Commit 88918dc1 authored Nov 03, 2021 by Andrii Nakryiko Committed by Alexei Starovoitov Nov 03, 2021

libbpf: Improve sanity checking during BTF fix up



If BTF is corrupted DATASEC's variable type ID might be incorrect.
Prevent this easy to detect situation with extra NULL check.
Reported by oss-fuzz project.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20211103173213.1376990-3-andrii@kernel.org

parent 83390787

tools/lib/bpf/libbpf.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -2752,13 +2752,12 @@ static int btf_fixup_datasec(struct bpf_object obj, struct btf btf,

		for (i = 0, vsi = btf_var_secinfos(t); i < vars; i++, vsi++) {
		t_var = btf__type_by_id(btf, vsi->type);
		var = btf_var(t_var);

		if (!btf_is_var(t_var)) {
		if (!t_var \|\| !btf_is_var(t_var)) {
		pr_debug("Non-VAR type seen in section %s\n", name);
		return -EINVAL;
		}

		var = btf_var(t_var);
		if (var->linkage == BTF_VAR_STATIC)
		continue;