From b303712a159492116e6aa272420baeefcb6377f4 Mon Sep 17 00:00:00 2001 From: mpi Date: Wed, 1 Sep 2021 13:21:24 +0000 Subject: [PATCH] Handle the case where map/hist can be read after calling clear(). Fix a NULL-derference found by jasper@ with AFL++ (port coming soon!). ok jasper@ --- usr.sbin/btrace/btrace.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr.sbin/btrace/btrace.c b/usr.sbin/btrace/btrace.c index 3fed1ee26e4..5eca405bcfc 100644 --- a/usr.sbin/btrace/btrace.c +++ b/usr.sbin/btrace/btrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: btrace.c,v 1.44 2021/09/01 08:01:09 mpi Exp $ */ +/* $OpenBSD: btrace.c,v 1.45 2021/09/01 13:21:24 mpi Exp $ */ /* * Copyright (c) 2019 - 2021 Martin Pieuchot @@ -948,6 +948,10 @@ ba_read(struct bt_arg *ba) debug("bv=%p read '%s' (%p)\n", bv, bv_name(bv), bv->bv_value); + /* Handle map/hist access after clear(). */ + if (bv->bv_value == NULL) + return &g_nullba; + return bv->bv_value; } -- 2.20.1