[Kernel-packages] [Bug 1941975] [NEW] Several bugs of Null Pointer Dereference/Unchecked Return Value to NULL Pointer Dereference

Sat, 28 Aug 2021 18:35:49 -0700 

Public bug reported:

Ubuntu version: 18.04
bcc version:0.16.17

I found several bugs in bcc , would you help me to check if these bugs are 
true?thanks for your patience.
=============================================================================================

step  1 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  prev_mapelt   line  775 :
                 Select the false branch at this point (tail->next!=null is 
false) 

step  2 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  prev_mapelt   line  777 :
                 Return null to caller 

step  3 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  move_in_map   line  1332 :
                 Function prev_mapelt executes and stores the return value to 
prev (prev can be null) 

step  4 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  move_in_map   line  1333 :
                 Store this->next to prev->next 
==============================================================================================

step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1403 :
                 Allocate memory to rv (lacking failure check, 7 out of 19 
memory allocations checked failures) 

step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1403 :
                 Store 0 to rv 


=============================================================================================

step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1403 :
                 Allocate memory to rv (lacking failure check, 7 out of 19 
memory allocations checked failures) 

step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1457 :
                 Select the false branch at this point 
((cc.0.ph.lcssa25+2)>len.0.ph.ph is false) 

step  3 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1458 :
                 Store *(data_str) to rv[cc] 


===============================================================================================

step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1271 :
                 Allocate memory to arg_list (lacking failure check, 7 out of 
19 memory allocations checked failures) 

step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1272 :
                 arg_list is used as the 1st parameter in function memset 
(arg_list can be null) 


===============================================================================================

step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1271 :
                 Allocate memory to arg_list (lacking failure check, 7 out of 
19 memory allocations checked failures) 

step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1277 :
                 Load value from arg_list[ac.0].name 


=============================================================================================

** Affects: linux86 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux86 in Ubuntu.
https://bugs.launchpad.net/bugs/1941975

Title:
  Several bugs of Null Pointer Dereference/Unchecked Return Value to
  NULL Pointer Dereference

Status in linux86 package in Ubuntu:
  New

Bug description:
  Ubuntu version: 18.04
  bcc version:0.16.17

  I found several bugs in bcc , would you help me to check if these bugs are 
true?thanks for your patience.
  
=============================================================================================

  step  1 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  prev_mapelt   line  775 :
                 Select the false branch at this point (tail->next!=null is 
false) 

  step  2 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  prev_mapelt   line  777 :
                 Return null to caller 

  step  3 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  move_in_map   line  1332 :
                 Function prev_mapelt executes and stores the return value to 
prev (prev can be null) 

  step  4 : 
         In file  build/ar/ar.c(build is directory generated by configure) , 
function  move_in_map   line  1333 :
                 Store this->next to prev->next 
  
==============================================================================================

  step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1403 :
                 Allocate memory to rv (lacking failure check, 7 out of 19 
memory allocations checked failures) 

  step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1403 :
                 Store 0 to rv 

  
  
=============================================================================================

  step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1403 :
                 Allocate memory to rv (lacking failure check, 7 out of 19 
memory allocations checked failures) 

  step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1457 :
                 Select the false branch at this point 
((cc.0.ph.lcssa25+2)>len.0.ph.ph is false) 

  step  3 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  insert_substrings   line  1458 :
                 Store *(data_str) to rv[cc] 

  
  
===============================================================================================

  step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1271 :
                 Allocate memory to arg_list (lacking failure check, 7 out of 
19 memory allocations checked failures) 

  step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1272 :
                 arg_list is used as the 1st parameter in function memset 
(arg_list can be null) 

  
  
===============================================================================================

  step  1 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1271 :
                 Allocate memory to arg_list (lacking failure check, 7 out of 
19 memory allocations checked failures) 

  step  2 : 
         In file  build/cpp/cpp.c(build is directory generated by configure) , 
function  gen_substrings   line  1277 :
                 Load value from arg_list[ac.0].name 

  
  
=============================================================================================

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux86/+bug/1941975/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to