Jacob Garber has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32916
Change subject: util/romcc: Add extra NULL checks for member ......................................................................
util/romcc: Add extra NULL checks for member
In each of these cases it is possible that 'member' is NULL at the beginning, which will skip the earlier while loops entirely and cause a NULL dereference later on. Add extra error checks to prevent this.
Change-Id: Ib5873c0830b71397ef661976d387fc6ce33c5cd1 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1129147, 1129152, 1129153, 1129154 --- M util/romcc/romcc.c 1 file changed, 9 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/16/32916/1
diff --git a/util/romcc/romcc.c b/util/romcc/romcc.c index b9ec835..3f1e040 100644 --- a/util/romcc/romcc.c +++ b/util/romcc/romcc.c @@ -6228,6 +6228,8 @@ size += size_of(state, member->left); member = member->right; } + if (member == NULL) + internal_error(state, 0, "Member is NULL"); size += needed_padding(state, member, size); } else if ((type->type & TYPE_MASK) == TYPE_UNION) { @@ -6350,10 +6352,12 @@ i++; member = member->right; } - size += needed_padding(state, member, size); + if (member == NULL) + internal_error(state, 0, "Member is NULL"); if (i != index) { internal_error(state, 0, "Missing member index: %u", index); } + size += needed_padding(state, member, size); } else if ((type->type & TYPE_MASK) == TYPE_JOIN) { ulong_t i; @@ -6402,6 +6406,8 @@ i++; member = member->right; } + if (member == NULL) + internal_error(state, 0, "Member is NULL"); if (i != index) { internal_error(state, 0, "Missing member index: %u", index); } @@ -6640,6 +6646,8 @@ offset += size; member = member->right; } + if (member == NULL) + internal_error(state, 0, "Member is NULL"); offset += reg_needed_padding(state, member, offset); member = reg_type(state, member, reg_offset - offset); break;
Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32916 )
Change subject: util/romcc: Add extra NULL checks for member ......................................................................
Patch Set 1: Code-Review+2
Patrick Georgi has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/32916 )
Change subject: util/romcc: Add extra NULL checks for member ......................................................................
util/romcc: Add extra NULL checks for member
In each of these cases it is possible that 'member' is NULL at the beginning, which will skip the earlier while loops entirely and cause a NULL dereference later on. Add extra error checks to prevent this.
Change-Id: Ib5873c0830b71397ef661976d387fc6ce33c5cd1 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1129147, 1129152, 1129153, 1129154 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32916 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Patrick Georgi pgeorgi@google.com --- M util/romcc/romcc.c 1 file changed, 9 insertions(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Patrick Georgi: Looks good to me, approved
diff --git a/util/romcc/romcc.c b/util/romcc/romcc.c index 329cfd2..571a29f 100644 --- a/util/romcc/romcc.c +++ b/util/romcc/romcc.c @@ -6228,6 +6228,8 @@ size += size_of(state, member->left); member = member->right; } + if (member == NULL) + internal_error(state, 0, "Member is NULL"); size += needed_padding(state, member, size); } else if ((type->type & TYPE_MASK) == TYPE_UNION) { @@ -6350,10 +6352,12 @@ i++; member = member->right; } - size += needed_padding(state, member, size); + if (member == NULL) + internal_error(state, 0, "Member is NULL"); if (i != index) { internal_error(state, 0, "Missing member index: %u", index); } + size += needed_padding(state, member, size); } else if ((type->type & TYPE_MASK) == TYPE_JOIN) { ulong_t i; @@ -6402,6 +6406,8 @@ i++; member = member->right; } + if (member == NULL) + internal_error(state, 0, "Member is NULL"); if (i != index) { internal_error(state, 0, "Missing member index: %u", index); } @@ -6640,6 +6646,8 @@ offset += size; member = member->right; } + if (member == NULL) + internal_error(state, 0, "Member is NULL"); offset += reg_needed_padding(state, member, offset); member = reg_type(state, member, reg_offset - offset); break;
-
Jacob Garber (Code Review) -
Patrick Georgi (Code Review)