diff options
| author | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-16 08:18:32 +0200 |
|---|---|---|
| committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-16 11:27:10 +0200 |
| commit | 825210d4e5d52655ff893d600da2d2c8e5c0c8e1 (patch) | |
| tree | 98ce965eb0b3ed93dbd2e5ec7c4aeca33bef3c2d /src/timedate | |
| parent | 3426ec8efb7f075f71768e993dfe8c3c104b68ab (diff) | |
| download | systemd-825210d4e5d52655ff893d600da2d2c8e5c0c8e1.tar.gz | |
nspawn: avoid NULL pointer dereference
When merging the settings we take the pointer to the array of extra
devices, but don't reset the array counter to zero. This later leads to
a NULL pointer dereference, where device_node_array_free() attempts to
loop over a NULL pointer:
+ systemd-nspawn --oci-bundle=/var/lib/machines/testsuite-13.oci-bundle.Npo
../src/nspawn/nspawn-settings.c:118:29: runtime error: member access within null pointer of type 'struct DeviceNode'
#0 0x4b91ee in device_node_array_free ../src/nspawn/nspawn-settings.c:118
#1 0x4ba42a in settings_free ../src/nspawn/nspawn-settings.c:161
#2 0x410b79 in settings_freep ../src/nspawn/nspawn-settings.h:249
#3 0x446ce8 in load_oci_bundle ../src/nspawn/nspawn.c:4733
#4 0x44ff42 in run ../src/nspawn/nspawn.c:5476
#5 0x455296 in main ../src/nspawn/nspawn.c:5919
#6 0x7f0cb7a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
#7 0x7f0cb7a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
#8 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/nspawn/nspawn-settings.c:118:29 in
Also, add an appropriate assert to catch such issues in the future.
Diffstat (limited to 'src/timedate')
0 files changed, 0 insertions, 0 deletions