From patchwork Wed Oct 12 02:23:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13004600 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E372EC4332F for ; Wed, 12 Oct 2022 02:24:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229504AbiJLCYS (ORCPT ); Tue, 11 Oct 2022 22:24:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229490AbiJLCYR (ORCPT ); Tue, 11 Oct 2022 22:24:17 -0400 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00044.outbound.protection.outlook.com [40.107.0.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 130DA75499 for ; Tue, 11 Oct 2022 19:24:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XNVNW6NiwGR0MrQs14JKoQTvzP8Ex2Ltylak6IXBvThep9VHZ/SQozJApWsgnNou5ZmpBk/+GUJKpCSsReutdPTrA53rmzlD+M/46YXhliEJqeJXu2DarJzCNVPzq4zX6GslELt1zrrNSZT8zBluNHU7G1++XVATEapKKRmmRL1jdDEsz0rTbOxplDzz0QVz0EJKio/bJjj0YZG4ZsjVSrY4+rDotAVRCJKYjjw4CH7T4iS0K1HVtvboQ+xny51JJ69KuMRNV3zvMRZptWjWrI8wVbDdqXSYx8sLyi6huOYDjIX9zBwvH3xN12QWwC6HkMZdYjhokSJazUqcS5wtsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fQSUkLiF8j5KVXhie56eyNFoLVPUVEDUa6BxHGHtQsI=; b=DqddY+nzRr5Fv1reLY3hTm/cQkNBcAUwbkcor/JDKaKrk8Np/fls7Ij8bsLRhhGzK3blU7ZK2f5VLPo12htXiug739050+9shW5VNAFqdUdMRTPFrVfaxhvXg6rEdwAazZKQzLx4hmvO7EoTyXSNDIYGaXEDS6RWzuEmRxp8eWl21iB7pO3QYdbiuFP/x6N+FuB8dTW6hU96RdUqKeoFii1JRfNOasuP4aZ8k4qYladIPwMcVmasb9EqiR0OhjJ1Rk9hXv69VJ5lIbwIkte4+f90uD/1HTiBA6ihikykjVUdWUX8eC8LO0S7C451sG8H55pPurPXEfALRqNt54Om6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fQSUkLiF8j5KVXhie56eyNFoLVPUVEDUa6BxHGHtQsI=; b=WNKGI+T912XW8f1rFDa33oiqv9NDYY+P//AQLcc37isDZLvyPMolOFhqf7yzjBI9Pw6h2KJ2FcpDezgHeSF+T8ixWeqgBt4XiEa6dRGccPUQ8kzdazas92sLHZmj4gk6E6zBCGoUfHhQNkocjCSG9keq88JnUSxZ2T/MLL6wOZwkCVtY2J+MRrwxK2nsjFxvXaunfCaoPe+3aQCBgsgBHetsi0HH1p273XvSYFu972nxl5BnTC/v5CzZcs04nnsP7PbZWn0aqWdar+74Rn019hYvmjbP/nKAgXeb9AJ1xHUiuLkMFqmA5scIrD49iBLcQ0aFFR4VV16823MeIplCrg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) by PAXPR04MB9204.eurprd04.prod.outlook.com (2603:10a6:102:227::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Wed, 12 Oct 2022 02:24:14 +0000 Received: from DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2]) by DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2%5]) with mapi id 15.20.5709.021; Wed, 12 Oct 2022 02:24:14 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org, Andrii Nakryiko Cc: Shung-Hsi Yu , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Subject: [PATCH bpf-next v2 1/3] libbpf: use elf_getshdrnum() instead of e_shnum Date: Wed, 12 Oct 2022 10:23:51 +0800 Message-Id: <20221012022353.7350-2-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221012022353.7350-1-shung-hsi.yu@suse.com> References: <20221012022353.7350-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: FR3P281CA0012.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::15) To DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR04MB8107:EE_|PAXPR04MB9204:EE_ X-MS-Office365-Filtering-Correlation-Id: bae65e29-e60e-49d6-da12-08daabf8dadf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: E2XQSrTd7GORiJjaGEv7wzOs8tkjzT1pM9A7HPWx2QZ0N/vUg9OZ2UdY0KSsLFeWHzR0X6rWNpg8hxHu0R4pifllLenq1uchXytPTIWZ1jb7s40aYb+Ric4lNz1M1+0UMEupiXVCK/hA2EyJXHuMG+5ly1lypUqMxZJeAYRCw8ZD1kn4m4I4i4JsuQwD+xKlIk29c1pv9Bcvu240yHkDzcAUMjUk/1rSsazkINWXHY3kpQPFJVKs1FdSUAL32aXFJeoEotSvXyqHyL6lyrG4QpEk5TvPH+kp5dREX63ti3km3VoWuglMJN51JryxQTAsbWRq+WtCHpJ7BblPbTQnG/Mgi8co5voCe5u+hDK78YP1E38k2mGt1lpNQlNJ7mAKyY1EutEyZVr+GZOvdor9ydzw8ng5NgK8mBU4dJrqGV1weQB8ylcHeCrfARPK5s8GsegiUyYAKHOcmaC03LGE7dH/tPzhQGr01Xqq0jyAm9AGswcLwI5Sn5ge0ufcNJlEMgEsRudkRjQhE5u9iDUa1Nw+vkbDfVejPS3B5G3HjHq/V6KmMcy0FS7VD4f+BPStSuGDu/UX0vySWsfQf82H9M4EfHoRBXz2I7svbfLqZU858yz77H5o6ueJli6PQzjqLgHnyatccvUAvgpNByphZfkGUjCH41JeNEAXCzoZkCRYr4XwyaK6TKsCR9VGrnQihLPHR3oANRYbzloi9DgP/txrkMLhyakPURbuxPBe7L0b2NqJkVYvh20citRvQAaV+HG11d9XJ5JihgPEiexcLQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR04MB8107.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(39860400002)(396003)(136003)(376002)(346002)(366004)(451199015)(1076003)(6512007)(26005)(186003)(316002)(38100700002)(966005)(6486002)(54906003)(36756003)(478600001)(6916009)(86362001)(8676002)(6666004)(2616005)(6506007)(83380400001)(5660300002)(7416002)(4326008)(8936002)(66556008)(66946007)(66476007)(41300700001)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mV69WClHeSHKeompTT7j5o0kNRSPQc+628wN0IeejatTLKj8IOUo44JOpsnFmn9QIJLkc4zeHhDY6ck9aWMAz55/tiLkMVfFDVllMtHLF0KhyG6FL36RK+tH7bcXmalLsnvQw8+OTV+v+LsR22bPO7GYp6UportTsO+L+maBm3VxJcr8XJuvzv+HWaAvxjBtIqTWI3B+SB6ZA19r4RoDDi89XS0xOKu29OLXBEs6X/5yCU+umRM1VJUVImOm3i5MmBlnKM86hKNpMXQU5kfJammS7qgefDsBjjv2uQTE990uiS50899nDztH4ndvH3G37kCxG8NZL2SdpKbV6u3BCvXYrlxxTt/gIv+KzlVigIAfOfnpQjcZbBjRCZP8lDgwTK2vUZ/Pt7ru8Ac1upv7Tztmyhx11dA9nW1zLaOg096IKETSDMtqTqvwYPCoA3eeazuA7YZ7ot0sgUDd5W/TcUXysY5XxOzEgTTZtkmfaOlp7t8Zy6Uvc/om0dnxr0oXmoxufD/onTf6gdlxAWW5QVhqrqM7HeRuwgKT/ZffwEZ30/SZNXU25vfwixXcUF9DARC0w1gzJBbsk1CYx20Pfu+mQRCZWKI1I9nvh3oGSlPrxdPL7MEHnojAoYVuUmpt092yYZ4MPUyzaGIq7DTwakl9/dyYQ9jAZ1WVAnFXhV4JumpVAYNbTCYZVGDcbBPB3ZfB4m1OI5w2W8cPAZKndoJ4kjyYzi4iB+IbrhC9XvKb3mYMc/343j8TyLypK17fvmxSRXQktTIF4odWIU31B8heAe7l77iq/cVxPJ7iyYeQK6C93nM46YvuN0K7oYRZ/H7J0Dj1fwrT0HNEwnUrQxt8Dghogtg3oH7Nj/3mY1qGAIDuEOtRwyK+MKwiPI8k/ggzJ+BFcmO0D7nWlqZGJrv7Ndtt+qTCTr7AzdkRAH1mhLDahKGpvWgDxMBkcYgSY08vLZcc8THxwleYyhyk0N0+dpR3Dg4F9lU9o8i4Qb7/CHrJJUoz4WpBJV6Ie7tDObeLB4H2fcrQNtjSea+5TOPJS49vnUoQrswFnTEkbj0Ey0Fnn1FMKHBBYLdA5Hwifn0R8XeZyE7gkRfuJ1r3vHUq+pbjYIEE4DtxBgnXXPbKI+xQVfB2bt1npntjmj02IjQXjg/tZo3i8EH8wjS112uIg5unS6b7zlX7Nv/GmljP/9AXUgZWaKTpf8htPgdwgTsatu3f+EAyx0CrT9MWwwhdpcblbnTq/48l8Y9XEVQ3VQVxeu3Gfn+uNGVqshyy1nm7/MExJ+RlyWsdMlYWAGPlr8rHTAXzjfdYMy178vM06tWUA8dpW1mwJMaX8DTc0kCN5uU8awBOkBvjF+A4FW2KGhK8Hsk17x+W9GFqEDPdFoQmpxjwK30CGhtL4WhjcgQ67GtCuMXsrZnvjwPFWsw7PVU7TOpm1S3hVG/kn0S7gp30OJxSqr5VrrvSfOFAQRcnNmhfBRyyc/nOFFH5sMbWeyxoX4NLet/jr6RXEICcem2OPQE113n0QCcGQwIVMrQZopLZxVj+0oQJSgYabqAvHApH7TsFkgnLBwuA/CK+asHnWiacHtOIIhiF+skr X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: bae65e29-e60e-49d6-da12-08daabf8dadf X-MS-Exchange-CrossTenant-AuthSource: DB9PR04MB8107.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 02:24:14.3224 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6Zg30m+I5RL4BkfvlD9Et2ykEfiaDx0l1Q3Paulh5NVaAKZXbeimloHt5aOOSFaaDRHh71KxsX6TuGv80c9lzQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9204 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This commit replace e_shnum with the elf_getshdrnum() helper to fix two oss-fuzz-reported heap-buffer overflow in __bpf_object__open. Both reports are incorrectly marked as fixed and while still being reproducible in the latest libbpf. # clusterfuzz-testcase-minimized-bpf-object-fuzzer-5747922482888704 libbpf: loading object 'fuzz-object' from buffer libbpf: sec_cnt is 0 libbpf: elf: section(1) .data, size 0, link 538976288, flags 2020202020202020, type=2 libbpf: elf: section(2) .data, size 32, link 538976288, flags 202020202020ff20, type=1 ================================================================= ==13==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000c0 at pc 0x0000005a7b46 bp 0x7ffd12214af0 sp 0x7ffd12214ae8 WRITE of size 4 at 0x6020000000c0 thread T0 SCARINESS: 46 (4-byte-write-heap-buffer-overflow-far-from-bounds) #0 0x5a7b45 in bpf_object__elf_collect /src/libbpf/src/libbpf.c:3414:24 #1 0x5733c0 in bpf_object_open /src/libbpf/src/libbpf.c:7223:16 #2 0x5739fd in bpf_object__open_mem /src/libbpf/src/libbpf.c:7263:20 ... The issue lie in libbpf's direct use of e_shnum field in ELF header as the section header count. Where as libelf implemented an extra logic that, when e_shnum == 0 && e_shoff != 0, will use sh_size member of the initial section header as the real section header count (part of ELF spec to accommodate situation where section header counter is larger than SHN_LORESERVE). The above inconsistency lead to libbpf writing into a zero-entry calloc area. So intead of using e_shnum directly, use the elf_getshdrnum() helper provided by libelf to retrieve the section header counter into sec_cnt. Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957 Fixes: 0d6988e16a12 ("libbpf: Fix section counting logic") Fixes: 25bbbd7a444b ("libbpf: Remove assumptions about uniqueness of .rodata/.data/.bss maps") Signed-off-by: Shung-Hsi Yu --- tools/lib/bpf/libbpf.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) -- 2.37.3 diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 184ce1684dcd..2e8ac13de6a0 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -597,7 +597,7 @@ struct elf_state { size_t shstrndx; /* section index for section name strings */ size_t strtabidx; struct elf_sec_desc *secs; - int sec_cnt; + size_t sec_cnt; int btf_maps_shndx; __u32 btf_maps_sec_btf_id; int text_shndx; @@ -3312,10 +3312,15 @@ static int bpf_object__elf_collect(struct bpf_object *obj) Elf64_Shdr *sh; /* ELF section indices are 0-based, but sec #0 is special "invalid" - * section. e_shnum does include sec #0, so e_shnum is the necessary - * size of an array to keep all the sections. + * section. Since section count retrieved by elf_getshdrnum() does + * include sec #0, it is already the necessary size of an array to keep + * all the sections. */ - obj->efile.sec_cnt = obj->efile.ehdr->e_shnum; + if (elf_getshdrnum(obj->efile.elf, &obj->efile.sec_cnt)) { + pr_warn("elf: failed to get the number of sections for %s: %s\n", + obj->path, elf_errmsg(-1)); + return -LIBBPF_ERRNO__FORMAT; + } obj->efile.secs = calloc(obj->efile.sec_cnt, sizeof(*obj->efile.secs)); if (!obj->efile.secs) return -ENOMEM; From patchwork Wed Oct 12 02:23:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13004601 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85766C4332F for ; Wed, 12 Oct 2022 02:24:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229502AbiJLCYX (ORCPT ); Tue, 11 Oct 2022 22:24:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229490AbiJLCYW (ORCPT ); Tue, 11 Oct 2022 22:24:22 -0400 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00048.outbound.protection.outlook.com [40.107.0.48]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95DD2A487F for ; Tue, 11 Oct 2022 19:24:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q5Djy8C4mJWM2If7q9HZaYtsB7oKvp96xTvZktnWBIrRVXBHyCY9GWXacNedybYw6GBlFxTEZptivQs5py3B6g+jSa1qWakmlp/vH4ozSKBJgL0BHEH+Qz3+8OE6PerYwxIwf+4LVxBCcufr7PzZpJ9xf3k6gxJcP9dTqMHdrEjxk7NSMCaZp98Wm8eQ5h4Iuw50tsyQdelW51zjZTIF3S3WgVxoKFJGBgdHuVXBDxhVIah3kBDJKVzb2BR8azq1GhWgbDSn1JhpHU9tzfVfknONUWVgUIqhUgCYyIexlgXD7+95T7ung+DuW7Bs5d8Vba7tGT5Dv+oMLDn659Onow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WCV/P9zXYPd7c3pkHoquAC7biOmqxwyrpm+RefEc0AI=; b=FTxnVt16hq14e7wXjtwj0gXgCAKcpDq8ZvX93LzxCLPrhESVp03BgYOiEYGiIgv5CzgV3GLUyhFL9qbkychNCP9VCJwRjQuoXPajWcR4u9mBcSnAmPT33PpEOKszsTN+GHBWAt9tPTOJX6b/OGjfDZhF+Dth1ocnAnETSqRxt5bsObVua92fd67EKarGuYXhIHyNrUMEBEoR8aYed2dJxf066Nmu06UOJ9h0ydganDWW4ToyodhLXL6ROTa/RvHL1H0c8AxnKeSmDzandSKwG6v0pcVO/YCmG2BwQTieb+LUTamAKFKsmDa62vL2Ejmn1tPU7++DIKkweyX5Oe5LWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WCV/P9zXYPd7c3pkHoquAC7biOmqxwyrpm+RefEc0AI=; b=oSIDkU3XMdHvMtx2AmnCLbLn7BCI11nqQcjnwuChTfbMwpTGkLiBQOX1pWXpYPWIPfFeLFXtumqRC/nzD/AK7ivF/qleTxWaQ9tH3ZPeBd7NE5usYZOawoRj06YqF/jjuIMdvn72Gob0hidhwigZk2kkv0Ele8tOU4ca3o4o+ZAm9sMmvG7dSkh7oz3AqyQAmxi9sWsZ6ke+k4rCJ2VT69p4c6H70gF5+b3Wo/IN7lzUTq+grjNcj+zV08W7RUuimgxAtu7fWCEX7gcNvqcBbs0Wz3gQSS8mw6LmAc0r3dT08qlO8n75h3QabzOZGyYgED9Uhtn7inm+QSX/qXkAcg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) by PAXPR04MB9204.eurprd04.prod.outlook.com (2603:10a6:102:227::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Wed, 12 Oct 2022 02:24:18 +0000 Received: from DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2]) by DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2%5]) with mapi id 15.20.5709.021; Wed, 12 Oct 2022 02:24:18 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org, Andrii Nakryiko Cc: Shung-Hsi Yu , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Subject: [PATCH bpf-next v2 2/3] libbpf: deal with section with no data gracefully Date: Wed, 12 Oct 2022 10:23:52 +0800 Message-Id: <20221012022353.7350-3-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221012022353.7350-1-shung-hsi.yu@suse.com> References: <20221012022353.7350-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: FR3P281CA0013.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::18) To DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR04MB8107:EE_|PAXPR04MB9204:EE_ X-MS-Office365-Filtering-Correlation-Id: b030cadd-8267-46df-0bdb-08daabf8dd66 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jKcOhEXUqOzWCMN5i2QROh42pazkAR4zJoeJgvMS/b5ibBGX/b47UsFctduuF+VZ7oMxYy7Mi5o/UYmFkBbF/yo3EJnjgeq0qUTXLB2DfDC2pDpejEX7W3s8gZ1W5advvKJmc5jsP42N/VCppD8zEC2/+Yl5lrl+7H8cKBFHpwVxME7bnrgbWsDx4ceqtK1LSqYEBpub498aGszJQzj0X6kCSvn18c3SXNdz4sxlfxWfwXv29tx0YeJRm0cvdZZgGfAVfRieM2DBqwWQsE1LlmR603oY73LeCQmVRkG6F9vL4zdjuPp/GPWTF+GW/AwPdX9fZQtpT4hxZhPM2HpocjQ5jPGR2QrtJPHkdfSEC+K4O7Pblf0+7AZdVIkSw1+Tf4ah8WBmhPjYfZSNsdzL7PzLiYYlXVS8Ct4Y79yax/iS/JRENEwHu5Tvh30FoNYhbdyGU873a5vqLCKR7QDIMNjNsoBQwsUFl9iOsJmxxchg10/1o4RvifFrd0D8BCcG+7uPStnABi2pydRp63azC6hXgknNBTSPmU94DNczaZj4OaI2WE1h004kpq0c4H/BjkIDX5uaFjbElJ83+WSyll9VlCjMNxwF/p/wQCoVRFzQS8AhK62CbDFT86ROrx/7pSnoqqUo/sZu3OroCQ9ogfF1mNeVkDSvgUh1hS770AO5kmU63mZyjrQ4Dakjdf5VuRBCWkPq9SIcC7Mnt+pmLg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR04MB8107.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(39860400002)(396003)(136003)(376002)(346002)(366004)(451199015)(1076003)(6512007)(26005)(186003)(316002)(38100700002)(6486002)(54906003)(36756003)(478600001)(6916009)(86362001)(8676002)(6666004)(2616005)(6506007)(83380400001)(5660300002)(7416002)(4326008)(8936002)(66556008)(66946007)(66476007)(41300700001)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: CuKF5B5f3PGj7VuO6fehc/kR6Kd73b/oGm8pbVB2bQfTIX7QXLolt+z24YY48j2FKduhNvrTzYdjymAf1JzGxw66Yr0XVFQCB3GE9K11K2dbdk7B4pDxO9PFrYZb8pTJb3oQkCxsno6X+/+f8hIrGqB4E5tVbS81TcwWeqdcNOz+cKBBJaXnBguwysKa8gXh744zYY0OWlWiaoVKQnd8stpCRYLvMleEF+1OTbTzDDxjSJWyu7CE4AjnUd7LPpiv5NuuiX1yHEf6BLf6rPosu8mAVZtMrSuiTuP/deKn2oAbgcI65zUL7QAadabylz2izBcpsaLOEMo8N8nZVH/Vepn4Oy+Oh1FVjMXeo/G3r8xPj8zbuyQWmjiRQR0ga91jjvCLq3tFfFZwzefJ9kvwtXODKdez3xbY4KrA4IxbyKJ5hDuzcCzlr3gToGg2Bb5hQG8fSJbfFHQBqcpWBd25HCK+Px4dh4lSvvBlAgbAMwxdChH/kezSe6uMvydRE6djb5WwHyuYTKl7Tw5Mh1yqCrWiDqVzAuETIfUH3KM3tslvmnzgfqbGYg2PixQENIqfCl2pqZOp/yAzTbRA0yhPDibSxI6/61UvnfgBB1Ye9MgHzDq2h7W7PuaT+b4c4D6AhQQpLq1nmAei4mo9FncOst1gnedA5vXmJ7XPYH9UWsk9bw3sIIV0UMxRU6vFNUYTIE7yj939hHmKkh9IeUIwi5K13hqrfeUTV4vkf+hyRL0HOLOAh206/FR/xP4IvGxENTgjGc7oo4LINWJHznXE5OJnrijb5U61Njpz2CkHYVa5T/n9xnCrNHH/W1QOlom7PnMwbNMdCHACK6y6LbMFu4oUunldnyMtkQ/Zor0QdEe7Uq+VgUehLrqHO8KHlvXcJM2h0JO9JZmb24sphseowuh+Kve4SIUht+8/lyzPk/E6xJkjlKbYauI0KOGdthwIgDC9sVemEMI82gYmFjDcRra17cIxd0k7i4FPPsiuodrAQhm44JygZyLn6AzrKsWArEAp99lqgOxaF19Uhj/ajHVEDE78t7/ZKzusdBCkl2uZrCua0SA64makj/8AsR5fVCdrdPU+yRnpbMIMibGtJN/KPNZsdyPmZ+3LxCKplNS6N9Xq6/MBuxhUGNvd2ZvdcgX6TTQAunTSUJDzeg4AStafKeTu26rEcBpMcR7a6yzoE3nxnEihCtHjvpSfwpBeAIK4POoUnbDj1M3wtTq1HjkTqIcWrHVR5AiI78XJW3JQ02VKvHzXetZrBKglRj9Re7wKAf/p2aLG1Oz7xHQLJteT3SNRyFkkaVErNArQz8t4ZtKcYvHDm5E2Zlm9bDBDV2a+WGDjCUt83xS1RAluaaewQia9rQpB6+503hkpEBQh093NNeZ4YvvxNCOHHsMovL4PTTq913vJtBaT+SY+VfwNQpjbrRwylHUH3WtSeHrOZ+WHA4QAJIM1BIvBmA17JvVZetofsplI4VcKz4gPO2pi/Ym+aWupoWXNqfe6UFDALrz0W8gvZ0J/xOo/qvV8BxJY8UvgmP3KmVKZ4Pedk00DnTWhXkbFoPtEw/TUN6ilSyQGAoEO/oD0XbL8vQx8 X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: b030cadd-8267-46df-0bdb-08daabf8dd66 X-MS-Exchange-CrossTenant-AuthSource: DB9PR04MB8107.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 02:24:18.5100 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5PdELYDYHEcgE5YKs0wl/IuxRqQgl5LidWQwv1IDz8rnNTNWZfl0alm6uZFkH4ICH7rnl5aiwSBWyx4umOmvRw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9204 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net ELF section data pointer returned by libelf may be NULL (if section has SHT_NOBITS), so null check section data pointer before attempting to copy license and kversion section. Fixes: cb1e5e961991 ("bpf tools: Collect version and license from ELF sections") Signed-off-by: Shung-Hsi Yu --- tools/lib/bpf/libbpf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.37.3 diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 2e8ac13de6a0..29e9df0c232b 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -1408,6 +1408,10 @@ static int bpf_object__check_endianness(struct bpf_object *obj) static int bpf_object__init_license(struct bpf_object *obj, void *data, size_t size) { + if (!data) { + pr_warn("invalid license section in %s\n", obj->path); + return -LIBBPF_ERRNO__FORMAT; + } /* libbpf_strlcpy() only copies first N - 1 bytes, so size + 1 won't * go over allowed ELF data section buffer */ @@ -1421,7 +1425,7 @@ bpf_object__init_kversion(struct bpf_object *obj, void *data, size_t size) { __u32 kver; - if (size != sizeof(kver)) { + if (!data || size != sizeof(kver)) { pr_warn("invalid kver section in %s\n", obj->path); return -LIBBPF_ERRNO__FORMAT; } From patchwork Wed Oct 12 02:23:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13004602 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64BE1C433FE for ; Wed, 12 Oct 2022 02:24:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229516AbiJLCY0 (ORCPT ); Tue, 11 Oct 2022 22:24:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35676 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229506AbiJLCYZ (ORCPT ); Tue, 11 Oct 2022 22:24:25 -0400 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00078.outbound.protection.outlook.com [40.107.0.78]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95A3E43E59 for ; Tue, 11 Oct 2022 19:24:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eOj0nFonGTuzvEdr4uQy0EYl0bTNxxQ9jgJtT5b2UdVqUv6eHfN4SNmT81qtQugK4nWsZEbZ5ROGThMVjZ72pHMVgirSQ9KXPybuNz3tT5IyuigpEg+uDd2RSsEkIdQH4eM/bsSWbKrLR7Nczvaf6ZPeeZxkeVtM4EXufCVsEKwxmfuLiWWxXaPJHnaXlrSKAepO/u2/bePf5EgIeejjM28mVwzrrIEihYrnue+MEtdsusVWMgfCipnWzSSBzWCRlWOFNbeeJjxsnBNFbmqgfc5gBkD0nzytgivZcXhSOVHTUAZvWvDKkJxbuTv3QKZkUxkYSP5u6fxo7wDwBnYUjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AZkNXb7B0uyK/NKhFbwGylKUmGxEn3mp575L0UjyFBM=; b=Hvg7iV/2h8EVrAwRFKVqARfqr+B2mYXQgvojiz9CiriNq0ehUgSFrS2cbk7NAY1m+M7z/69++4zAjKsxL1xNFNkxTjv5OMyVtyjyfAVtk92JEPKGNlFxSMxwgcIDqwS1KfYiLRGmagYPXw7YnhmeWPBN9GiboBOfirflo9wO95WlJYVr23c5pIiQg2armh/z2bjbOM13yJOOfzPwqbvtOYzjl3iVXYGJ1YnkEBwdCPCJfY4YvjzL4fOsoMhqt5c+lGtFBsOnikTBBoSiZoiFGOvZlez/0dm/oE0QQlwkarofGuoEE0zHP1k7QWIGPYhBZJAEOnG37ebfy59ccKU38Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AZkNXb7B0uyK/NKhFbwGylKUmGxEn3mp575L0UjyFBM=; b=0VEfr1t1EgYwL6FSYsls61F/DDnEJpd9Rtkax2hUjrm4M6rzUo2FTfMxKTsanfNIDBnLq3wJXGcVMWIKQJs1BDJTWkxZpXd9pyaITT7Dzwf7HCBlkf4JD01aXsrf7USrN7iTnJU1ijogb3E91UGum/rJT35BpHWutpPNelbdNfMUr1XP36gr4CyEn1bL3qjrqKFrqltvii70jqLRdVw6gCLYki/ze9WomeahNUuc9q00ypZUGt8Boht3Xgw9jxkr9bp+eMP7ox8hkXJOqpGmh0p9ZkF/iDKHfWJTd60a+vk1WSRTrT2P4fHmm11g1va/RLWanF8dQ88N7cTKqMBEpg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) by PAXPR04MB9204.eurprd04.prod.outlook.com (2603:10a6:102:227::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Wed, 12 Oct 2022 02:24:22 +0000 Received: from DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2]) by DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2%5]) with mapi id 15.20.5709.021; Wed, 12 Oct 2022 02:24:22 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org, Andrii Nakryiko Cc: Shung-Hsi Yu , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Subject: [PATCH bpf-next v2 3/3] libbpf: fix null-pointer dereference in find_prog_by_sec_insn() Date: Wed, 12 Oct 2022 10:23:53 +0800 Message-Id: <20221012022353.7350-4-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221012022353.7350-1-shung-hsi.yu@suse.com> References: <20221012022353.7350-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: FR3P281CA0008.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::14) To DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR04MB8107:EE_|PAXPR04MB9204:EE_ X-MS-Office365-Filtering-Correlation-Id: a6a81d24-324c-4595-7de2-08daabf8dfdb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: P2hifbdKGNsEzl77RtbsYWj/Ce65d9uOELEx8rBP8/EtDiuTl09OGXlP/IkH9+y8ftWfxwkhTKh1botcjosmI+xxWELdEvsVpuAzdSN80mcef3knD/RQ7b2Czojt4bm6qLfbVa2V9UDRpgkAkoXc6526jOg+NSClQmJ1uvKLC8xldQAv0Rt2NdMTrTfyzCpDInwtef7a+RtjVkTr8DPSfOnvGCyI7IYvIJPJJhN8dFVug0cFfl5PT5fdt4jxcj87v+xNeY9z0ACK64SGQGT/pu1ecd2z1Of7OG+qCkroVFoykIghzdzPQ4tgyLRU1NbW85gmaEpQe06KiAVdvj1hfgHiV5R6Gh5H4amnP68/CfTTKe2j4kAHNXKUx70+pn1Z96DzexxgZ1Iwi64SG/Z58wL9AmnBIQy3AK4jOkloaHjGGNbEQrznTDzQmaEQtwx/foqltsb6iXOYGNPdIOp/w8ak8d7ke8+Cr9w8Zgs+4c/URcxLEPrSBzmtngxhuTkjIqRh0Dwh78V8c0ybU9VlZR+FPEjoOd1eIz9/I52coKDN7O80TEO8m2UTWs+Hwh5097hD/GGsUC77VIkZlI9LA0GlWZs4oHAZlZfXi3tt97r7qt1544OS3y54rF9vWhZHS+IHErJT5ivrxOnV8NU4mZXjE5H5qhn+1sMppqf2m4x0mWiyHuxdx5wG0OBabJqCdEAASenMateaA/AQKnCLrw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR04MB8107.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(39860400002)(396003)(136003)(376002)(346002)(366004)(451199015)(1076003)(6512007)(26005)(186003)(316002)(38100700002)(6486002)(54906003)(36756003)(478600001)(6916009)(86362001)(8676002)(6666004)(2616005)(6506007)(83380400001)(5660300002)(7416002)(4326008)(8936002)(66556008)(66946007)(66476007)(41300700001)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: QJA20/Kh+kjBwI5AUUke21AkeS9zTxzkDukS5qLoxluYEOSgl2PlG87j206aNlsLQTuFTM00em44c+eidjgTI/fa0pazgJ4EqHe575M12yw6170FBjfNhOrNKHtt+E/0xcI3GYDtaHF+YbZYL5F+9MONe7bk8v8+3858d6MwVvbummjWqRF1DHl1jYOtYwsXT4I6EfNRK2o6sRB7oZSuDvjuUEM8ou2UlPZ9ODqS5DluPFgAtFa18ZqhUuGfsB0tFfy3+QGIKcoq0yFSgn9a1wUDnxDqbvaoGp5sRlTdtDAe3FXaqfFmtAaBU8y92DB+SMu6EI49ZSUEE6EsCaOnlv8BgLCseOFAb8yFyc5iIReoVSgdHYUUNVgSikcAKMy0b+OBrXUGl4W3mfp2B2vuYuSWeAIEMH2fKdfYHdFNx3TVcnTFBho9Mljn62lhMvR7goskJbjFs8HrQeLLrI5J13lXSb7sDHd8e25STkuIwM/3Iyiyt5L5bI6CM4Olm/yR0f7u9j/gV2HWquCOhnWaLL1NTjuDcRqihNMBK6zkK9vaw2EVmLVo5rs8HdEirQErzAwDIVTWE2vbnuHrr9Ogu5tXc/lpHFQoRUiF0EPBJfToYOryetf1UDcGn2twGW0pIyIrpGl93CPRCn0sf1qV8y/VgULDY6m3JzNECYk4wCrNNaIPR06Y+aeiY7HLlKmpLlZXrsATFqnQq8LeE/co4VgIjeoIv3e0FWtsZL87Cthi9Y+qFJso6qqz7/G/GHEV0rhGIMVuMH+kWrl3vtWndtVBk8lT+xiYLTfdPe77X/ypMK9o7nzCtEWEUdN1B2Wc/AMjVgVO1I7MThfAJRzuXbq2xZl5nAJZxYg9kbyFitRiQV/NxMlZbXvkU9nStr5lv46HALP1/kYU5CqMtMqXWt6ChI2Rec4TPlbwKbR0ettG85MglF14QXkK9ae6k2Vy67zKzKhBQiv5uT0cOOMD/MHh84DuuYCa90iQwcFb7nMSNlqGEC/CZUvgjYAteuzh7fRWItHXlfQk9zdSmG4uMLyuo9CJqcdeXmoF9YmVJON9Qg6RXfwaYD0tOAMdC3xpDvIb2aFCDE8fcdNLKRjZEsLbPfwSS5Bb0vwa6o5ZxHo8PJF2IXgZOc/ka8r5fdGLs7fYyu0Tshdtdmzh0cUqtMg/+0GIoUB2IEUSt7AviVzGqPsGMaTcH1blwnW1brcShX0BFakTKWLZIdf+Ae43DPJaBBjC/awis9wpOmm3bwRXDf2XLzWOzmFKgao+s4jvKTZpC9vLonlnxFLlDvcqhvlqToJtXuRH5sn2lutvqliBQHsk3/FmFOURU9gMuysJVege4OpVKlAvQdAwY1ONy6B+omzldMH1/wdZrIIKnFh3kXBRTa6aTm6NyhVgVtblfEB0GzI/RZy/osQSw/Vq8hzx4w+93+MvV5wh4gI/HhUcE8NWbAVqRtRZSUWCcB8ZDasHx3eGziziRtwfe4NbcVO8kl6vxzVP3pYkMc868G6zmtxcyzo1uhtnfR2yK91yi3003bJj/887GzX4p2fg/91gdtKm6kQ9luQ+Q/cHhFdWq6TGrJU095ySSro0pnpI X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: a6a81d24-324c-4595-7de2-08daabf8dfdb X-MS-Exchange-CrossTenant-AuthSource: DB9PR04MB8107.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2022 02:24:22.3851 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: VuUI5ICDQF9YLNTZYU81RhX4as8asaccemqTJXZwmt0HyhAM2u+YORd6aWQ7ybBJnuzkM01OgQn6FYNZrZAV1A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9204 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net When there are no program sections, obj->programs is left unallocated, and find_prog_by_sec_insn()'s search lands on &obj->programs[0] == NULL, and will cause null-pointer dereference in the following access to prog->sec_idx. Guard the search with obj->nr_programs similar to what's being done in __bpf_program__iter() to prevent null-pointer access from happening. Fixes: db2b8b06423c ("libbpf: Support CO-RE relocations for multi-prog sections") Signed-off-by: Shung-Hsi Yu --- tools/lib/bpf/libbpf.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.37.3 diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 29e9df0c232b..8c3f236c86e4 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -4115,6 +4115,9 @@ static struct bpf_program *find_prog_by_sec_insn(const struct bpf_object *obj, int l = 0, r = obj->nr_programs - 1, m; struct bpf_program *prog; + if (!obj->nr_programs) + return NULL; + while (l < r) { m = l + (r - l + 1) / 2; prog = &obj->programs[m];