho.c
index 57c62c3..f94f976 100644
--- a/tccmacho.c
+++ b/tccmacho.c
@@ -800,6 +800,9 @@ ST_FUNC int macho_output_file(TCCState *s1, const char
*filename)
return -1;
}
fp = fdopen(fd, "wb");
+ if (fp == NULL) {
+ tcc_error("Unable to fdopen %s for output", filename);
+ }
if (s1->verbose)
printf("<- %s\n", filename);
-----Original Message-----
From: Tinycc-devel [mailto:tinycc-devel-bounces+eligis=orange.fr@nongnu.org] On
Behalf Of John Scott
Sent: Monday, February 28, 2022 05:18
To: tinycc-devel@nongnu.org
Subject: [Tinycc-devel] NULL pointer dereference due to unchecked return from
fdopen()
Hi all,
I found this bug using the oomify tool at https://github.com/tavianator/oomify
The problem can be seen at tccelf.c around line 2430 (f has type FILE*):
f = fdopen(fd, "wb");
if (s1->verbose)
printf("<- %s\n", filename);
#ifdef TCC_TARGET_COFF
if (s1->output_format == TCC_OUTPUT_FORMAT_COFF)
tcc_output_coff(s1, f);
else
#endif
if (s1->output_format == TCC_OUTPUT_FORMAT_ELF)
tcc_output_elf(s1, f, phnum, phdr, file_offset, sec_order);
Note that the return value from fdopen() is not checked if it is NULL.
If the output format is ELF, then tcc_output_elf() expects that f is a valid
FILE* variable and passes it to fwrite(), which causes undefined behavior.
I don't know how to fix this, but hope that maybe one of you folks will
appreciate this report.
- [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), John Scott, 2022/02/27
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(),
Christian Jullien <=
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), grischka, 2022/02/28
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), Christian Jullien, 2022/02/28
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), Vincent Lefevre, 2022/02/28
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), Steffen Nurpmeso, 2022/02/28
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), Domingo Alvarez Duarte, 2022/02/28
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), Steffen Nurpmeso, 2022/02/28
- Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen(), Steffen Nurpmeso, 2022/02/28
- [Tinycc-devel] Re : Re: NULL pointer dereference due to unchecked return from fdopen(), david . koch, 2022/02/28
- Re: [Tinycc-devel] Re : Re: NULL pointer dereference due to unchecked return from fdopen(), Steffen Nurpmeso, 2022/02/28