From 02c48ac64ee068e9a72d987996f3cbf5213ee13a Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mjw@redhat.com>
Date: Thu, 11 Feb 2016 13:20:59 +0100
Subject: [PATCH] libdwfl: Check result of gelf_get* calls in relocate.c

For corrupted ELF files gelf_get calls might fail in which case it
is better to immediately return an error instead of using the NULL
result and crashing.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libdwfl/ChangeLog  |  6 ++++++
 libdwfl/relocate.c | 26 ++++++++++++++++++++------
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index e92372a..cc8eec7 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,5 +1,11 @@
 2016-02-11  Mark Wielaard  <mjw@redhat.com>
 
+	* relocate.c (relocate_section): Check result of all gelf_get* calls.
+	(__libdwfl_relocate): Likewise.
+	(__libdwfl_relocate_section): Likewise.
+
+2016-02-11  Mark Wielaard  <mjw@redhat.com>
+
 	* relocate.c (relocate_section): Check result of gelf_update_* calls.
 
 2016-01-08  Mark Wielaard  <mjw@redhat.com>
diff --git a/libdwfl/relocate.c b/libdwfl/relocate.c
index 920ead2..a44126e 100644
--- a/libdwfl/relocate.c
+++ b/libdwfl/relocate.c
@@ -671,6 +671,8 @@ relocate_section (Dwfl_Module *mod, Elf *relocated, const GElf_Ehdr *ehdr,
 	      {
 		GElf_Rel rel_mem;
 		GElf_Rel *r = gelf_getrel (reldata, relidx, &rel_mem);
+		if (unlikely (r == NULL))
+		  return DWFL_E_LIBELF;
 		if (r->r_info != 0 || r->r_offset != 0)
 		  {
 		    if (next != relidx)
@@ -684,6 +686,8 @@ relocate_section (Dwfl_Module *mod, Elf *relocated, const GElf_Ehdr *ehdr,
 	      {
 		GElf_Rela rela_mem;
 		GElf_Rela *r = gelf_getrela (reldata, relidx, &rela_mem);
+		if (unlikely (r == NULL))
+		  return DWFL_E_LIBELF;
 		if (r->r_info != 0 || r->r_offset != 0 || r->r_addend != 0)
 		  {
 		    if (next != relidx)
@@ -729,6 +733,8 @@ __libdwfl_relocate (Dwfl_Module *mod, Elf *debugfile, bool debug)
     {
       GElf_Shdr shdr_mem;
       GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
+      if (unlikely (shdr == NULL))
+	return DWFL_E_LIBELF;
 
       if ((shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
 	  && shdr->sh_size != 0)
@@ -762,10 +768,18 @@ __libdwfl_relocate_section (Dwfl_Module *mod, Elf *relocated,
   if (elf_getshdrstrndx (relocated, &shstrndx) < 0)
     return DWFL_E_LIBELF;
 
-  return (__libdwfl_module_getebl (mod)
-	  ?: relocate_section (mod, relocated,
-			       gelf_getehdr (relocated, &ehdr_mem), shstrndx,
-			       &reloc_symtab,
-			       relocscn, gelf_getshdr (relocscn, &shdr_mem),
-			       tscn, false, partial));
+  Dwfl_Error result = __libdwfl_module_getebl (mod);
+  if (unlikely (result != DWFL_E_NOERROR))
+    return result;
+
+  GElf_Ehdr *ehdr = gelf_getehdr (relocated, &ehdr_mem);
+  if (unlikely (ehdr == NULL))
+    return DWFL_E_LIBELF;
+
+  GElf_Shdr *shdr = gelf_getshdr (relocscn, &shdr_mem);
+  if (unlikely (shdr == NULL))
+    return DWFL_E_LIBELF;
+
+  return relocate_section (mod, relocated, ehdr, shstrndx, &reloc_symtab,
+			   relocscn, shdr, tscn, false, partial);
 }
-- 
2.7.4