dynamips icon indicating copy to clipboard operation
dynamips copied to clipboard

Published 20 hours ago verified publisher icon GNS3

Null pointer dereference

Open ash1852 opened this issue 2 years ago • 1 comments

hello, I found a bug of null-pointer-dereference in the source code of dynamips , would you help me check if this bug is true?Thank you very much! here is an overview of bug occurrence. image step1: in file dynamips/common/rom2c.c, line 63: call elf32_getehdr and load its return value to ehdr(addtionally,img_elf is guaranteed not to be null according to line 46) image

step2: in file libelf/elf32_getehdr.c, line 92: call getehdr_impl, img_elf is used as the 1st parameter image

step3: in file libelf/elf32_getehdr.c, line 53/71: there are two paths that may return null(though with low possibility) image

step4: in file libelf/elf32_getehdr.c, line 95: return result to caller which can be null image

step5: in file dynamips/common/rom2c.c, line 63: load return value of elf32_getehdr to ehdr which can be null image step6: in file dynamips/common/rom2c.c, line 74: derefer ehdr without check if ehdr is null image

ash1852 avatar Dec 09 '21 12:12 ash1852

is this bug is true? or false.looking forward to your reply.

ash1852 avatar Dec 17 '21 03:12 ash1852