Patrick Georgi merged this change.
util/romcc: Add extra NULL checks for member
In each of these cases it is possible that 'member' is NULL at the
beginning, which will skip the earlier while loops entirely and cause
a NULL dereference later on. Add extra error checks to prevent this.
Change-Id: Ib5873c0830b71397ef661976d387fc6ce33c5cd1
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1129147, 1129152, 1129153, 1129154
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32916
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
---
M util/romcc/romcc.c
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/util/romcc/romcc.c b/util/romcc/romcc.c
index 329cfd2..571a29f 100644
--- a/util/romcc/romcc.c
+++ b/util/romcc/romcc.c
@@ -6228,6 +6228,8 @@
size += size_of(state, member->left);
member = member->right;
}
+ if (member == NULL)
+ internal_error(state, 0, "Member is NULL");
size += needed_padding(state, member, size);
}
else if ((type->type & TYPE_MASK) == TYPE_UNION) {
@@ -6350,10 +6352,12 @@
i++;
member = member->right;
}
- size += needed_padding(state, member, size);
+ if (member == NULL)
+ internal_error(state, 0, "Member is NULL");
if (i != index) {
internal_error(state, 0, "Missing member index: %u", index);
}
+ size += needed_padding(state, member, size);
}
else if ((type->type & TYPE_MASK) == TYPE_JOIN) {
ulong_t i;
@@ -6402,6 +6406,8 @@
i++;
member = member->right;
}
+ if (member == NULL)
+ internal_error(state, 0, "Member is NULL");
if (i != index) {
internal_error(state, 0, "Missing member index: %u", index);
}
@@ -6640,6 +6646,8 @@
offset += size;
member = member->right;
}
+ if (member == NULL)
+ internal_error(state, 0, "Member is NULL");
offset += reg_needed_padding(state, member, offset);
member = reg_type(state, member, reg_offset - offset);
break;
To view, visit change 32916. To unsubscribe, or for help writing mail filters, visit settings.