On Thu, 14 Feb 2019 18:58:46 +0000
Peter Maydell <peter.mayd...@linaro.org> wrote:
Hi
> Hi; Coverity detected an issue in contrib/elf2dmp/main.c (CID
> 1398641). In this loop:
>
> for (; KernBase >= 0xfffff78000000000; KernBase -= PAGE_SIZE) {
> nt_start_addr = va_space_resolve(&vs, KernBase);
> if (!nt_start_addr) {
> continue;
> }
>
> if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
> break;
> }
> }
>
> we might end exiting with nt_start_addr == NULL, if we go all
> the way through the address range without finding anything
> and the loop terminates via the "KernBase >= 0xfffff78000000000"
> condition.
>
> However, we don't check for this, so we will then segfault
> in pe_get_pdb_symstore_hash(), which assumes it's passed a non-NULL
> address.
>
> I guess we should be checking for nt_start_addr == NULL at the
> end of the loop and treating it as a fatal error?
You're right. I will make a fix.
>
> thanks
> -- PMM
--
Viktor Prutyanov
