From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 3587 invoked from network); 12 Jan 2021 08:58:30 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 12 Jan 2021 08:58:30 -0000 Received: (qmail 21554 invoked by uid 550); 12 Jan 2021 08:58:28 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 21535 invoked from network); 12 Jan 2021 08:58:28 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Mdg1QkAicevYi1yNU5xe+QuCYLHrJZATwmU3MnSVtmw=; b=SyXQCy4u3k8ZU31y5SKCxvCIMRj8eYnr+h3Vl/xe3L1IcfMKuhsRIo5tBtxgjUiljc ftNW/e3P6nHgCnTjUnTG0t3p/EiYFma6L+9pmt9o7Veuzc5b0/kEnc5HXkBVX5sXIKeE op/S7D4sgdj6Mvr3UqtOG9TFQHh8nMUlzro0pW3+BQCLrNhASUtr33gZDa4Y7TwZLi8r h/OQ2zP6ugReMr390XIhjjrhfNsktVkhm+4vCdaVC0yn0QqGx7/eWs2qkFAs3wjGDaXP XD8Pl6voEPdEuxGhjzfaa1Hofrq0C25P5yJLEOax8PqXgIukf/xLvC2V6Cy7+03/zOrf 32SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Mdg1QkAicevYi1yNU5xe+QuCYLHrJZATwmU3MnSVtmw=; b=BreUGnD2A7mgj1WhYvTpANDf2os4R/loftqNC3EVat67oeP0Fno0Tp+rjOWCW0WP3w kFwg1UQb9wgptEqZRez2BKG7HJ7HdiB/+y7eJ/6P/hNRP2K7v/Q6qn0EgALNt2ZFGjTM X42bLREv/+uuPU4PXFsBViFpZlDlWq+EcKPd3EbElLT7E2Ym9TYqqXCc909uPVSRuBDE gCWq5JWs4Pe21aTYs1J7+f/suP+i0OjbXilB29snZM1UY19/PD9x71lXSzrrJtCbhbG6 en2ukwjhSpKzI8+VOZ0xGlapW3k1IJElUIz8EaD98j+gIv+zDMHeC93Wx0/ey2/pKOHI xn/g== X-Gm-Message-State: AOAM530sEApcZeV2bBjYFblQ69NcwFauOkj/vDFPAssK2JHGrIClx5E7 TIHhvaFPtn816C60q0EyiY54zQEchC6+qrVe8E0ObMDxiFGqFg== X-Google-Smtp-Source: ABdhPJz8R57ov6H7hLcbj5JW0g+ZXETA5DuZeuyD1OMuGL+zb59rVQgaNXEymynAu0i16EF12mPpHX1YoUidL9ad+Mo= X-Received: by 2002:aed:208f:: with SMTP id 15mr3509978qtb.290.1610441896279; Tue, 12 Jan 2021 00:58:16 -0800 (PST) MIME-Version: 1.0 References: <20210112074221.58076-1-zhuyan34@huawei.com> In-Reply-To: From: Fangrui Song Date: Tue, 12 Jan 2021 00:58:05 -0800 Message-ID: To: musl@lists.openwall.com Cc: Zengweilin , "liucheng (G)" , "chenzefeng (A)" Content-Type: text/plain; charset="UTF-8" Subject: Re: [musl] [PATCH] fix segfault in getitimer when old argument is NULL On Mon, Jan 11, 2021 at 11:57 PM zhuyan (M) wrote: > > > When old is NULL, call old->it_interval.tv_sec to dereference a null pointer in getitimer. > > The commit 558c01338b0b635632e70af6ec8a484ca70b0328 introduces this problem. > > Signed-off-by: Qing Wu > Signed-off-by: Yan Zhu > --- > src/signal/getitimer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/signal/getitimer.c b/src/signal/getitimer.c index 36d1eb9d..f6fde204 100644 > --- a/src/signal/getitimer.c > +++ b/src/signal/getitimer.c > @@ -6,7 +6,7 @@ int getitimer(int which, struct itimerval *old) > if (sizeof(time_t) > sizeof(long)) { > long old32[4]; > int r = __syscall(SYS_getitimer, which, old32); > - if (!r) { > + if (!r && old) { > old->it_interval.tv_sec = old32[0]; > old->it_interval.tv_usec = old32[1]; > old->it_value.tv_sec = old32[2]; > -- > 2.12.3 > Null old is not sensible. POSIX and the Linux manpage say "The getitimer() function shall store the current value of the timer specified by which into the structure pointed to by value." NULL is not a valid structure. musl does not need to work around application bugs.