bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/30951] Null pointer dereference in ldlex.l

From: 1157401338 at qq dot com
Subject: [Bug binutils/30951] Null pointer dereference in ldlex.l
Date: Mon, 09 Oct 2023 23:58:43 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=30951

yuxuan He <1157401338 at qq dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |1157401338 at qq dot com

--- Comment #3 from yuxuan He <1157401338 at qq dot com> ---
(In reply to Nick Clifton from comment #2)
> Hi 时宇羽然 ,
> 
>   Thank you for reporting this problem.  Your analysis is basically correct 
>   and so I have gone ahead and applied a small patch to add a check for
>   YY_CURRENT_BUFFER being NULL.
> 
>   The only problem I had with your analysis is that is shows the contents
>   of the bfin-lex.c file, which is not the one that is built from the
> ld/ldlex.l
>   input file.  I was concerned that there might have been some differences
>   between bfin-lex.c and ldlex.c, differences that affected this problem.
>   But, it turns out that as far as defining YY_CURRENT_BUFFER they are both
>   the same.
> 
> Cheers
>   Nick

(In reply to 时宇羽然 from comment #0)
> Created attachment 15159 [details]
> the detailed information of the bug
> 
> Hi, I found a null pointer dereference bug in the source code of binutils,
> and I have shown the execution sequence below. This bug exists in the file
> /ld/ldlex.l. The white text illustrates the steps that generate the bug.
> The return value of YY_CURRENT_BUFFER can be null, then it dereferenced at
> line 659 without checking if it is null.The detailed instrunctions are in
> the attachment.

(In reply to Nick Clifton from comment #2)
> Hi 时宇羽然 ,
> 
>   Thank you for reporting this problem.  Your analysis is basically correct 
>   and so I have gone ahead and applied a small patch to add a check for
>   YY_CURRENT_BUFFER being NULL.
> 
>   The only problem I had with your analysis is that is shows the contents
>   of the bfin-lex.c file, which is not the one that is built from the
> ld/ldlex.l
>   input file.  I was concerned that there might have been some differences
>   between bfin-lex.c and ldlex.c, differences that affected this problem.
>   But, it turns out that as far as defining YY_CURRENT_BUFFER they are both
>   the same.
> 
> Cheers
>   Nick

you are right, our analysis do not tell where the macro is defined, because
macro is inlined during preprocecing of compile, we actually find the define
via ide l tool, so the file we report may be uncorrect, sorry for that, but
based on the analysis results, the actual macro definition should not differ
significantly, as you said

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]