From 6ef39fe95fc5956397585fedb4424376b08d8d0e Mon Sep 17 00:00:00 2001 From: Simon Marchi Date: Sun, 22 Jan 2023 14:35:32 -0500 Subject: [PATCH] lib: add null checks before "casting" to "base class" MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit With -fsanitize=undefined, I see: /home/simark/src/babeltrace/src/lib/error.c:526:2: runtime error: member access within null pointer of type 'struct bt_error_cause_component_actor' This is because doing `&cause->base` is undefined behavior if cause is NULL. Add NULL checks around these expressions, when cause may be NULL. Change-Id: Ie11273a24aa17a96bfccf10b121838e48c61984b Signed-off-by: Simon Marchi Reviewed-on: https://review.lttng.org/c/babeltrace/+/9584 Tested-by: jenkins Reviewed-by: Jérémie Galarneau --- src/lib/error.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/src/lib/error.c b/src/lib/error.c index 9144bd96..bd8259ab 100644 --- a/src/lib/error.c +++ b/src/lib/error.c @@ -300,8 +300,10 @@ struct bt_error_cause_component_actor *create_error_cause_component_actor( goto end; error: - destroy_error_cause(&cause->base); - cause = NULL; + if (cause) { + destroy_error_cause(&cause->base); + cause = NULL; + } end: return cause; @@ -341,8 +343,10 @@ create_error_cause_component_class_actor(struct bt_component_class *comp_cls, goto end; error: - destroy_error_cause(&cause->base); - cause = NULL; + if (cause) { + destroy_error_cause(&cause->base); + cause = NULL; + } end: return cause; @@ -407,8 +411,10 @@ create_error_cause_message_iterator_actor(struct bt_message_iterator *iter, goto end; error: - destroy_error_cause(&cause->base); - cause = NULL; + if (cause) { + destroy_error_cause(&cause->base); + cause = NULL; + } end: return cause; @@ -523,7 +529,10 @@ int bt_error_append_cause_from_component( cause = NULL; end: - destroy_error_cause(&cause->base); + if (cause) { + destroy_error_cause(&cause->base); + } + return status; } @@ -557,7 +566,10 @@ int bt_error_append_cause_from_component_class( cause = NULL; end: - destroy_error_cause(&cause->base); + if (cause) { + destroy_error_cause(&cause->base); + } + return status; } @@ -590,7 +602,10 @@ int bt_error_append_cause_from_message_iterator( cause = NULL; end: - destroy_error_cause(&cause->base); + if (cause) { + destroy_error_cause(&cause->base); + } + return status; } -- 2.34.1