Hdp from hdf4-tools crashes on function null pointer dereference
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libhdf4 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Hello,
Below is some description about crash, found by dynamic analysis tool Sydr (part of Crusher system) https:/
System Ubuntu 20.04.2 LTS.
Package: libhdf4_
Crash description:
(gdb) r
Starting program: /home/fedotoff/
Program received signal SIGSEGV, Segmentation fault.
0x0000000000471e18 in Hendaccess (access_
1695 ret_value = (*access_
(gdb) bt
#0 0x0000000000471e18 in Hendaccess (access_
#1 0x00000000004aacdf in Load_vfile (f=536870912) at vgp.c:440
#2 0x00000000004aa7ed in Vinitialize (f=536870912) at vgp.c:743
#3 0x000000000041d16e in NC_new_cdf (name=0x7ffffff
#4 0x00000000004233d6 in NC_open (path=0x7ffffff
#5 0x000000000042353e in ncopen (path=0x7ffffff
#6 0x0000000000429b00 in SDstart (name=0x7ffffff
#7 0x0000000000410cc7 in dsd (dumpsds_
#8 0x00000000004116d7 in do_dumpsds (curr_arg=2, argc=3, argv=0x7fffffff
#9 0x0000000000402950 in main (argc=3, argv=0x7fffffff
(gdb) p/x acce
accept accept4 access <email address hidden> access@plt access_id access_rec access_type
(gdb) p/x access_
$1 = 0x0
Here the null pointer is dereferenced due to function call.
I think, the problem is because in function HIget_function_
2615 access_
There is no assignment in cycle, so function return Null.
for (i = 0; functab[i].key != 0; i++)
{
if (access_
{
ret_value = functab[i].tab;
break; /* break out of loop */
}
}
done:
if(ret_value == NULL)
{ /* Error condition cleanup */
} /* end if */
/* Normal function cleanup */
return ret_value;
The Idea of Fix is to place assignment at line 2615 before "break" statement.
| Andrey Fedotov (fedotoff) wrote | #1 |
