Several bugs of Null Pointer Dereference/Unchecked Return Value to NULL Pointer Dereference
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux86 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Ubuntu version: 18.04
bcc version:0.16.17
I found several bugs in bcc , would you help me to check if these bugs are true?thanks for your patience.
=======
step 1 :
In file build/ar/ar.c(build is directory generated by configure) , function prev_mapelt line 775 :
Select the false branch at this point (tail->next!=null is false)
step 2 :
In file build/ar/ar.c(build is directory generated by configure) , function prev_mapelt line 777 :
Return null to caller
step 3 :
In file build/ar/ar.c(build is directory generated by configure) , function move_in_map line 1332 :
Function prev_mapelt executes and stores the return value to prev (prev can be null)
step 4 :
In file build/ar/ar.c(build is directory generated by configure) , function move_in_map line 1333 :
Store this->next to prev->next
=======
step 1 :
In file build/cpp/
Allocate memory to rv (lacking failure check, 7 out of 19 memory allocations checked failures)
step 2 :
In file build/cpp/
Store 0 to rv
=======
step 1 :
In file build/cpp/
Allocate memory to rv (lacking failure check, 7 out of 19 memory allocations checked failures)
step 2 :
In file build/cpp/
Select the false branch at this point ((cc.0.
step 3 :
In file build/cpp/
Store *(data_str) to rv[cc]
=======
step 1 :
In file build/cpp/
Allocate memory to arg_list (lacking failure check, 7 out of 19 memory allocations checked failures)
step 2 :
In file build/cpp/
arg_list is used as the 1st parameter in function memset (arg_list can be null)
=======
step 1 :
In file build/cpp/
Allocate memory to arg_list (lacking failure check, 7 out of 19 memory allocations checked failures)
step 2 :
In file build/cpp/
Load value from arg_list[ac.0].name
=======