From: Ivan Maidanski <ivmai@mail.ru>
Date: Fri, 6 Apr 2018 16:07:50 +0000 (+0300)
Subject: Fix null dereference in print_callers on backtrace_symbols failure
X-Git-Tag: v7.6.6~16
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=118e7689a7b7ea47d595f1181d648dd8a29959f8;p=gc

Fix null dereference in print_callers on backtrace_symbols failure

* os_dep.c [NEED_CALLINFO && GC_HAVE_BUILTIN_BACKTRACE
&& !GC_BACKTRACE_SYMBOLS_BROKEN] (GC_print_callers): If sym_name is
NULL then print info[i].ci_pc to buf and set name to buf (instead of
to sym_name[0]).
* os_dep.c [NEED_CALLINFO && GC_HAVE_BUILTIN_BACKTRACE
&& !GC_BACKTRACE_SYMBOLS_BROKEN] (GC_print_callers): Do not call
free(sym_name) if sym_name is NULL.
---

diff --git a/os_dep.c b/os_dep.c
index a7533a99..7ae84d37 100644
--- a/os_dep.c
+++ b/os_dep.c
@@ -4613,18 +4613,22 @@ GC_INNER void GC_print_callers(struct callinfo info[NFRAMES])
             continue;
         }
         {
+          char buf[40];
+          char *name;
 #         if defined(GC_HAVE_BUILTIN_BACKTRACE) \
              && !defined(GC_BACKTRACE_SYMBOLS_BROKEN)
             char **sym_name =
               backtrace_symbols((void **)(&(info[i].ci_pc)), 1);
-            char *name = sym_name[0];
-#         else
-            char buf[40];
-            char *name = buf;
+            if (sym_name != NULL) {
+              name = sym_name[0];
+            } else
+#         endif
+          /* else */ {
             (void)snprintf(buf, sizeof(buf), "##PC##= 0x%lx",
                            (unsigned long)info[i].ci_pc);
             buf[sizeof(buf) - 1] = '\0';
-#         endif
+            name = buf;
+          }
 #         if defined(LINUX) && !defined(SMALL_CONFIG)
             /* Try for a line number. */
             {
@@ -4718,7 +4722,8 @@ GC_INNER void GC_print_callers(struct callinfo info[NFRAMES])
           GC_err_printf("\t\t%s\n", name);
 #         if defined(GC_HAVE_BUILTIN_BACKTRACE) \
              && !defined(GC_BACKTRACE_SYMBOLS_BROKEN)
-            free(sym_name);  /* May call GC_[debug_]free; that's OK */
+            if (sym_name != NULL)
+              free(sym_name);   /* May call GC_[debug_]free; that's OK  */
 #         endif
         }
     }