From: mpi <mpi@openbsd.org>
Date: Wed, 1 Sep 2021 13:21:24 +0000 (+0000)
Subject: Handle the case where map/hist can be read after calling clear().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b303712a159492116e6aa272420baeefcb6377f4;p=openbsd

Handle the case where map/hist can be read after calling clear().

Fix a NULL-derference found by jasper@ with AFL++ (port coming soon!).

ok jasper@
---

diff --git a/usr.sbin/btrace/btrace.c b/usr.sbin/btrace/btrace.c
index 3fed1ee26e4..5eca405bcfc 100644
--- a/usr.sbin/btrace/btrace.c
+++ b/usr.sbin/btrace/btrace.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: btrace.c,v 1.44 2021/09/01 08:01:09 mpi Exp $ */
+/*	$OpenBSD: btrace.c,v 1.45 2021/09/01 13:21:24 mpi Exp $ */
 
 /*
  * Copyright (c) 2019 - 2021 Martin Pieuchot <mpi@openbsd.org>
@@ -948,6 +948,10 @@ ba_read(struct bt_arg *ba)
 
 	debug("bv=%p read '%s' (%p)\n", bv, bv_name(bv), bv->bv_value);
 
+	/* Handle map/hist access after clear(). */
+	if (bv->bv_value == NULL)
+		return &g_nullba;
+
 	return bv->bv_value;
 }