[PATCH] scr: fix DEREF_OF_NULL.RET.STAT in ar.c

Thu, 13 Feb 2025 07:01:29 -0800 

Report of the static analyzer:
1. DEREF_OF_NULL.RET Pointer, returned from function 'elf_getarhdr' at 
ar.c:498, may be NULL and is dereferenced at ar.c:500.
2. DEREF_OF_NULL.RET Pointer, returned from function 'elf_getarhdr' at 
ar.c:940, may be NULL and is dereferenced at ar.c:943
3. DEREF_OF_NULL.RET Pointer, returned from function 'elf_getarhdr' at 
ar.c:1147, may be NULL and is dereferenced at ar.c:1150.
4. DEREF_OF_NULL.RET.STAT Return value of a function 'elf_rawfile' is 
dereferenced at ar.c:857 without checking for NULL, but it is usually checked 
for this function (4/5)

Corrections explained:
Added check if (arhdr == NULL) goto next;

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.morya...@gmail.com>

---
 src/ar.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/ar.c b/src/ar.c
index 9ace28b9..4b90115d 100644
--- a/src/ar.c
+++ b/src/ar.c
@@ -498,6 +498,9 @@ do_oper_extract (int oper, const char *arfname, char 
**argv, int argc,
   while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
     {
       Elf_Arhdr *arhdr = elf_getarhdr (subelf);
+         
+         if (arhdr == NULL)
+       goto next;
 
       if (strcmp (arhdr->ar_name, "/") == 0)
        {
@@ -860,6 +863,9 @@ write_member (struct armem *memb, off_t *startp, off_t 
*lenp, Elf *elf,
     {
       /* In case of a long file name we assume the archive header
         changed and we write it here.  */
+        
+         if (arhdr == NULL)
+       goto next;
       memcpy (&arhdr, elf_rawfile (elf, NULL) + *startp, sizeof (arhdr));
 
       snprintf (tmpbuf, sizeof (tmpbuf), "/%-*ld",
@@ -943,6 +949,9 @@ do_oper_delete (const char *arfname, char **argv, int argc,
   while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
     {
       Elf_Arhdr *arhdr = elf_getarhdr (subelf);
+         
+         if (arhdr == NULL)
+       goto next;
 
       /* Ignore the symbol table and the long file name table here.  */
       if (strcmp (arhdr->ar_name, "/") == 0
@@ -1152,6 +1161,9 @@ do_oper_insert (int oper, const char *arfname, char 
**argv, int argc,
   while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
     {
       Elf_Arhdr *arhdr = elf_getarhdr (subelf);
+         
+         if (arhdr == NULL)
+       goto next;
 
       /* Ignore the symbol table and the long file name table here.  */
       if (strcmp (arhdr->ar_name, "/") == 0
-- 
2.30.2

Reply via email to