Handle the case where map/hist can be read after calling clear().

Fix a NULL-derference found by jasper@ with AFL++ (port coming soon!).

ok jasper@

diff --git a/usr.sbin/btrace/btrace.c b/usr.sbin/btrace/btrace.c
index 3fed1ee..5eca405 100644 (file)
--- a/usr.sbin/btrace/btrace.c
+++ b/usr.sbin/btrace/btrace.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: btrace.c,v 1.44 2021/09/01 08:01:09 mpi Exp $ */
+/*     $OpenBSD: btrace.c,v 1.45 2021/09/01 13:21:24 mpi Exp $ */
 
 /*
  * Copyright (c) 2019 - 2021 Martin Pieuchot <mpi@openbsd.org>
@@ -948,6 +948,10 @@ ba_read(struct bt_arg *ba)
 
        debug("bv=%p read '%s' (%p)\n", bv, bv_name(bv), bv->bv_value);
 
+       /* Handle map/hist access after clear(). */
+       if (bv->bv_value == NULL)
+               return &g_nullba;
+
        return bv->bv_value;
 }