libdw: aggregate_size check NULL result from get_type.

aggregate_size can be called recursively with the result of get_type.
get_type can return NULL when dwarf_peel_type fails. Found by afl-fuzz.

dwarf_aggregate_size when called directly doesn't need a NULL check
because it calls and checks the result of dwarf_peel_type directly.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index bed6379..1e41e72 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,7 @@
+2018-06-18  Mark Wielaard  <mark@klomp.org>
+
+       * dwarf_aggregate_size.c (aggregate_size): Check die is not NULL.
+
 2018-06-17  Luiz Angelo Daros de Luca  <luizluca@gmail.com>
 
        * dwarf_getsrclines.c (read_srclines): Intialize filelist early.

diff --git a/libdw/dwarf_aggregate_size.c b/libdw/dwarf_aggregate_size.c
index 6e50185..d20db71 100644 (file)
--- a/libdw/dwarf_aggregate_size.c
+++ b/libdw/dwarf_aggregate_size.c
@@ -171,6 +171,9 @@ aggregate_size (Dwarf_Die *die, Dwarf_Word *size, Dwarf_Die *type_mem)
 {
   Dwarf_Attribute attr_mem;
 
+  if (die == NULL)
+    return -1;
+
   if (INTUSE(dwarf_attr_integrate) (die, DW_AT_byte_size, &attr_mem) != NULL)
     return INTUSE(dwarf_formudata) (&attr_mem, size);