x86/crtools: Fix null pointer dereference

Submitted by Radostin Stoyanov on May 2, 2019, 7:47 a.m.

Details

Message ID 20190502074731.3257-1-rstoyanov1@gmail.com
State New
Series "x86/crtools: Fix null pointer dereference"
Headers show

Commit Message

Radostin Stoyanov May 2, 2019, 7:47 a.m.
Dereferencing a null pointer is undefined behavior.

ISO/IEC 9899, clause 6.5.3.2, paragraph 4
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf

Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
---
 criu/arch/x86/crtools.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/arch/x86/crtools.c b/criu/arch/x86/crtools.c
index ee016da00..307e0b604 100644
--- a/criu/arch/x86/crtools.c
+++ b/criu/arch/x86/crtools.c
@@ -288,21 +288,21 @@  void arch_free_thread_info(CoreEntry *core)
 static bool valid_xsave_frame(CoreEntry *core)
 {
 	UserX86XsaveEntry *xsave = core->thread_info->fpregs->xsave;
-	struct xsave_struct *x = NULL;
+	struct xsave_struct x;
 
-	if (core->thread_info->fpregs->n_st_space < ARRAY_SIZE(x->i387.st_space)) {
+	if (core->thread_info->fpregs->n_st_space < ARRAY_SIZE(x.i387.st_space)) {
 		pr_err("Corruption in FPU st_space area "
 		       "(got %li but %li expected)\n",
 		       (long)core->thread_info->fpregs->n_st_space,
-		       (long)ARRAY_SIZE(x->i387.st_space));
+		       (long)ARRAY_SIZE(x.i387.st_space));
 		return false;
 	}
 
-	if (core->thread_info->fpregs->n_xmm_space < ARRAY_SIZE(x->i387.xmm_space)) {
+	if (core->thread_info->fpregs->n_xmm_space < ARRAY_SIZE(x.i387.xmm_space)) {
 		pr_err("Corruption in FPU xmm_space area "
 		       "(got %li but %li expected)\n",
 		       (long)core->thread_info->fpregs->n_st_space,
-		       (long)ARRAY_SIZE(x->i387.xmm_space));
+		       (long)ARRAY_SIZE(x.i387.xmm_space));
 		return false;
 	}
 

Comments

Cyrill Gorcunov May 2, 2019, 8:11 a.m.
On Thu, May 02, 2019 at 08:47:31AM +0100, Radostin Stoyanov wrote:
> Dereferencing a null pointer is undefined behavior.
> 
> ISO/IEC 9899, clause 6.5.3.2, paragraph 4
> http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf
> 
> Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>

You should declare x with always unused attribute then, or similar.
Note though that we never claimed to be strict c99 compliant,
but rather rely on gcc behaviour. That said I don't mind for
such change but please update @x declaration.